Nach dem Scan mit mbam einen Rootkit.Agent gefunden

alf1807 · 19.07.2012, 22:42

also nachdem ich ebenfalls wie viele anderen diese dubiosen emails von sex seiten erhalten habe aber jedoch keine zip dateien geöffnet habe da ich ja auf keiner der seiten angemedet bin und war machte ich trotzdem einen scan mit dem mbam und siehe da er hat einen Rootkit.Agent gefunden tja woher kommt der nun ??? und wies sitzt der ausgerechnet bei msupdate drinne hmmm alles komisch jedenfalls für mich achja und nicht nur die dubiose sex kontakte ag ist mit so einem schönen trojaner unterwegs auch bei yahoo bekommt man mails mit solchen zip dateien nur die summen welche dort gefordert werden sind so um die ca. 3000 € naja kann nur jedem empfehlen diese zip dateien keines falls zu öffnen sollte seitens des boards interessse an den anderen dateien bestehen können sie gerne von mir für forschungs und bekämpfungs

zwecke zur verfügung gestellt werden aber zu meinem problem was nun mit meinem rootkit.agent??

anbei das logfile
für die hilfe seitens des board teams schon im voraus großes

und macht weiter so ihr seid einfach spitze

mein logfile

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xxxxxxxxxxxxxxxxxxxxxxxx :: xxxxxxxxx [Administrator]

7/19/2012 22:57:22
mbam-log-2012-07-19 (23-17-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 180545
Laufzeit: 17 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 20.07.2012, 17:09

hi,
1. leite mir in zukunft solche mails weiter, wie das geht, steht in meiner signatur.
2. es reicht, entweder das log anzuhängen oder zu posten, nicht beides bitte.
3.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

alf1807 · 22.07.2012, 20:39

OTL.txt File nach Quick scanOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7.22.2012 20:39:17 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\xxxxxxxxxxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: M/d/yyyy
 
503,36 Mb Total Physical Memory | 292,24 Mb Available Physical Memory | 58,06% Memory free
1,20 Gb Paging File | 0,67 Gb Available in Paging File | 55,96% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 22,30 Gb Free Space | 39,90% Space Free | Partition Type: NTFS
Drive E: | 650,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: xxxxxx | User Name: xxxxxxxxxxxxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 20:19:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxxxxxxx\Desktop\OTL.exe
PRC - [2012.06.26 21:57:21 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\Steam.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005.09.19 09:02:26 | 001,968,446 | ---- | M] () -- C:\Novadigm\ManagementAgent\nvdkit.exe
PRC - [2005.06.29 21:06:54 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe
PRC - [2005.06.23 21:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004.08.22 18:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.26 22:01:20 | 020,313,384 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\libcef.dll
MOD - [2012.06.26 22:01:16 | 001,099,576 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\avcodec-53.dll
MOD - [2012.06.26 22:01:16 | 000,895,312 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\chromehtml.dll
MOD - [2012.06.26 22:01:16 | 000,190,776 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\avformat-53.dll
MOD - [2012.06.26 22:01:16 | 000,123,192 | ---- | M] () -- C:\Program Files\Valve\Steam\bin\avutil-51.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2005.10.19 11:56:28 | 000,125,952 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005.09.19 09:02:26 | 001,968,446 | ---- | M] () -- C:\Novadigm\ManagementAgent\nvdkit.exe
MOD - [2005.09.19 08:52:04 | 000,024,576 | ---- | M] () -- C:\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\nvdtcl\nvdtcl82.dll
MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\TEMP\.nvdkit\4cbb1f5137265e7d\737d992b6837ba4c\bin\win32\iphelper.dll
MOD - [2005.06.21 09:49:46 | 000,008,704 | ---- | M] () -- C:\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\tclsvc\tclsvc82.dll
MOD - [2004.08.22 18:04:56 | 000,069,120 | ---- | M] () -- C:\WINDOWS\daemon.dll
MOD - [2004.06.01 11:39:56 | 000,094,274 | R--- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2004.03.02 12:13:18 | 000,024,064 | ---- | M] () -- C:\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\sentcl\sentcl82.dll
MOD - [2003.12.30 22:52:00 | 000,007,168 | ---- | M] () -- C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll
MOD - [2000.05.21 16:32:24 | 000,006,656 | ---- | M] () -- C:\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\reg1.0\tclreg82.dll
MOD - [1999.11.17 22:53:04 | 000,040,448 | ---- | M] () -- C:\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\bin\itcl31.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 16:20:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 21:46:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.05.08 10:49:02 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005.09.19 09:02:26 | 001,968,446 | ---- | M] () [Auto | Running] -- C:/Novadigm/ManagementAgent/nvdkit.exe -- (rma)
SRV - [2005.08.24 02:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Program Files\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2003.04.09 14:11:14 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\WMonitor\WLService.exe -- (WLService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETPPPOI.SYS -- (NETPPPOI)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.28 21:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006.11.07 10:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006.11.07 10:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.07 10:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006.11.07 10:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006.11.07 10:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM)
DRV - [2006.06.30 14:00:22 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.02.28 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006.02.28 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005.10.28 05:38:18 | 000,402,432 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005.09.19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.08.31 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.31 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.31 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.31 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.31 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.31 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.31 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.08.25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.08.05 11:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.06.08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2004.10.25 03:00:00 | 000,578,432 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) Eumex C 200 (WinXP/2000)
DRV - [2004.10.25 03:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2004.10.25 03:00:00 | 000,035,402 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netbfpan.sys -- (NETBFPAN)
DRV - [2004.08.22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004.03.09 12:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.03.09 11:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.02.12 14:29:30 | 000,166,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2001.04.19 03:27:44 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\WMonitor\PCANDIS5.SYS -- (PCANDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{CDA506E0-2E06-4FA8-B0A8-BDD51DFD1983}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1   <---- was ist das denn bitteschön !!
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.19 20:52:48 | 000,000,000 | ---D | M]
 
[2008.08.05 10:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rieder Alfred\Application Data\Mozilla\Extensions
[2012.07.08 12:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxxxxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\extensions
[2010.06.22 22:52:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\xxxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.08 12:48:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.20 11:33:30 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-1.xml
[2009.08.29 10:02:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxxx Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-10.xml
[2009.09.25 14:38:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxx Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-11.xml
[2010.01.30 16:55:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-12.xml
[2010.01.31 16:39:42 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-13.xml
[2010.01.31 16:41:07 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\xxxxx xxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-14.xml
[2010.06.25 22:34:25 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\xxxxx xxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-15.xml
[2008.12.23 01:33:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxx xxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-2.xml
[2008.12.23 10:15:42 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxxx xxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-3.xml
[2009.02.06 12:43:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\ Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-4.xml
[2009.03.06 00:05:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\ Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-5.xml
[2009.03.31 23:17:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\ Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-6.xml
[2009.07.21 14:34:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxxxxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-7.xml
[2009.08.16 11:10:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxxx Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-8.xml
[2009.08.27 12:39:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin-9.xml
[2008.07.10 13:58:44 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\xxxxxx Alfred\Application Data\Mozilla\Firefox\Profiles\yhady06h.default\searchplugins\icqplugin.xml
[2012.07.05 22:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.10.04 10:37:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.19 16:20:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2007.11.22 09:50:49 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv41629.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.04 18:39:46 | 000,000,043 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217878125062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1475AD8B-30CB-49AC-8139-14620798A41F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3241A03-D086-4EFC-BFCE-84F18A42E19D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCF1DB4F-3197-41B2-8424-62F4448AAF10}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll) - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\xxxxxxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\xxxxxxxxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 22:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.08.18 04:43:56 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005.08.18 04:36:12 | 000,700,416 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.08.18 02:59:26 | 000,618,496 | R--- | M] () - E:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005.08.18 04:42:55 | 000,000,151 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e8b6befc-bcc0-11df-ba21-0017083ede26}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b6befc-bcc0-11df-ba21-0017083ede26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8b6befc-bcc0-11df-ba21-0017083ede26}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8C6388EB-90FA-1E50-35AE-2B62A7868AB6} - NetShow
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 20:19:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rieder Alfred\Desktop\OTL.exe
[2012.07.19 22:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxxxxxxx\Application Data\Malwarebytes
[2012.07.19 22:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.19 22:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.07.19 22:54:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.19 22:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.19 20:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Desktop\Bilder Von OPEL Corsa
[2012.07.19 20:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Caminova
[2012.07.19 20:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Caminova
[2012.07.08 21:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxxx\Application Data\Avira
[2012.07.08 21:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012.07.08 21:37:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.07.08 21:37:33 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.08 21:37:32 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.08 21:37:32 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.08 21:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.07.08 21:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012.07.05 22:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.07.05 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.01 19:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.07.01 19:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ANNO 1602 Königs-Edition
[2012.07.01 19:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO 1602 Königs-Edition
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 20:45:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.22 20:19:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxxxxxxxxx\Desktop\OTL.exe
[2012.07.22 19:21:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.22 19:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.22 19:20:20 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 17:16:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.07.19 22:54:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:24 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\ xxxxxx\Desktop\BMWi Zukunftscheck Mittelstand.lnk
[2012.07.12 21:20:35 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.12 11:44:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.08 21:38:22 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.07.05 22:08:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\xxxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.05 22:08:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.25 18:55:29 | 002,829,410 | ---- | M] () -- C:\Documents and Settings\ xxxx\Desktop\allianz-kaufvertrag.pdf
[2012.06.25 16:24:36 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\xxxx\Desktop\XPclean.lnk
[2012.06.23 23:29:13 | 000,466,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.23 23:29:13 | 000,079,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 22:54:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.08 21:38:22 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.07.05 22:08:46 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\xxxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.05 22:08:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.05 22:08:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.06.25 18:55:29 | 002,829,410 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Desktop\allianz-kaufvertrag.pdf
[2012.06.23 20:52:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.23 20:52:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.06.20 14:01:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2012.06.20 14:01:27 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.06.20 13:56:20 | 000,031,864 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.11.03 23:00:39 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010.11.03 23:00:39 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2010.10.15 20:13:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.10.09 19:17:45 | 000,019,448 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.dat
[2010.10.09 19:06:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.10.04 14:32:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008.10.03 10:04:31 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\xxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.09 17:15:21 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Application Data\PnkBstrK.sys
[2008.08.04 21:26:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\xxxx xxxxxxx\Local Settings\Application Data\fusioncache.dat
 
========== LOP Check ==========
 
[2009.02.15 00:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deutsche Post
[2009.02.12 16:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eumex C 200
[2008.10.03 23:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2012.06.20 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008.09.09 22:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2010.10.16 19:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat
[2009.02.05 15:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010.10.03 15:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009.02.15 00:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.11.01 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxx Alfred\Application Data\ComCenter
[2010.02.03 01:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx Alfred\Application Data\eMule
[2009.02.12 00:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxx Alfred\Application Data\Eumex C 200
[2010.06.19 18:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxxxxxxx\Application Data\GMX
[2008.10.03 23:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxxxx\Application Data\ICQ
[2010.10.30 18:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx Alfred\Application Data\InterTrust
[2008.08.02 00:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxxx\Application Data\InterVideo
[2009.01.24 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxxxx\Application Data\Leadertech
[2010.10.16 21:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxxxx\Application Data\naev
[2010.11.03 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxx Alfred\Application Data\SpieleEntwicklungsKombinat
[2009.02.12 00:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxxxx\Application Data\TCom
[2009.02.05 15:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx Alfred\Application Data\Teleca
[2008.09.12 21:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx Alfred\Application Data\TuneUp Software
[2008.11.07 18:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxx Alfred\Application Data\UPS Widget
[2009.01.22 10:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxx\Application Data\Windows Desktop Search
[2009.02.06 12:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x xxxxx\Application Data\Windows Search
[2012.07.13 11:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Zukunftscheck
[2012.07.20 17:16:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.01.20 15:37:15 | 000,000,000 | ---D | M] -- C:\12.000 Office Vorlagen Teil 2
[2009.03.24 16:59:57 | 000,000,000 | ---D | M] -- C:\2c9773d9a3b689ac491afc571f
[2010.11.01 21:22:16 | 000,000,000 | ---D | M] -- C:\ANNO1602
[2008.09.12 21:26:53 | 000,000,000 | ---D | M] -- C:\bde51ba7dc326c41009bdeafb4c0
[2012.07.19 20:52:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008.07.29 22:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2008.08.02 00:43:38 | 000,000,000 | ---D | M] -- C:\Intel
[2009.01.20 12:39:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.08.27 11:32:34 | 000,000,000 | ---D | M] -- C:\Novadigm
[2012.07.19 22:54:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2008.08.02 08:44:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.09.25 19:08:32 | 000,000,000 | ---D | M] -- C:\Scenario
[2011.07.31 23:06:02 | 000,000,000 | ---D | M] -- C:\swsetup
[2008.07.29 22:18:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.08.27 10:55:58 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2012.07.22 20:49:17 | 000,000,000 | ---D | M] -- C:\TEMP
[2012.07.12 21:22:37 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.26 23:00:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.09.26 23:00:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006.02.28 14:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.26 23:00:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.09.26 23:00:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2006.02.28 14:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.07.30 00:01:48 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.29 21:45:38 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2008.07.30 00:01:48 | 001,572,864 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.30 00:01:48 | 001,572,864 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.07.22 00:24:05 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\xxxxxxxx\ntuser.dat
[2012.07.22 20:54:15 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\xxxxxxx Alfred\ntuser.dat.LOG
[2012.07.22 00:24:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\xxxxxxx Alfred\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2012.01.07 03:22:24 | 000,246,440 | ---- | M] (Ask.com) -- C:\Documents and Settings\xxxxxAlfred\Local Settings\Temp\AskSLib.dll
[5 C:\Documents and Settings\xxxxxxx\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\xxxxxxxx\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.06.13 15:19:59 | 001,866,112 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

Extras.txt File nach Quick ScanOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 7.22.2012 20:39:17 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\xxxxxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: M/d/yyyy
 
503,36 Mb Total Physical Memory | 292,24 Mb Available Physical Memory | 58,06% Memory free
1,20 Gb Paging File | 0,67 Gb Available in Paging File | 55,96% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 22,30 Gb Free Space | 39,90% Space Free | Partition Type: NTFS
Drive E: | 650,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: xxxxxxx | User Name: xxxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Ad-aware...] -- "D:\programme\Adaware6\Ad-aware.exe" "%1" "+SD" 
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\UPS Widget\UPS_Widget.exe" = C:\Program Files\UPS Widget\UPS_Widget.exe -- (Skinkers Communications)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE" = C:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE:*:Disabled:GMX MultiMessenger
"C:\Program Files\Valve\Steam\SteamApps\xxxxxxx\day of defeat\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\xxxxxxxx\day of defeat\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Valve\Steam\SteamApps\xxxxxxxx\condition zero deleted scenes\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\xxxxxxx\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Program Files\UPS Widget\UPS_Widget.exe" = C:\Program Files\UPS Widget\UPS_Widget.exe -- (Skinkers Communications)
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-deDE-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe" = C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations
"C:\Program Files\BloodFrontier\bin\bfclient.exe" = C:\Program Files\BloodFrontier\bin\bfclient.exe:*:Enabled:bfclient
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\Tremulous\tremulous.exe" = C:\Program Files\Tremulous\tremulous.exe:*:Enabled:tremulous
"C:\Program Files\GameSpy\Comrade\Comrade.exe" = C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Disabled:Comrade
"C:\Alien Arena 7_33\crx.exe" = C:\Alien Arena 7_33\crx.exe:*:Disabled:crx
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Disabled:zattood
"C:\Program Files\Valve\Steam\SteamApps\xxxxxxxxx\condition zero\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\xxxxxxxx\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
"C:\Program Files\Valve\Steam\SteamApps\xxxx\condition zero\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\xxxxxxx\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{65984EC6-923E-4B5A-83AB-0DF265DDB5E0}" = HP ev2200 Driver Package
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E11F30-D659-4542-A567-0F993C1C19D3}" = Command and Conquer - Tiberian Sun
"{7877F795-2C57-4DE8-A96D-DBD52373D89E}" = BMWi-Interaktive Programme
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A437447F-76CB-472E-A16D-B4DB22E326CE}" = Document Express DjVu Plug-in
"{A7471D99-8479-46F0-A315-1E02F1079E9E}" = Max and the Magic Marker
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}" = Sony Ericsson PC Suite
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB71F9B7-E8BB-4275-9F45-7F6B4BB980FA}" = Total Commander 6.53
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3492D9E-7FBB-1DF6-F759-2A37FA231033}" = Nero 7 Demo
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E3DC29BB-8F6F-4034-89B2-E317391F804F}" = BMWi Zukunftscheck Mittelstand
"{EEF8499E-032E-41C3-B27F-154D102279ED}" = HP Broadband Wireless Tour
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"6F8C52CF07BBF1FE2471DC68C08F06D7C58B7D49" = Windows Driver Package - Intel (w29n51) net  (09/12/2005 9.0.3.9)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"BD783877877F8379747E631823C95556275EC783" = Windows Driver Package - Intel (w39n51) net  (12/04/2005 10.1.0.13)
"CamSpy_is1" = CamSpy V.4.2.2
"Dein Sportpferd_is1" = Dein Sportpferd
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.01
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Liquid_War_6" = Liquid War 6 0.0.7beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft II BNE" = Warcraft II BNE
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7.5.2012 15:57:44 | Computer Name = xxxxxx| Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/05 21:57:44.734]: [00003460]: Initialize TwdsMain
 Class failed!  
 
Error - 7.5.2012 15:57:45 | Computer Name = xxxxxxxx | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/05 21:57:45.000]: [00003460]: GetDeviceList Failed!
 pStiInfo = 0x0..  
 
Error - 7.5.2012 15:57:45 | Computer Name = xxxxx | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/05 21:57:45.000]: [00003460]: ##### Fatal ERROR!!
 Create STI-device failed! #####  
 
Error - 7.5.2012 15:57:45 | Computer Name = xxxxxx | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/05 21:57:45.000]: [00003460]: Initialize TwdsMain
 Class failed!  
 
Error - 7.8.2012 15:41:06 | Computer Name = xxxxxxxx | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 7.8.2012 15:41:06 | Computer Name = xxxxxxx | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 7.13.2012 05:34:33 | Computer Name = xxxxxxxx | Source = Application Hang | ID = 1002
Description = Hanging application BTB.exe, version 1.0.7.19573, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 7.15.2012 11:28:53 | Computer Name = xxxxxxx | Source = Application Error | ID = 1000
Description = Faulting application 1602.exe, version 0.2.5.2, faulting module unknown,
 version 0.0.0.0, fault address 0x4b435553.
 
Error - 7.15.2012 15:34:22 | Computer Name = xxxxxxxx | Source = Application Error | ID = 1000
Description = Faulting application 1602.exe, version 0.2.5.2, faulting module maxsound.dll,
 version 2.3.0.0, fault address 0x00003596.
 
Error - 7.19.2012 03:33:13 | Computer Name = xxxxxxx | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/19 09:33:13.562]: [00000624]: CUsbScnDev: DeviceIoControl
 Illegal response  
 
[ Credential Manager Events ]
Error - 8.27.2008 13:43:12 | Computer Name = xxxxxxxx | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   User:
 xxxxxxxxxxxx@Credential Manager   Client GUID: {Password}   Error: 0xC516020B   Client 
Host: localhost   Client Address: 127.0.0.1   Authority: HP   Server Host: localhost   Protocol:
 HTTP
 
Error - 9.11.2008 14:47:35 | Computer Name = xxxxxxxx | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   User:
 xxxxxxxxx@Credential Manager   Client GUID: {Password}   Error: 0xC516020B   Client 
Host: localhost   Client Address: 127.0.0.1   Authority: HP   Server Host: localhost   Protocol:
 HTTP
 
[ System Events ]
Error - 7.19.2012 14:33:58 | Computer Name = xxxxxxxxx | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
Error - 7.20.2012 05:29:02 | Computer Name = xxxxxxx | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring
 the volume.
 
Error - 7.20.2012 05:29:18 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player-Netzwerkfreigabedienst service depends on
 the Universal Plug and Play Device Host service which failed to start because of
 the following error:   %%1058
 
Error - 7.20.2012 05:30:14 | Computer Name = xxxxxxx | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   PCIIde
 
Error - 7.20.2012 16:44:31 | Computer Name = xxxxxxxx | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player-Netzwerkfreigabedienst service depends on
 the Universal Plug and Play Device Host service which failed to start because of
 the following error:   %%1058
 
Error - 7.20.2012 16:47:15 | Computer Name = xxxxx | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
 Service service to connect.
 
Error - 7.20.2012 16:47:15 | Computer Name = xxxx | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due 
to the following error:   %%1053
 
Error - 7.21.2012 05:16:43 | Computer Name = xxxxx | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player-Netzwerkfreigabedienst service depends on
 the Universal Plug and Play Device Host service which failed to start because of
 the following error:   %%1058
 
Error - 7.21.2012 13:23:33 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player-Netzwerkfreigabedienst service depends on
 the Universal Plug and Play Device Host service which failed to start because of
 the following error:   %%1058
 
Error - 7.22.2012 13:21:09 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player-Netzwerkfreigabedienst service depends on
 the Universal Plug and Play Device Host service which failed to start because of
 the following error:   %%1058
 
 
< End of report >

--- --- ---
bin mal gespannt wo der Agent sich versteckt hat und dann gibts ein paar ---->

Nach dem Scan mit mbam einen Rootkit.Agent gefunden

Log-Analyse und Auswertung: Nach dem Scan mit mbam einen Rootkit.Agent gefunden