Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat

weetabix · 16.11.2011, 18:46

Ok - einmal der OTL:

Code:

ATTFilter

OTL logfile created on: 16.11.2011 17:53:29 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,42 Mb Total Physical Memory | 233,35 Mb Available Physical Memory | 22,82% Memory free
2,40 Gb Paging File | 1,69 Gb Available in Paging File | 70,44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 127,99 Gb Total Space | 78,89 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
 
Computer Name: ***-6154616FC9 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.13 15:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe
PRC - [2011.10.31 13:09:09 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.10.31 13:09:08 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.10.05 09:18:07 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.05 09:17:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.24 14:52:00 | 000,307,200 | ---- | M] () -- C:\Programme\Connection Manager\sysctrl.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.31 13:09:24 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011.10.31 13:09:22 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011.10.31 13:07:31 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011.10.11 14:50:10 | 000,193,904 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011.10.11 14:50:08 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011.10.05 09:18:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.08.18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2010.11.17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2008.07.24 14:52:00 | 000,307,200 | ---- | M] () -- C:\Programme\Connection Manager\sysctrl.exe
MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006.10.26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006.10.26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.31 13:09:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.31 13:09:27 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.09.18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.09.15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.08.18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.26 19:20:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 15:33:02 | 000,094,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005.05.12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Append to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95701F45-94EB-45E9-97A3-26922D8D4750}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.15 19:02:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell - "" = AutoRun
O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.15 18:42:37 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.11.14 20:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\CCleaner
[2011.11.14 20:12:54 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.11.14 20:11:51 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\ccsetup312.exe
[2011.11.13 15:39:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe
[2011.11.13 15:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.11.13 14:43:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Malwarebytes
[2011.11.13 14:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.13 14:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
[2011.11.13 14:42:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.13 14:42:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.10.31 13:24:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft
[2011.10.31 13:09:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Glary Utilities
[2011.10.31 13:08:49 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2011.10.31 13:08:14 | 006,401,096 | ---- | C] (Glarysoft Ltd                                               ) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\gusetup_slim238.exe
[2011.10.31 13:02:36 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.10.31 13:02:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Lavasoft
[2011.10.30 16:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\vlc
[2011.10.30 16:10:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\VideoLAN
[2011.10.30 16:09:39 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2011.10.30 15:56:56 | 000,000,000 | ---D | C] -- C:\Programme\FLV Player
[2008.10.27 10:38:54 | 000,095,056 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll
[2008.10.27 10:37:34 | 001,692,496 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll
[2008.10.27 10:36:58 | 000,526,160 | ---- | C] (Microsoft Corporation) -- C:\Programme\DXSETUP.exe
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.16 17:40:28 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.11.16 17:40:06 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.11.16 17:39:24 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011.11.16 17:39:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.16 17:39:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.14 20:49:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.11.14 20:12:57 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\CCleaner.lnk
[2011.11.14 20:12:03 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\ccsetup312.exe
[2011.11.14 16:48:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.11.14 16:48:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.11.13 15:43:57 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\s1usdy6y.exe
[2011.11.13 15:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe
[2011.11.13 14:42:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 22:23:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.03 16:34:00 | 000,240,640 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Vorlage V3.6_soeren.dot
[2011.10.31 21:41:08 | 000,257,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\v117935_pdf[1].pdf
[2011.10.31 13:44:42 | 000,094,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.31 13:09:27 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.10.31 13:09:26 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.10.31 13:09:03 | 000,000,713 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Glary Utilities.lnk
[2011.10.31 13:08:14 | 006,401,096 | ---- | M] (Glarysoft Ltd                                               ) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\gusetup_slim238.exe
[2011.10.31 13:02:58 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2011.10.31 10:57:27 | 000,001,817 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK
[2011.10.30 16:10:23 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011.10.30 12:47:41 | 000,479,008 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.10.30 12:47:41 | 000,437,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.30 12:47:41 | 000,092,414 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.10.30 12:47:41 | 000,069,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.27 20:16:45 | 000,004,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\keyfile3.drm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.14 20:12:57 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\CCleaner.lnk
[2011.11.13 15:43:56 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\s1usdy6y.exe
[2011.11.13 14:42:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 16:34:00 | 000,240,640 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Vorlage V3.6_soeren.dot
[2011.11.03 15:31:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.11.03 15:31:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.10.31 21:41:08 | 000,257,440 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\v117935_pdf[1].pdf
[2011.10.31 16:33:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.10.31 13:09:11 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011.10.31 13:09:03 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Glary Utilities.lnk
[2011.10.31 13:03:21 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.10.31 13:02:58 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2011.10.31 10:57:27 | 000,001,817 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK
[2011.10.30 16:10:23 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011.09.10 23:36:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.01.10 20:04:21 | 000,113,591 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011.01.10 20:04:21 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011.01.01 12:15:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2010.10.05 21:10:16 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2010.09.03 16:44:55 | 000,004,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\keyfile3.drm
[2009.03.29 15:27:33 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.03.24 20:23:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.03.24 20:20:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.23 20:20:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.03.22 15:36:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.22 15:36:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.21 23:15:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.03.21 20:39:38 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.19 22:14:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009.03.19 22:14:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1230.ini
[2009.03.19 21:55:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2009.03.19 21:55:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009.03.19 21:55:55 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2009.03.19 21:52:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.03.19 21:52:23 | 000,000,453 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009.03.19 21:52:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.03.19 21:52:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.03.19 21:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.03.19 21:36:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.03.19 21:35:05 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.02.18 14:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.02.18 14:44:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.02.18 14:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.02.18 14:44:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.02.18 14:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.02.18 14:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.02.18 14:44:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.02.18 14:44:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.10.27 10:38:20 | 013,265,184 | ---- | C] () -- C:\Programme\dxnt.cab
[2008.10.27 10:38:20 | 004,163,646 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab
[2008.10.27 10:38:20 | 001,907,944 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab
[2008.10.27 10:38:20 | 001,803,074 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab
[2008.10.27 10:38:18 | 001,801,176 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab
[2008.10.27 10:38:18 | 001,795,100 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab
[2008.10.27 10:38:18 | 001,793,624 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab
[2008.10.27 10:38:18 | 001,770,878 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab
[2008.10.27 10:38:18 | 001,710,376 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab
[2008.10.27 10:38:18 | 001,709,168 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab
[2008.10.27 10:38:18 | 001,608,374 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab
[2008.10.27 10:38:16 | 001,608,790 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab
[2008.10.27 10:38:16 | 001,608,302 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab
[2008.10.27 10:38:16 | 001,607,055 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab
[2008.10.27 10:38:16 | 001,575,392 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab
[2008.10.27 10:38:16 | 001,572,170 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab
[2008.10.27 10:38:14 | 001,551,228 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab
[2008.10.27 10:38:14 | 001,465,688 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab
[2008.10.27 10:38:14 | 001,464,894 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab
[2008.10.27 10:38:14 | 001,413,918 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab
[2008.10.27 10:38:14 | 001,363,812 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab
[2008.10.27 10:38:14 | 001,358,992 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab
[2008.10.27 10:38:12 | 001,444,298 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab
[2008.10.27 10:38:12 | 001,398,846 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab
[2008.10.27 10:38:12 | 001,351,558 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab
[2008.10.27 10:38:10 | 001,348,370 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab
[2008.10.27 10:38:10 | 001,337,018 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab
[2008.10.27 10:38:10 | 001,248,515 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab
[2008.10.27 10:38:10 | 001,156,507 | ---- | C] () -- C:\Programme\BDANT.cab
[2008.10.27 10:38:10 | 001,128,233 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab
[2008.10.27 10:38:10 | 001,116,237 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab
[2008.10.27 10:38:10 | 001,080,472 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab
[2008.10.27 10:38:08 | 001,085,736 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab
[2008.10.27 10:38:08 | 001,079,978 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab
[2008.10.27 10:38:08 | 001,078,660 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab
[2008.10.27 10:38:08 | 001,065,941 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab
[2008.10.27 10:38:08 | 001,014,241 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab
[2008.10.27 10:38:08 | 000,995,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab
[2008.10.27 10:38:08 | 000,122,810 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab
[2008.10.27 10:38:08 | 000,097,833 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab
[2008.10.27 10:38:08 | 000,094,750 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab
[2008.10.27 10:38:04 | 000,976,164 | ---- | C] () -- C:\Programme\BDAXP.cab
[2008.10.27 10:38:04 | 000,966,445 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab
[2008.10.27 10:38:04 | 000,917,446 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab
[2008.10.27 10:38:04 | 000,868,844 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab
[2008.10.27 10:38:04 | 000,868,628 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab
[2008.10.27 10:38:04 | 000,865,616 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab
[2008.10.27 10:38:04 | 000,853,302 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab
[2008.10.27 10:38:04 | 000,850,935 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab
[2008.10.27 10:38:04 | 000,096,053 | ---- | C] () -- C:\Programme\dxupdate.cab
[2008.10.27 10:38:04 | 000,094,144 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab
[2008.10.27 10:38:04 | 000,055,538 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab
[2008.10.27 10:38:04 | 000,045,464 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab
[2008.10.27 10:38:02 | 000,850,183 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab
[2008.10.27 10:38:02 | 000,845,900 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab
[2008.10.27 10:38:02 | 000,819,276 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab
[2008.10.27 10:38:02 | 000,094,028 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab
[2008.10.27 10:38:02 | 000,093,700 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab
[2008.10.27 10:38:02 | 000,088,158 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab
[2008.10.27 10:38:02 | 000,088,117 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab
[2008.10.27 10:38:02 | 000,087,053 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab
[2008.10.27 10:38:02 | 000,056,170 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab
[2008.10.27 10:38:02 | 000,056,074 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab
[2008.10.27 10:38:02 | 000,054,318 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab
[2008.10.27 10:38:02 | 000,047,160 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab
[2008.10.27 10:38:02 | 000,047,074 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab
[2008.10.27 10:38:02 | 000,046,375 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab
[2008.10.27 10:38:02 | 000,022,921 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab
[2008.10.27 10:38:02 | 000,022,867 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab
[2008.10.27 10:38:02 | 000,019,512 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab
[2008.10.27 10:38:00 | 000,804,900 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab
[2008.10.27 10:38:00 | 000,797,883 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab
[2008.10.27 10:38:00 | 000,700,060 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab
[2008.10.27 10:38:00 | 000,699,628 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab
[2008.10.27 10:38:00 | 000,047,026 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab
[2008.10.27 10:38:00 | 000,022,883 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab
[2008.10.27 10:37:58 | 000,699,488 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab
[2008.10.27 10:37:58 | 000,696,881 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab
[2008.10.27 10:37:58 | 000,272,384 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab
[2008.10.27 10:37:58 | 000,270,858 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab
[2008.10.27 10:37:58 | 000,270,644 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab
[2008.10.27 10:37:54 | 000,274,976 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab
[2008.10.27 10:37:54 | 000,273,627 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab
[2008.10.27 10:37:52 | 000,270,040 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab
[2008.10.27 10:37:52 | 000,252,210 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab
[2008.10.27 10:37:52 | 000,227,266 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab
[2008.10.27 10:37:52 | 000,199,112 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab
[2008.10.27 10:37:50 | 000,213,823 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab
[2008.10.27 10:37:50 | 000,198,138 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab
[2008.10.27 10:37:50 | 000,193,491 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab
[2008.10.27 10:37:48 | 000,197,778 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab
[2008.10.27 10:37:48 | 000,196,782 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab
[2008.10.27 10:37:48 | 000,195,691 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab
[2008.10.27 10:37:48 | 000,192,736 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab
[2008.10.27 10:37:48 | 000,183,919 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab
[2008.10.27 10:37:48 | 000,183,377 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab
[2008.10.27 10:37:46 | 000,181,801 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab
[2008.10.27 10:37:46 | 000,180,149 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab
[2008.10.27 10:37:46 | 000,179,375 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab
[2008.10.27 10:37:46 | 000,154,028 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab
[2008.10.27 10:37:44 | 000,153,925 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab
[2008.10.27 10:37:44 | 000,152,241 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab
[2008.10.27 10:37:42 | 000,149,280 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab
[2008.10.27 10:37:42 | 000,148,999 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab
[2008.10.27 10:37:42 | 000,146,615 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab
[2008.10.27 10:37:42 | 000,139,033 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab
[2008.10.27 10:37:42 | 000,138,251 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab
[2008.10.27 10:37:40 | 000,134,687 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab
[2008.10.27 10:37:40 | 000,133,425 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab
[2008.10.27 10:37:40 | 000,123,352 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab
[2008.10.27 10:37:40 | 000,122,840 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab
[2008.10.27 10:37:40 | 000,122,070 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab
[2008.10.27 10:37:38 | 000,134,119 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,479,008 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 13:00:00 | 000,437,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,092,414 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 13:00:00 | 000,069,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2009.05.05 19:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\1DA
[2009.05.10 12:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\FreeDownloadManager.ORG
[2009.05.22 15:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\MGS
[2009.05.22 15:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microgaming
[2009.04.04 10:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011.07.04 20:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.05.10 12:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Azureus
[2011.10.20 18:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoft
[2011.04.25 16:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.09.12 12:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\eMule
[2011.01.31 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Faxbus
[2011.10.31 14:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Free Download Manager
[2011.10.31 13:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft
[2011.06.15 18:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\ICAClient
[2011.06.13 19:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ifu Hamburg GmbH, Germany
[2010.02.04 21:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Load
[2009.05.27 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\OpenOffice.org
[2009.03.22 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Desktop Search
[2009.03.22 13:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Search
[2011.11.16 17:40:06 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011.11.16 17:39:24 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.13 12:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Adobe
[2009.03.24 20:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ahead
[2011.09.23 16:45:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Apple Computer
[2011.10.09 09:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Avira
[2009.05.10 12:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Azureus
[2011.10.20 18:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoft
[2011.04.25 16:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.09.12 12:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\eMule
[2011.01.31 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Faxbus
[2011.10.31 14:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Free Download Manager
[2011.10.31 13:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft
[2011.01.10 20:25:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\HP
[2011.06.15 18:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\ICAClient
[2009.03.19 21:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Identities
[2011.06.13 19:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ifu Hamburg GmbH, Germany
[2009.03.19 22:01:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\InstallShield
[2010.02.04 21:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Load
[2009.03.19 22:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Macromedia
[2011.11.13 14:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Malwarebytes
[2011.08.02 22:19:18 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Microsoft
[2010.02.20 13:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Move Networks
[2009.05.27 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\OpenOffice.org
[2011.09.25 18:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Skype
[2011.06.23 12:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\skypePM
[2009.03.19 22:05:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Sun
[2011.10.30 16:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\vlc
[2009.03.22 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Desktop Search
[2009.03.22 13:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Search
[2009.03.21 21:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.29 14:11:10 | 003,119,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010.02.20 13:01:17 | 000,034,062 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.10.27 10:36:58 | 000,526,160 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2009.08.18 18:23:12 | 002,680,920 | ---- | M] (Microsoft Corporation) -- C:\office-kb967688-fullfile-x86-de-de.exe
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OEMDRV\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.02.12 01:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\OEMDRV\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2010.12.26 13:20:19 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2004.05.18 15:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEMDRV\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.03.19 22:34:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.03.19 22:34:09 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.03.19 22:34:09 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >

Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat

Plagegeister aller Art und deren Bekämpfung: Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat

Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat

Ähnliche Themen: Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat