Rootkit Problem - PC startet weder IE, noch Thunderbird und Firefox (nur ganz selten) oder Links fe

frank_r6

Hallo,

ich habe fogendes Problem.

Ich habe auf einem VM Ware Player Windows XP Prof, X86 installiert. Es lief lange sehr stabil.

Seit neuestem verhält sich das System seltsam.

1. nach Start von WIN XP funktionieren Anwendungen wie Thunderbird, Firefox oder IE Nicht. Anwendugen wie TEamViewer funktionieren wie gewohnt. Dieses Verhalten ist nicht immer so, d.h. manchmal startet das System normal und die o.g. Anwendungen funktionieren auch. Jedeoch muss man den VM Ware Rechner bis zu 10 mal starten, damit es einmal funktioniert.

2. Beim Browsen werden oft andere Seiten aus google aufgerufen (oder auc aus anderen Links) als angeklickt. Benutzt man die zurueck Taste und klickt den Link wieder funktioniert es aber.

Ich habe die gewuenschten Dateien hier angehängt. Die GMER Datei sieht meiens erachtens verdaechtig aus. Was sind die nächsten Schritte? Ich bin für eure Hilfe sehr dankbar.

Gruss
Frank


---------------------

OTL logfile created on: 19.11.2011 11:40:18 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1023,48 Mb Total Physical Memory | 600,05 Mb Available Physical Memory | 58,63% Memory free
1,65 Gb Paging File | 1,31 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,99 Gb Total Space | 1,31 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive Z: | 231,88 Gb Total Space | 2,02 Gb Free Space | 0,87% Space Free | Partition Type: HGFS

Computer Name: XX-AAF7F2AF329A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.19 10:33:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2011.11.11 08:45:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.22 00:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011.08.21 19:05:16 | 000,062,576 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe
PRC - [2011.08.21 19:00:38 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\vmacthlp.exe
PRC - [2011.08.15 19:46:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.25 09:14:34 | 003,196,800 | ---- | M] (Super Flexible Software Ltd. & Co. KG) -- C:\Programme\SuperFlexible\ExtremeVSS.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010.12.27 17:57:12 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.01.05 16:16:12 | 000,069,632 | ---- | M] () -- C:\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
PRC - [2008.06.19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 11:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.04 22:29:24 | 000,063,296 | ---- | M] () -- C:\Programme\UltraVNC Addons\uvnc_service.exe
PRC - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.11 08:45:07 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.08.22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\yui.dll
MOD - [2011.08.22 00:18:06 | 000,078,336 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\pcre.dll
MOD - [2011.08.21 19:05:12 | 000,644,720 | ---- | M] () -- C:\Programme\VMware\VMware Tools\glibmm-2.4.dll
MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.01.05 16:16:12 | 000,069,632 | ---- | M] () -- C:\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
MOD - [2008.06.19 17:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007.06.04 22:29:24 | 000,063,296 | ---- | M] () -- C:\Programme\UltraVNC Addons\uvnc_service.exe
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.21 19:05:16 | 000,062,576 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools)
SRV - [2011.08.21 19:00:38 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Tools\vmacthlp.exe -- (VMware Physical Disk Helper Service)
SRV - [2011.08.15 19:46:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.25 09:14:34 | 003,196,800 | ---- | M] (Super Flexible Software Ltd. & Co. KG) [Auto | Running] -- C:\Programme\SuperFlexible\ExtremeVSS.exe -- (ExtremeVSSService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.27 17:57:12 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.10.07 12:19:28 | 000,394,104 | ---- | M] (ThinPrint AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway)
SRV - [2010.08.02 15:42:26 | 000,263,496 | ---- | M] (ThinPrint AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2010.07.28 07:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.01.05 16:16:12 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008.06.19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.06.04 22:29:24 | 000,063,296 | ---- | M] () [Auto | Running] -- C:\Programme\UltraVNC Addons\uvnc_service.exe -- (Uvnc_service)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.08.29 13:19:01 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.08.21 20:08:28 | 000,102,256 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2011.08.21 20:05:58 | 000,030,000 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2011.08.21 20:02:46 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2011.08.21 20:02:28 | 000,015,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2011.08.21 20:01:48 | 000,143,344 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\vmhgfs.sys -- (vmhgfs)
DRV - [2011.08.21 20:00:58 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2011.08.21 19:08:58 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmci.sys -- (vmci)
DRV - [2011.08.15 19:46:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.15 19:46:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.30 12:05:54 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.12.27 17:57:04 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.12.18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.11.26 21:15:02 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.15 22:54:22 | 000,061,096 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2010.04.03 19:39:44 | 000,322,816 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcdevice.sys -- (mcdevice)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.01.22 15:28:28 | 001,441,024 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vasdDev.sys -- (VASDeviceDrm) Virtual Audio Streaming with Drm (WDM)
DRV - [2009.10.20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.10.07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.10.07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009.10.07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.21 11:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008.06.19 17:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.04.13 22:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.03.29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.01.11 17:23:44 | 000,013,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007.05.22 21:46:48 | 000,013,384 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2007.05.22 21:46:44 | 000,012,104 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.14 09:54:50 | 000,192,512 | ---- | M] (MorningSound Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\VirtualCam.sys -- (VirtualCam)
DRV - [2005.01.26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002.11.29 19:32:34 | 000,010,460 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001.08.17 10:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 45 A8 4B 00 97 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.11 08:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.16 06:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.11.11 08:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2010.11.26 23:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.07.29 09:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.26 23:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\MediaCoder
[2011.10.30 14:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\04nudshs.default\extensions
[2011.01.04 11:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\04nudshs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.16 23:55:47 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\04nudshs.default\extensions\DeviceDetection@logitech.com
[2011.11.11 08:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.22 21:35:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.11 08:45:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 21:47:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 21:47:26 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.04 21:47:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 21:47:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 21:47:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 21:47:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMware Tools] C:\Programme\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Programme\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
O4 - HKCU..\Run: [Kbdinx] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe\Update\getgdi.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RIMDeviceManager] C:\Programme\Gemeinsame Dateien\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Programme\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.217.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19D33043-4BDC-4398-8D7F-E04793BAEBA7}: DhcpNameServer = 192.168.217.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - (VMUpgradeAtShutdownWXP.dll) - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O31 - SafeBoot: AlternateShell - c:\hdsb.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.16 21:50:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.08.08 16:08:28 | 025,462,784 | ---- | M] () - C:\AutoScreenRecorder_06 Aug. 08 01.08.avi -- [ NTFS ]
O32 - AutoRun File - [2010.08.08 01:18:32 | 017,854,976 | ---- | M] () - C:\AutoScreenRecorder_12 Aug. 08 01.51.avi -- [ NTFS ]
O33 - MountPoints2\{54093ff4-9820-11e0-9cde-000c2940747c}\Shell - "" = AutoRun
O33 - MountPoints2\{54093ff4-9820-11e0-9cde-000c2940747c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54093ff4-9820-11e0-9cde-000c2940747c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{54093ff5-9820-11e0-9cde-000c2940747c}\Shell - "" = AutoRun
O33 - MountPoints2\{54093ff5-9820-11e0-9cde-000c2940747c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54093ff5-9820-11e0-9cde-000c2940747c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{889df0c7-5aa2-11df-9c35-000c2940747c}\Shell - "" = AutoRun
O33 - MountPoints2\{889df0c7-5aa2-11df-9c35-000c2940747c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{889df0c7-5aa2-11df-9c35-000c2940747c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{8a5e2245-384b-11df-9c25-000c2940747c}\Shell - "" = AutoRun
O33 - MountPoints2\{8a5e2245-384b-11df-9c25-000c2940747c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a5e2245-384b-11df-9c25-000c2940747c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.19 10:35:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.19 09:57:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.11.18 15:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\UltraVNC
[2011.11.18 15:28:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\UltraVNC
[2011.11.18 15:27:49 | 000,000,000 | ---D | C] -- C:\Programme\UltraVNC
[2011.11.18 15:23:18 | 000,013,384 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\drivers\vnccom.SYS
[2011.11.18 15:22:47 | 000,020,168 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\vncdrv.dll
[2011.11.18 15:22:47 | 000,013,128 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\vnchelp.dll
[2011.11.18 15:22:47 | 000,012,104 | ---- | C] (RDV Soft) -- C:\WINDOWS\System32\drivers\vncdrv.sys
[2011.11.18 15:22:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\UltraVNC Addons
[2011.11.18 15:22:46 | 000,000,000 | ---D | C] -- C:\Programme\UltraVNC Addons
[2011.11.12 09:08:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WBFSManager
[2011.11.12 09:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WBFS Manager
[2011.11.12 09:03:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\WBFS Manager Covers
[2011.11.12 09:03:38 | 000,000,000 | ---D | C] -- C:\Programme\WBFS
[2011.11.12 09:02:08 | 000,000,000 | ---D | C] -- C:\Wbfs_manager_v4.0
[2011.11.11 14:58:08 | 000,000,000 | ---D | C] -- C:\curl
[2011.11.08 16:39:26 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.11.06 22:00:17 | 000,000,000 | ---D | C] -- C:\va_dt_32
[2011.10.31 20:21:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\MediaCoder
[2011.10.30 14:41:20 | 000,000,000 | ---D | C] -- C:\halloween
[2011.10.24 23:09:51 | 000,000,000 | ---D | C] -- C:\Rainald_20Grebe_20und_20Das_20Orchester_20Der_20Versoehnung_20-_20DE_20-%202011
[2011.10.24 22:57:04 | 000,000,000 | ---D | C] -- C:\rgdh
[2011.10.23 12:36:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.10.20 17:56:20 | 000,000,000 | ---D | C] -- C:\Programme\VMware
[2011.10.20 17:56:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\VMware
[2011.10.20 17:12:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Yahoo! Messenger
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.19 11:50:08 | 000,450,616 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.19 11:50:08 | 000,433,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.19 11:50:08 | 000,081,302 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.19 11:50:08 | 000,068,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.19 11:33:35 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.11.19 11:33:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.19 10:39:01 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\hbumrthz.exe
[2011.11.19 10:37:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.19 10:33:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.19 10:32:15 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.11.19 10:31:28 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2011.11.19 01:19:30 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.18 23:31:35 | 000,032,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.18 17:03:22 | 000,002,232 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011.11.17 18:18:54 | 209,797,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\111117-173921.mpg
[2011.11.17 15:34:11 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.11.13 18:15:47 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.11.13 08:48:17 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.11.13 08:45:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.12 09:03:42 | 000,001,974 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WBFS Manager 4.0.lnk
[2011.11.09 22:36:13 | 000,007,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2011.11.08 16:40:14 | 000,027,688 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20111108_164008.reg
[2011.11.08 16:33:29 | 000,000,623 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.11.07 01:16:50 | 000,035,742 | ---- | M] () -- C:\Reality Check.pdf
[2011.10.31 20:21:34 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MediaCoder.lnk
[2011.10.31 20:18:53 | 035,645,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\MediaCoder2011-R9-5198.zip
[2011.10.21 07:07:15 | 000,000,881 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BlackBerry Media Sync.lnk
[2011.10.21 06:23:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.10.21 06:23:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011.10.20 17:12:48 | 000,000,780 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Yahoo! Messenger.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.19 10:40:10 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\hbumrthz.exe
[2011.11.19 10:35:20 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
[2011.11.19 10:32:13 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.11.18 22:45:08 | 209,797,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\111117-173921.mpg
[2011.11.13 08:45:56 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.11.12 09:03:42 | 000,001,974 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WBFS Manager 4.0.lnk
[2011.11.09 22:36:13 | 000,007,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2011.11.08 16:40:11 | 000,027,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20111108_164008.reg
[2011.11.08 16:33:20 | 000,000,623 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.11.07 01:16:43 | 000,035,742 | ---- | C] () -- C:\Reality Check.pdf
[2011.10.31 20:21:34 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MediaCoder.lnk
[2011.10.31 20:18:48 | 035,645,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\MediaCoder2011-R9-5198.zip
[2011.10.21 07:07:15 | 000,000,881 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BlackBerry Media Sync.lnk
[2011.10.21 06:23:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.10.21 06:23:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011.10.20 17:12:48 | 000,000,780 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Yahoo! Messenger.lnk
[2011.08.17 00:16:06 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.06.16 06:53:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.25 09:07:47 | 000,260,096 | ---- | C] () -- C:\Programme\HitFaker.exe
[2011.03.25 09:07:47 | 000,048,687 | ---- | C] () -- C:\Programme\hitfaker.jpg
[2011.03.25 09:07:47 | 000,000,426 | ---- | C] () -- C:\Programme\settings.ini
[2011.02.05 16:30:15 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011.02.05 16:30:15 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011.01.14 15:05:11 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011.01.14 15:01:47 | 000,001,218 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011.01.14 14:58:56 | 000,121,158 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011.01.14 14:58:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011.01.14 14:58:29 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011.01.05 09:46:57 | 000,000,746 | ---- | C] () -- C:\WINDOWS\XaraX.INI
[2011.01.05 09:27:44 | 000,388,064 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.12.31 07:17:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.12.31 00:12:28 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI
[2010.12.05 18:06:45 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.12.02 01:10:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.02 01:10:06 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.02 01:10:06 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.10.31 08:05:17 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2010.10.23 21:12:21 | 000,000,006 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\completescan
[2010.10.23 20:59:30 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\install
[2010.08.26 06:34:02 | 000,000,071 | ---- | C] () -- C:\WINDOWS\ProductKeyExplorer.INI
[2010.08.18 22:10:45 | 000,002,232 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010.07.18 20:13:28 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2010.05.30 11:53:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010.05.30 10:44:24 | 011,162,051 | ---- | C] () -- C:\Programme\bedanl_Speedport_W_504V_Typ_A_Stand02.2010.pdf
[2010.05.30 07:33:23 | 002,034,371 | ---- | C] () -- C:\Programme\util_Speedport_W_504V_Typ_A_Schnellstart_Anleitung_Stand04.2010.pdf
[2010.05.14 23:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VCamera.INI
[2010.05.14 22:46:26 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.05.09 08:25:37 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.18 17:58:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\rWinHook.dll
[2010.03.26 12:32:32 | 000,330,240 | ---- | C] () -- C:\WINDOWS\PICSUninstall.exe
[2010.03.07 17:02:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\cecea310h.dat
[2010.03.07 16:52:18 | 000,057,856 | ---- | C] () -- C:\WINDOWS\Fce32.dll
[2010.03.07 16:52:15 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Fce32.dll
[2010.03.07 16:52:06 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\See32.dll
[2010.02.27 19:52:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.02.20 15:02:36 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2010.02.18 20:41:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.17 14:57:42 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.01.27 19:13:17 | 000,032,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.17 14:44:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.16 21:54:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.01.16 21:47:53 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.16 21:30:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.16 21:29:25 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.06.19 17:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008.06.19 17:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.04.14 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 11:00:00 | 000,450,616 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 11:00:00 | 000,433,994 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 11:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 11:00:00 | 000,081,302 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 11:00:00 | 000,068,374 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 11:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 11:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011.01.22 18:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BayWotch4
[2011.06.16 14:43:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
[2011.10.13 08:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blackberry Desktop
[2011.01.12 20:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM
[2011.10.31 20:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Broad Intelligence
[2011.09.25 21:35:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2011.11.18 18:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
[2010.07.30 11:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.10.30 20:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Easy Duplicate Finder
[2011.01.10 18:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EyeSpyFX
[2011.08.31 20:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FileZilla
[2010.12.27 23:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GHISLER
[2011.11.08 16:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GMX
[2011.01.30 20:33:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabIt
[2011.11.09 22:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2010.12.05 17:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Haenlein-Software
[2010.11.26 23:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HamsterSoft
[2010.02.20 18:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IrfanView
[2010.12.20 16:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\JAM Software
[2010.02.17 14:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2011.01.05 09:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX
[2010.12.04 08:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mkvtoolnix
[2011.10.14 15:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mp3tag
[2011.09.27 21:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nvu
[2010.10.17 11:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
[2010.01.27 23:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PeaZip
[2011.01.15 01:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PhotoScape
[2011.03.25 12:29:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PhraseExpress
[2010.03.26 12:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pics
[2010.10.17 10:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ProgSense
[2010.08.21 13:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Research In Motion
[2011.09.25 21:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.07.29 09:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2010.11.26 21:19:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TrueCrypt
[2010.07.24 15:32:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WebcamMax
[2010.12.05 13:55:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\XMedia Recode
[2010.12.05 13:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cypheros
[2011.08.29 13:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.04.06 12:42:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easy Photo Sorter
[2011.01.05 09:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.03.25 12:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress
[2010.03.26 12:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pics
[2011.10.21 07:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion
[2010.09.17 22:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPC
[2011.05.31 17:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SuperFlexibleSynchronizer
[2010.12.02 00:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2010.08.26 06:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.11.08 23:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK Driver
[2010.01.17 00:21:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt
[2011.11.19 10:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ukprfree
[2010.08.12 20:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WebcamMax

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.06.18 09:12:21 | 000,000,000 | ---D | M] -- C:\aaa-trenn
[2010.12.12 17:12:12 | 000,000,000 | ---D | M] -- C:\b0d233aa285d2975d0
[2011.11.13 18:27:26 | 000,000,000 | ---D | M] -- C:\CryptLoad_1.1.8
[2011.11.11 16:41:50 | 000,000,000 | ---D | M] -- C:\curl
[2010.03.23 21:48:38 | 000,000,000 | ---D | M] -- C:\cygwin
[2010.08.17 21:26:01 | 000,000,000 | ---D | M] -- C:\dcab891f28c8508bfbddbe2ef6
[2011.11.13 14:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.11.06 23:03:34 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.08.30 22:30:32 | 000,000,000 | -H-D | M] -- C:\DS
[2010.08.26 06:14:01 | 000,000,000 | ---D | M] -- C:\DSDGPE1000526
[2011.10.12 21:53:07 | 000,000,000 | ---D | M] -- C:\FrageKind22Bandit
[2010.10.18 12:25:34 | 000,000,000 | ---D | M] -- C:\Germany_83_TA_2010.06
[2011.10.30 15:13:33 | 000,000,000 | ---D | M] -- C:\halloween
[2011.11.19 10:31:37 | 000,000,000 | ---D | M] -- C:\hydra
[2011.05.26 06:50:11 | 000,000,000 | ---D | M] -- C:\JG3.1-11-2010
[2011.10.10 08:56:55 | 000,000,000 | ---D | M] -- C:\JN_G0tt
[2011.06.23 08:52:54 | 000,000,000 | ---D | M] -- C:\karat die 10 groessten hits aus 35 jahren
[2011.09.27 07:52:03 | 000,000,000 | ---D | M] -- C:\Meine Webseiten
[2010.12.17 22:59:18 | 000,000,000 | ---D | M] -- C:\nandub-binary-1.0rc2
[2011.10.12 07:02:03 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2010.07.26 15:28:54 | 000,000,000 | ---D | M] -- C:\PersoBuilder
[2011.06.23 11:41:37 | 000,000,000 | ---D | M] -- C:\PM-Tabaluga
[2011.08.17 16:11:06 | 000,000,000 | ---D | M] -- C:\profilalt
[2011.08.17 15:59:03 | 000,000,000 | ---D | M] -- C:\Profiles
[2010.04.06 14:01:21 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.19 09:57:21 | 000,000,000 | ---D | M] -- C:\Programme
[2011.01.10 11:08:29 | 000,000,000 | ---D | M] -- C:\PROMT Professional
[2011.10.24 23:09:51 | 000,000,000 | ---D | M] -- C:\Rainald_20Grebe_20und_20Das_20Orchester_20Der_20Versoehnung_20-_20DE_20-%202011
[2010.01.27 07:29:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.10.24 22:57:04 | 000,000,000 | ---D | M] -- C:\rgdh
[2011.05.31 08:25:35 | 000,000,000 | ---D | M] -- C:\RouterReconnect
[2010.08.18 22:12:25 | 000,000,000 | R--D | M] -- C:\Sandbox
[2010.10.30 12:52:17 | 000,000,000 | ---D | M] -- C:\scripts
[2011.11.19 11:49:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.07 06:45:31 | 000,000,000 | ---D | M] -- C:\tabaluga
[2011.01.14 15:05:13 | 000,000,000 | ---D | M] -- C:\TEMP
[2010.12.27 21:01:23 | 000,000,000 | ---D | M] -- C:\totalcmd
[2010.10.23 20:56:21 | 000,000,000 | ---D | M] -- C:\treesize
[2011.10.12 07:04:27 | 000,000,000 | ---D | M] -- C:\VA_DT_29
[2011.10.12 07:04:35 | 000,000,000 | ---D | M] -- C:\VA_DT_30
[2011.10.12 07:04:45 | 000,000,000 | ---D | M] -- C:\VA_DT_31
[2011.11.06 22:53:43 | 000,000,000 | ---D | M] -- C:\va_dt_32
[2011.11.12 09:02:08 | 000,000,000 | ---D | M] -- C:\Wbfs_manager_v4.0
[2011.06.22 07:09:28 | 000,000,000 | ---D | M] -- C:\West_TA
[2011.06.10 20:21:07 | 000,000,000 | ---D | M] -- C:\win32diskimager-RELEASE-0.3-r27-binary
[2011.11.19 01:18:02 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.08.29 12:55:21 | 000,000,000 | ---D | M] -- C:\windows7_iso_image_edition_switcher
[2011.10.14 15:18:18 | 000,000,000 | ---D | M] -- C:\ZEN

< %PROGRAMFILES%\*.exe >
[2008.01.29 01:09:28 | 000,260,096 | ---- | M] () -- C:\Programme\HitFaker.exe

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008.04.14 11:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 11:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.04.14 11:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 11:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
[2006.06.10 18:42:42 | 000,150,528 | ---- | M] () MD5=DFC6FA59BB85AD9DED6841094383E8BD -- C:\JG3.1-11-2010\Becker_J.G.-3.1\My Flash Disk\Tools\Regedit.EXE

< MD5 for: USERINIT.EXE >
[2008.04.14 11:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 11:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 11:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 11:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 15:08:22 | 001,868,032 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-13 07:48:23

< >

< End of report >


---------------------------


OTL Extras logfile created on: 19.11.2011 11:40:18 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1023,48 Mb Total Physical Memory | 600,05 Mb Available Physical Memory | 58,63% Memory free
1,65 Gb Paging File | 1,31 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,99 Gb Total Space | 1,31 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive Z: | 231,88 Gb Total Space | 2,02 Gb Free Space | 0,87% Space Free | Partition Type: HGFS

Computer Name: XX-AAF7F2AF329A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CKRename] -- C:\Programme\CKRename\CKRename.exe %1 ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"136:TCP" = 136:TCP:*:Enabledort
"136:UDP" = 136:UDP:*:Enabledortudp
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Cain\Cain.exe" = C:\Programme\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility
"C:\Programme\Easy Web Cam\easywebcam.exe" = C:\Programme\Easy Web Cam\easywebcam.exe:*:Enabled:easywebcam.exe
"C:\MERCURY\mercury.exe" = C:\MERCURY\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.72
"C:\Programme\Free SMTP Server\localsrv.exe" = C:\Programme\Free SMTP Server\localsrv.exe:*:Enabled:localsrv
"C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE" = C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE:*:Enabled:GMX MultiMessenger
"C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Programme\Synology\Assistant\DSAssistant.exe" = C:\Programme\Synology\Assistant\DSAssistant.exe:*:EnabledSAssistant -- ()
"C:\Programme\EyeSpyFX_Webcam\Webcam.exe" = C:\Programme\EyeSpyFX_Webcam\Webcam.exe:*:Enabled:Webcam
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\7zS760C\setup\HPZnet01.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\7zS760C\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\7zS760C\setup\hponicifs01.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\7zS760C\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\Programme\PhraseExpress\phraseexpress.exe" = C:\Programme\PhraseExpress\phraseexpress.exe:*:Enabled:PhraseExpress -- (Bartels Media GmbH)
"C:\Programme\NetMeeting\conf.exe" = C:\Programme\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\CryptLoad_1.1.8\RouterClient.exe" = C:\CryptLoad_1.1.8\RouterClient.exe:*:Enabled:RouterClient -- (hxxp://cryptload.info)
"C:\CryptLoad_1.1.8\CryptLoad.exe" = C:\CryptLoad_1.1.8\CryptLoad.exe:*:Enabled:CryptLoad -- (hxxp://cryptload.info)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-Gemeinsame Nutzung von Anwendungen -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4236FFED-3D49-44C4-9C39-2BFFA91489EF}" = TSDoctor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{56FBF401-0D15-4BA7-B7EE-2BECD86FC8DA}" = LANguard Network Scanner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D08D180-EC52-4093-9B50-59E7AB3C3CF4}" = DVR-Studio HD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8962AE6F-49CD-4A1A-BFCF-4E73CB04646B}" = HYDRA
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B74176-0BA4-4F5D-B3A5-466EAD9E73BD}" = VMware Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FCE2200-3961-471E-BC46-BAE089D50330}" = BlackBerry Device Software v5.0.0 für das BlackBerry 9000-Smartphone
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D99236B1-375D-4313-9522-667175D095DD}" = Attachmate INFOConnect for Unisys, IBM and Open Systems Evaluation
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"baywotch4_is1" = BayWotch v4.2.4
"Biet-O-Matic v2.14.3" = Biet-O-Matic v2.14.3
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"CKRename" = CKRename
"CyberGhost VPN_is1" = CyberGhost VPN
"DAEMON Tools Lite" = DAEMON Tools Lite
"DIY DataRecovery HD Workbench" = DIY DataRecovery HD Workbench 1.1.31
"DRAGON" = DRAGON 1.0
"ESET Online Scanner" = ESET Online Scanner v3
"EURACOM" = EURACOM
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HaaliMkx" = Haali Media Splitter
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"INFOConnect" = Attachmate INFOConnect for Unisys, IBM and Open Systems Evaluation
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"Kreuzworträtsel Freeware" = Kreuzworträtsel Freeware
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaCoder" = MediaCoder 2011
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"MKVtoolnix" = MKVtoolnix 4.4.0
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Mp3tag" = Mp3tag v2.49
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Nvu_is1" = Nvu 1.0
"PhotoScape" = PhotoScape
"PhraseExpress_is1" = PhraseExpress v8.0.127
"RouterControl" = RouterControl 2.0
"SABnzbd" = SABnzbd (remove only)
"Sandboxie" = Sandboxie 3.51.09
"Socks Proxy Checker_is1" = Socks Proxy Checker 1.03
"SpeedFan" = SpeedFan (remove only)
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer 5.45b
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize Free_is1" = TreeSize Free V2.5
"TrueCrypt" = TrueCrypt
"Ultravnc2_is1" = UltraVnc
"Uninstall_is1" = Uninstall 1.0.0.1
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebcamMax" = WebcamMax
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
"XP Codec Pack" = XP Codec Pack
"Yahoo Message Archive Decoder" = Yahoo Message Archive Decoder 4.5
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2011 03:49:39 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.

Error - 19.11.2011 03:49:39 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

Error - 19.11.2011 03:49:40 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.

Error - 19.11.2011 03:49:40 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

Error - 19.11.2011 03:49:41 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.

Error - 19.11.2011 03:49:41 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

Error - 19.11.2011 03:49:42 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.

Error - 19.11.2011 03:49:42 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

Error - 19.11.2011 03:49:42 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.

Error - 19.11.2011 03:49:42 | Computer Name = XX-AAF7F2AF329A | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.

[ System Events ]
Error - 19.11.2011 04:23:46 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 19.11.2011 04:23:46 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VirtualCamera" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1058

Error - 19.11.2011 04:38:37 | Computer Name = XX-AAF7F2AF329A | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 19.11.2011 04:38:43 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 19.11.2011 04:38:43 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VirtualCamera" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1058

Error - 19.11.2011 06:33:18 | Computer Name = XX-AAF7F2AF329A | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 19.11.2011 06:33:29 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 19.11.2011 06:33:29 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VirtualCamera" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1058

Error - 19.11.2011 06:49:06 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Server" wurde nicht ordnungsgemäß gestartet.

Error - 19.11.2011 06:49:06 | Computer Name = XX-AAF7F2AF329A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1070


< End of report >


--------------------------------

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-19 16:37:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\vmscsi1Port2Path0Target0Lun0 VMware,_ rev.1.0_
Running: hbumrthz.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pwrcykob.sys


---- System - GMER 1.0.15 ----

SSDT F7CA5864 ZwClose
SSDT F7CA581E ZwCreateKey
SSDT F7CA586E ZwCreateSection
SSDT F7CA5814 ZwCreateThread
SSDT F7CA5823 ZwDeleteKey
SSDT F7CA582D ZwDeleteValueKey
SSDT F7CA585F ZwDuplicateObject
SSDT F7CA5832 ZwLoadKey
SSDT F7CA5800 ZwOpenProcess
SSDT F7CA5805 ZwOpenThread
SSDT F7CA583C ZwReplaceKey
SSDT F7CA5837 ZwRestoreKey
SSDT F7CA5873 ZwSetContextThread
SSDT F7CA5828 ZwSetValueKey
SSDT F7CA580F ZwTerminateProcess

Code F7C86C9C ZwRequestPort
Code F7C86D3C ZwRequestWaitReplyPort
Code F7C86BFC ZwTraceEvent
Code F7C86C9B NtRequestPort
Code F7C86D3B NtRequestWaitReplyPort
Code F7C86BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 8053515A 5 Bytes JMP F7C86C00
PAGE ntkrnlpa.exe!NtRequestPort 805A2A76 5 Bytes JMP F7C86CA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2DA2 5 Bytes JMP F7C86D40
.text win32k.sys!EngAcquireSemaphore + 20F0 BF8082A4 5 Bytes JMP F7C86480
.text win32k.sys!EngFreeUserMem + 5BD7 BF80EE30 5 Bytes JMP F7C863E0
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E742 5 Bytes JMP F7C86A20
.text win32k.sys!EngPaint + 11A8 BF82D655 5 Bytes JMP F7C865C0
.text win32k.sys!EngLockSurface + 5E22 BF8339EA 5 Bytes JMP F7C86700
.text win32k.sys!EngUnmapFontFileFD + DBA3 BF84509C 5 Bytes JMP F7C86660
.text win32k.sys!XLATEOBJ_iXlate + 646C BF873241 5 Bytes JMP F7C868E0
.text win32k.sys!EngCreatePalette + 1CB BF8BAEA3 5 Bytes JMP F7C86520
.text win32k.sys!EngAlphaBlend + 1A3D BF8C2064 5 Bytes JMP F7C867A0
.text win32k.sys!EngDeleteSemaphore + 3B40 BF8EC189 5 Bytes JMP F7C86980
.text win32k.sys!EngCreateClip + 1A0A BF9134F5 5 Bytes JMP F7C86AC0
.text win32k.sys!EngCreateClip + 1F9A BF913A85 5 Bytes JMP F7C86B60
.text win32k.sys!EngCreateClip + 25E0 BF9140CB 5 Bytes JMP F7C86840

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----