Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BDS/Sinowal.knfal im Masterbootsektor HDO sagt Virenprogramm (https://www.trojaner-board.de/106914-bds-sinowal-knfal-masterbootsektor-hdo-sagt-virenprogramm.html)

GerdKueller 26.12.2011 13:35
BDS/Sinowal.knfal im Masterbootsektor HDO sagt Virenprogramm
 
Hallo, ich hab es wieder mal geschafft. Beim normalen serven und dem Besuch einer Website die ich schon 1000 Mal besucht hab habe ich mir glaube wieder was eingefangen.

Avira sagt wie im Titel beschrieben

Objekt: Masterbootsektor HDO
Fund: BDS/Sinowal.knfal

Jetzt bin ich wieder mal auf eure tolle Hilfe angewiesen, ich hoffe auch diesmal kann ich auf euch zählen trotz der eigentlich staden und besinnlichen Zeit.

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:40 on 26/12/2011 (XXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Die OTL müsste im Anhang sein wenn ich es richtig gemacht habe.

Gruß Gerd

GerdKueller 26.12.2011 16:13
Sorry für den Doppelpost, habs in der Stunde nicht geschafft.

Im Anhang das Gmerprotokoll nach den Anweisungen, hoffe das passt alles so...

GerdKueller 27.12.2011 11:31
Ich hab etwas die Foren durchsucht und was gefunden von Bank bescheid sagen, Karten sperren, Passwörter ändern etc. und bin etwas in Panik.

Hab versucht mit MWB was zu erreichen, ein vollständiger Systemscan bringt jedoch kein Ergebnis dabei ist der Virus noch da sagt Avira.

Jetzt weiß ich absolut nicht weiter...

Log von Malwarebytes

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122605

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.12.2011 11:17:00
mbam-log-2011-12-27 (11-17-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 285899
Laufzeit: 1 Stunde(n), 51 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

GerdKueller 27.12.2011 14:22
Sorry für die Posts, bin etwas hibbelig und habe jetzt diesen Thread hier gefunden, passt ja
http://www.trojaner-board.de/106777-...l-sinowal.html

an den ich mich jetzt orientiert habe

mbr zeigte mir

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000000c

Kernel Drivers (total 150):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF7B8C000 \WINDOWS\system32\KDCOM.DLL
  0xF7A9C000 \WINDOWS\system32\BOOTVID.dll
  0xF763C000 ACPI.sys
  0xF7B8E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF762B000 pci.sys
  0xF768C000 isapnp.sys
  0xF7AA0000 compbatt.sys
  0xF7AA4000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7C54000 pciide.sys
  0xF790C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF760D000 pcmcia.sys
  0xF769C000 MountMgr.sys
  0xF75EE000 ftdisk.sys
  0xF7B90000 dmload.sys
  0xF75C8000 dmio.sys
  0xF7AA8000 ACPIEC.sys
  0xF7C55000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF7914000 PartMgr.sys
  0xF76AC000 VolSnap.sys
  0xF75B0000 atapi.sys
  0xF74DA000 ZR`G\A@J@
  0xF76BC000 disk.sys
  0xF76CC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF74BA000 fltmgr.sys
  0xF74A8000 sr.sys
  0xF7491000 KSecDD.sys
  0xF7404000 Ntfs.sys
  0xF73D7000 NDIS.sys
  0xF73BD000 Mup.sys
  0xF7B92000 BMLoad.sys
  0xF6DF0000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0xF77DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF4F08000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xF4EF4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF4ECC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF4E90000 \SystemRoot\system32\DRIVERS\yk51x86.sys
  0xF4CEE000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
  0xF793C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF4CCA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7944000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF77EC000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
  0xF4CB6000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0xF77FC000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
  0xF6DEC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF780C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF794C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF4C86000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xF7BFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7954000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF781C000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF782C000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF783C000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF4C63000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF795C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF4C4A000 \SystemRoot\system32\DRIVERS\avfwim.sys
  0xF7CA3000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF784C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7B6C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF4C33000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF785C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF786C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7974000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF4C22000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF787C000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF797C000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7984000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF4BF2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF788C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7BFE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF4B94000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7B88000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF4B82000 \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
  0xF789C000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
  0xF4B11000 \SystemRoot\System32\Drivers\wdf01000.sys
  0xF78AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA4821000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xA47FD000 \SystemRoot\system32\drivers\portcls.sys
  0xA7288000 \SystemRoot\system32\drivers\drmk.sys
  0xA472A000 \SystemRoot\system32\DRIVERS\smserial.sys
  0xA76EB000 \SystemRoot\System32\Drivers\Modem.SYS
  0xA7278000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xA7869000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF7C4E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xA6A81000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7C50000 \SystemRoot\System32\Drivers\Beep.SYS
  0xA74DE000 \SystemRoot\System32\drivers\vga.sys
  0xF7C52000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7B94000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xA74D6000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xA74CE000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xA7865000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xA46CF000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xA4676000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xA74C6000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
  0xA4628000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA4600000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xA7268000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xA45C8000 \SystemRoot\system32\DRIVERS\tcpip6.sys
  0xA45AB000 \SystemRoot\system32\DRIVERS\avfwot.sys
  0xA7258000 \SystemRoot\system32\drivers\ip6fw.sys
  0xA74A6000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0xA3B18000 \SystemRoot\System32\Drivers\bthport.sys
  0xA0A6B000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0x9F460000 \SystemRoot\System32\drivers\afd.sys
  0xA10E4000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xA7703000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x9F435000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x9F3C5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA0A67000 \SystemRoot\System32\Drivers\Hotkey.SYS
  0xA06E2000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA0A5B000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xA06D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xA76FB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xA0A57000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA06C2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xA76F3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x9F30C000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0xA06B2000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0xA0692000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0x9F2E7000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xA0672000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0x9F211000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0x9FBB2000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9FF2C000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xA05B7000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
  0xBF453000 \SystemRoot\System32\ATMFD.DLL
  0x9F1F8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xF7B3C000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xA2503000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9F1BB000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9D6C000 \SystemRoot\system32\drivers\sysaudio.sys
  0x9EF99000 \SystemRoot\system32\drivers\xpsec.sys
  0x9EEC8000 \SystemRoot\system32\drivers\xcpip.sys
  0x9EB7A000 \SystemRoot\system32\DRIVERS\srv.sys
  0x9EB3B000 \??\C:\WINDOWS\system32\drivers\mqac.sys
  0x9EB09000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
  0x9FD4C000 \SystemRoot\system32\DRIVERS\secdrv.sys
  0xA68E3000 \SystemRoot\System32\Drivers\TDTCP.SYS
  0x9E79E000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x9E555000 \SystemRoot\System32\Drivers\HTTP.sys
  0x9E899000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
      0 System Idle Process
      4 System
    568 C:\WINDOWS\system32\smss.exe
    840 csrss.exe
    1060 C:\WINDOWS\system32\winlogon.exe
    1104 C:\WINDOWS\system32\services.exe
    1116 C:\WINDOWS\system32\lsass.exe
    1340 C:\WINDOWS\system32\svchost.exe
    1428 svchost.exe
    1476 C:\WINDOWS\system32\svchost.exe
    1640 svchost.exe
    1672 svchost.exe
    2036 C:\WINDOWS\system32\spoolsv.exe
    272 C:\Programme\Avira\AntiVir Desktop\sched.exe
    640 C:\WINDOWS\explorer.exe
    896 C:\Programme\Launch Manager\WButton.exe
    904 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    912 C:\WINDOWS\sm56hlpr.exe
    1012 C:\WINDOWS\RTHDCPL.EXE
    1020 C:\Programme\Launch Manager\LaunchAp.exe
    1028 C:\WINDOWS\system32\hkcmd.exe
    1040 C:\Programme\Launch Manager\HotkeyApp.exe
    1080 C:\WINDOWS\system32\rundll32.exe
    1220 C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe
    1276 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1200 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
    1552 C:\WINDOWS\system32\ctfmon.exe
    1776 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
    176 C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom Internet Manager\ouc.exe
    504 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
    848 msdtc.exe
    1596 C:\WINDOWS\system32\svchost.exe
    1608 C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
    1832 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1848 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    608 C:\Programme\Bonjour\mDNSResponder.exe
    920 svchost.exe
    2284 C:\WINDOWS\system32\cisvc.exe
    2456 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
    2616 C:\Programme\Java\jre6\bin\jqs.exe
    2708 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    2904 C:\WINDOWS\system32\tcpsvcs.exe
    2924 C:\WINDOWS\system32\snmp.exe
    3144 C:\WINDOWS\system32\svchost.exe
    3588 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
    3696 C:\WINDOWS\system32\mqsvc.exe
    2320 C:\WINDOWS\system32\mqtgsvc.exe
    3076 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    3548 C:\Programme\Avira\AntiVir Desktop\avmailc.exe
    2380 C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
    332 alg.exe
    2252 C:\WINDOWS\system32\svchost.exe
    548 C:\WINDOWS\system32\cidaemon.exe
    2636 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    3900 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    1460 C:\Dokumente und Einstellungen\XXX\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 00000029

      Size  Device Name          MBR Status
  --------------------------------------------
    55 GB  \\.\PhysicalDrive0  MBR Code Faked (known infection: Whistler / Black Internet)!
            SHA1: 9B9A79523A1B33178C0B35927C52C09C81BBBDE3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
tdss hat was gefunden und beseitigt, das System wurde neu gestartet und ein neuer Suchlauf mit tdss brachte dann diesen Report

Code:
14:19:17.0875 3940        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:19:18.0312 3940        ============================================================
14:19:18.0312 3940        Current date / time: 2011/12/27 14:19:18.0312
14:19:18.0312 3940        SystemInfo:
14:19:18.0312 3940       
14:19:18.0312 3940        OS Version: 5.1.2600 ServicePack: 3.0
14:19:18.0312 3940        Product type: Workstation
14:19:18.0312 3940        ComputerName: FABIAN
14:19:18.0312 3940        UserName: XXX
14:19:18.0312 3940        Windows directory: C:\WINDOWS
14:19:18.0312 3940        System windows directory: C:\WINDOWS
14:19:18.0312 3940        Processor architecture: Intel x86
14:19:18.0312 3940        Number of processors: 2
14:19:18.0312 3940        Page size: 0x1000
14:19:18.0312 3940        Boot type: Normal boot
14:19:18.0312 3940        ============================================================
14:19:19.0359 3940        Initialize success
14:19:22.0640 2096        ============================================================
14:19:22.0640 2096        Scan started
14:19:22.0640 2096        Mode: Manual;
14:19:22.0640 2096        ============================================================
14:19:23.0515 2096        Abiosdsk - ok
14:19:23.0578 2096        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:19:23.0593 2096        abp480n5 - ok
14:19:23.0656 2096        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:19:23.0671 2096        ACPI - ok
14:19:23.0718 2096        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:19:23.0718 2096        ACPIEC - ok
14:19:23.0781 2096        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:19:23.0843 2096        adpu160m - ok
14:19:23.0953 2096        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:19:23.0953 2096        aec - ok
14:19:24.0015 2096        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:19:24.0015 2096        AFD - ok
14:19:24.0093 2096        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:19:24.0109 2096        agp440 - ok
14:19:24.0171 2096        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:19:24.0187 2096        agpCPQ - ok
14:19:24.0281 2096        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:19:24.0296 2096        Aha154x - ok
14:19:24.0359 2096        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:19:24.0375 2096        aic78u2 - ok
14:19:24.0437 2096        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:19:24.0453 2096        aic78xx - ok
14:19:24.0593 2096        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:19:24.0625 2096        AliIde - ok
14:19:24.0734 2096        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:19:24.0750 2096        alim1541 - ok
14:19:24.0796 2096        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:19:24.0812 2096        amdagp - ok
14:19:24.0859 2096        AmdK7          (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:19:24.0859 2096        AmdK7 - ok
14:19:24.0921 2096        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:19:24.0921 2096        amsint - ok
14:19:25.0062 2096        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:19:25.0078 2096        asc - ok
14:19:25.0125 2096        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:19:25.0140 2096        asc3350p - ok
14:19:25.0218 2096        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:19:25.0234 2096        asc3550 - ok
14:19:25.0312 2096        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:19:25.0328 2096        AsyncMac - ok
14:19:25.0390 2096        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:25.0406 2096        atapi - ok
14:19:25.0453 2096        Atdisk - ok
14:19:25.0515 2096        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:19:25.0515 2096        Atmarpc - ok
14:19:25.0562 2096        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:19:25.0562 2096        audstub - ok
14:19:25.0656 2096        avfwim          (83d71e1911f235e9c0d2f53d54df3129) C:\WINDOWS\system32\DRIVERS\avfwim.sys
14:19:25.0671 2096        avfwim - ok
14:19:25.0718 2096        avfwot          (ae0c5d218e815af8f38670a8c5773e6e) C:\WINDOWS\system32\DRIVERS\avfwot.sys
14:19:25.0718 2096        avfwot - ok
14:19:25.0828 2096        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:19:25.0828 2096        avgntflt - ok
14:19:25.0890 2096        avipbb          (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:19:25.0890 2096        avipbb - ok
14:19:25.0921 2096        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:19:25.0921 2096        avkmgr - ok
14:19:26.0015 2096        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:19:26.0015 2096        Beep - ok
14:19:26.0109 2096        BMLoad          (70cd6d71fc48bbbd1385d7b35aeadecc) C:\WINDOWS\system32\drivers\BMLoad.sys
14:19:26.0109 2096        BMLoad - ok
14:19:26.0187 2096        BthEnum        (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:19:26.0187 2096        BthEnum - ok
14:19:26.0234 2096        BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
14:19:26.0234 2096        BTHMODEM - ok
14:19:26.0265 2096        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:19:26.0281 2096        BthPan - ok
14:19:26.0343 2096        BTHPORT        (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
14:19:26.0343 2096        BTHPORT - ok
14:19:26.0437 2096        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:19:26.0437 2096        BTHUSB - ok
14:19:26.0437 2096        catchme - ok
14:19:26.0515 2096        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:19:26.0546 2096        cbidf - ok
14:19:26.0578 2096        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:19:26.0578 2096        cbidf2k - ok
14:19:26.0625 2096        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:19:26.0625 2096        cd20xrnt - ok
14:19:26.0656 2096        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:19:26.0656 2096        Cdaudio - ok
14:19:26.0765 2096        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:19:26.0765 2096        Cdfs - ok
14:19:26.0843 2096        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:19:26.0859 2096        Cdrom - ok
14:19:26.0890 2096        Changer - ok
14:19:26.0953 2096        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:19:26.0953 2096        CmBatt - ok
14:19:27.0015 2096        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:19:27.0015 2096        CmdIde - ok
14:19:27.0062 2096        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:19:27.0062 2096        Compbatt - ok
14:19:27.0187 2096        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:19:27.0218 2096        Cpqarray - ok
14:19:27.0281 2096        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:19:27.0312 2096        dac2w2k - ok
14:19:27.0343 2096        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:19:27.0359 2096        dac960nt - ok
14:19:27.0406 2096        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:27.0421 2096        Disk - ok
14:19:27.0515 2096        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:19:27.0578 2096        dmboot - ok
14:19:27.0734 2096        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:19:27.0750 2096        dmio - ok
14:19:27.0796 2096        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:19:27.0796 2096        dmload - ok
14:19:27.0843 2096        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:19:27.0843 2096        DMusic - ok
14:19:27.0890 2096        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:19:27.0906 2096        dpti2o - ok
14:19:27.0953 2096        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:19:27.0953 2096        drmkaud - ok
14:19:28.0015 2096        EagleNT - ok
14:19:28.0125 2096        EMSCR          (01857b94bd3f8c99188862d026c925c0) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
14:19:28.0125 2096        EMSCR - ok
14:19:28.0171 2096        ESDCR          (5983f3f91487c2a2a514c17245a0e25d) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
14:19:28.0187 2096        ESDCR - ok
14:19:28.0234 2096        ewusbnet        (249ff0a3aa90a16c770875019427cbdb) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
14:19:28.0250 2096        ewusbnet - ok
14:19:28.0406 2096        ew_hwusbdev    (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
14:19:28.0421 2096        ew_hwusbdev - ok
14:19:28.0531 2096        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:19:28.0546 2096        Fastfat - ok
14:19:28.0609 2096        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:19:28.0609 2096        Fdc - ok
14:19:28.0656 2096        FETNDIS        (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:19:28.0671 2096        FETNDIS - ok
14:19:28.0750 2096        filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys
14:19:28.0765 2096        filtertdidriver - ok
14:19:28.0843 2096        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:19:28.0843 2096        Fips - ok
14:19:28.0906 2096        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:19:28.0906 2096        Flpydisk - ok
14:19:29.0015 2096        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:19:29.0046 2096        FltMgr - ok
14:19:29.0140 2096        FsUsbExDisk    (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
14:19:29.0187 2096        FsUsbExDisk - ok
14:19:29.0250 2096        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:19:29.0265 2096        Fs_Rec - ok
14:19:29.0312 2096        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:19:29.0328 2096        Ftdisk - ok
14:19:29.0390 2096        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:19:29.0390 2096        GEARAspiWDM - ok
14:19:29.0437 2096        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:19:29.0437 2096        Gpc - ok
14:19:29.0484 2096        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:19:29.0484 2096        HDAudBus - ok
14:19:29.0515 2096        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:19:29.0515 2096        HidUsb - ok
14:19:29.0656 2096        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
14:19:29.0656 2096        Hotkey - ok
14:19:29.0734 2096        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:19:29.0781 2096        hpn - ok
14:19:29.0859 2096        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:19:29.0875 2096        HTTP - ok
14:19:29.0937 2096        huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
14:19:29.0937 2096        huawei_enumerator - ok
14:19:30.0062 2096        hwdatacard      (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:19:30.0093 2096        hwdatacard - ok
14:19:30.0171 2096        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:19:30.0171 2096        i2omgmt - ok
14:19:30.0218 2096        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:19:30.0218 2096        i2omp - ok
14:19:30.0265 2096        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:19:30.0265 2096        i8042prt - ok
14:19:30.0531 2096        ialm            (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:19:30.0750 2096        ialm - ok
14:19:30.0906 2096        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:19:30.0921 2096        iaStor - ok
14:19:30.0984 2096        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:19:30.0984 2096        Imapi - ok
14:19:31.0031 2096        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:19:31.0046 2096        ini910u - ok
14:19:31.0375 2096        IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:19:31.0531 2096        IntcAzAudAddService - ok
14:19:31.0671 2096        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:19:31.0671 2096        IntelIde - ok
14:19:31.0703 2096        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:19:31.0703 2096        intelppm - ok
14:19:31.0734 2096        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:19:31.0750 2096        Ip6Fw - ok
14:19:31.0796 2096        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:19:31.0796 2096        IpFilterDriver - ok
14:19:31.0828 2096        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:19:31.0843 2096        IpInIp - ok
14:19:31.0890 2096        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:19:31.0890 2096        IpNat - ok
14:19:32.0046 2096        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:19:32.0046 2096        IPSec - ok
14:19:32.0093 2096        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:19:32.0093 2096        IRENUM - ok
14:19:32.0140 2096        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:19:32.0156 2096        isapnp - ok
14:19:32.0203 2096        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:19:32.0203 2096        Kbdclass - ok
14:19:32.0296 2096        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:19:32.0296 2096        kmixer - ok
14:19:32.0406 2096        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:19:32.0406 2096        KSecDD - ok
14:19:32.0437 2096        lbrtfdc - ok
14:19:32.0515 2096        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:19:32.0515 2096        MBAMProtector - ok
14:19:32.0546 2096        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:19:32.0546 2096        mnmdd - ok
14:19:32.0640 2096        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:19:32.0640 2096        Modem - ok
14:19:32.0718 2096        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:19:32.0718 2096        Mouclass - ok
14:19:32.0796 2096        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:19:32.0796 2096        mouhid - ok
14:19:32.0843 2096        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:19:32.0843 2096        MountMgr - ok
14:19:32.0937 2096        MQAC            (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
14:19:32.0953 2096        MQAC - ok
14:19:32.0984 2096        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:19:33.0000 2096        mraid35x - ok
14:19:33.0093 2096        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:19:33.0109 2096        MRxDAV - ok
14:19:33.0250 2096        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:19:33.0265 2096        MRxSmb - ok
14:19:33.0328 2096        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:19:33.0328 2096        Msfs - ok
14:19:33.0359 2096        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:19:33.0359 2096        MSKSSRV - ok
14:19:33.0421 2096        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:19:33.0421 2096        MSPCLOCK - ok
14:19:33.0500 2096        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:19:33.0515 2096        MSPQM - ok
14:19:33.0671 2096        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:19:33.0671 2096        mssmbios - ok
14:19:33.0734 2096        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:19:33.0734 2096        Mup - ok
14:19:33.0781 2096        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:19:33.0781 2096        NDIS - ok
14:19:33.0828 2096        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:19:33.0828 2096        NdisTapi - ok
14:19:33.0937 2096        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:19:33.0937 2096        Ndisuio - ok
14:19:34.0015 2096        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:19:34.0015 2096        NdisWan - ok
14:19:34.0109 2096        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:19:34.0109 2096        NDProxy - ok
14:19:34.0156 2096        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:19:34.0156 2096        NetBIOS - ok
14:19:34.0203 2096        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:19:34.0203 2096        NetBT - ok
14:19:34.0375 2096        NETw3x32        (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
14:19:34.0437 2096        NETw3x32 - ok
14:19:34.0515 2096        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:19:34.0515 2096        Npfs - ok
14:19:34.0578 2096        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:19:34.0625 2096        Ntfs - ok
14:19:34.0703 2096        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:19:34.0703 2096        Null - ok
14:19:34.0734 2096        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:19:34.0750 2096        NwlnkFlt - ok
14:19:34.0781 2096        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:19:34.0781 2096        NwlnkFwd - ok
14:19:34.0828 2096        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
14:19:34.0875 2096        Parport - ok
14:19:35.0031 2096        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:19:35.0031 2096        PartMgr - ok
14:19:35.0062 2096        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:19:35.0078 2096        ParVdm - ok
14:19:35.0125 2096        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:19:35.0140 2096        PCI - ok
14:19:35.0203 2096        PCIDump - ok
14:19:35.0296 2096        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:19:35.0296 2096        PCIIde - ok
14:19:35.0390 2096        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:19:35.0406 2096        Pcmcia - ok
14:19:35.0437 2096        PDCOMP - ok
14:19:35.0468 2096        PDFRAME - ok
14:19:35.0500 2096        PDRELI - ok
14:19:35.0578 2096        PDRFRAME - ok
14:19:35.0656 2096        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:19:35.0656 2096        perc2 - ok
14:19:35.0703 2096        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:19:35.0703 2096        perc2hib - ok
14:19:35.0812 2096        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:19:35.0812 2096        PptpMiniport - ok
14:19:35.0859 2096        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:19:35.0859 2096        PSched - ok
14:19:35.0906 2096        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:19:35.0906 2096        Ptilink - ok
14:19:36.0000 2096        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:19:36.0015 2096        ql1080 - ok
14:19:36.0062 2096        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:19:36.0078 2096        Ql10wnt - ok
14:19:36.0140 2096        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:19:36.0171 2096        ql12160 - ok
14:19:36.0250 2096        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:19:36.0265 2096        ql1240 - ok
14:19:36.0296 2096        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:19:36.0312 2096        ql1280 - ok
14:19:36.0328 2096        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:19:36.0328 2096        RasAcd - ok
14:19:36.0390 2096        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:19:36.0390 2096        Rasl2tp - ok
14:19:36.0515 2096        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:19:36.0515 2096        RasPppoe - ok
14:19:36.0546 2096        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:19:36.0546 2096        Raspti - ok
14:19:36.0625 2096        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:19:36.0625 2096        Rdbss - ok
14:19:36.0656 2096        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:19:36.0656 2096        RDPCDD - ok
14:19:36.0718 2096        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:19:36.0718 2096        rdpdr - ok
14:19:36.0796 2096        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:19:36.0812 2096        RDPWD - ok
14:19:36.0921 2096        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:19:36.0937 2096        redbook - ok
14:19:37.0015 2096        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:19:37.0015 2096        RFCOMM - ok
14:19:37.0093 2096        RMCAST          (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
14:19:37.0093 2096        RMCAST - ok
14:19:37.0171 2096        S3SavageNB      (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
14:19:37.0218 2096        S3SavageNB - ok
14:19:37.0468 2096        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:19:37.0484 2096        sdbus - ok
14:19:37.0562 2096        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:19:37.0593 2096        Secdrv - ok
14:19:37.0671 2096        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
14:19:37.0671 2096        Serial - ok
14:19:37.0781 2096        sffdisk        (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:19:37.0796 2096        sffdisk - ok
14:19:37.0875 2096        sffp_sd        (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:19:37.0890 2096        sffp_sd - ok
14:19:37.0984 2096        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:19:38.0000 2096        Sfloppy - ok
14:19:38.0031 2096        Simbad - ok
14:19:38.0109 2096        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:19:38.0109 2096        sisagp - ok
14:19:38.0250 2096        smserial        (ce2e9d6b8c26c38779581cff1f14b65b) C:\WINDOWS\system32\DRIVERS\smserial.sys
14:19:38.0281 2096        smserial - ok
14:19:38.0359 2096        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:19:38.0375 2096        Sparrow - ok
14:19:38.0468 2096        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:19:38.0468 2096        splitter - ok
14:19:38.0500 2096        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:19:38.0531 2096        sr - ok
14:19:38.0656 2096        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:19:38.0671 2096        Srv - ok
14:19:38.0734 2096        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:19:38.0734 2096        ssmdrv - ok
14:19:38.0781 2096        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:19:38.0796 2096        swenum - ok
14:19:38.0875 2096        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:19:38.0875 2096        swmidi - ok
14:19:38.0937 2096        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:19:38.0937 2096        symc810 - ok
14:19:39.0000 2096        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:19:39.0031 2096        symc8xx - ok
14:19:39.0078 2096        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:19:39.0078 2096        sym_hi - ok
14:19:39.0171 2096        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:19:39.0171 2096        sym_u3 - ok
14:19:39.0218 2096        SynTP          (f8ae3d6e9d977d383b6564493b58a319) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:19:39.0234 2096        SynTP - ok
14:19:39.0312 2096        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:19:39.0312 2096        sysaudio - ok
14:19:39.0437 2096        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:19:39.0437 2096        Tcpip - ok
14:19:39.0500 2096        Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
14:19:39.0500 2096        Tcpip6 - ok
14:19:39.0593 2096        tcpipBM        (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\WINDOWS\system32\drivers\tcpipBM.sys
14:19:39.0593 2096        tcpipBM - ok
14:19:39.0671 2096        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:19:39.0671 2096        TDPIPE - ok
14:19:39.0718 2096        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:19:39.0765 2096        TDTCP - ok
14:19:39.0828 2096        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:19:39.0828 2096        TermDD - ok
14:19:39.0890 2096        toshidpt        (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
14:19:39.0921 2096        toshidpt - ok
14:19:40.0015 2096        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
14:19:40.0031 2096        TosIde - ok
14:19:40.0125 2096        tosporte        (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
14:19:40.0125 2096        tosporte - ok
14:19:40.0187 2096        Tosrfbd        (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
14:19:40.0203 2096        Tosrfbd - ok
14:19:40.0250 2096        Tosrfbnp        (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
14:19:40.0250 2096        Tosrfbnp - ok
14:19:40.0296 2096        Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
14:19:40.0296 2096        Tosrfcom - ok
14:19:40.0359 2096        Tosrfhid        (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
14:19:40.0375 2096        Tosrfhid - ok
14:19:40.0484 2096        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
14:19:40.0484 2096        tosrfnds - ok
14:19:40.0546 2096        TosRfSnd        (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
14:19:40.0593 2096        TosRfSnd - ok
14:19:40.0656 2096        Tosrfusb        (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
14:19:40.0687 2096        Tosrfusb - ok
14:19:40.0781 2096        tunmp          (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
14:19:40.0781 2096        tunmp - ok
14:19:40.0906 2096        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:19:40.0906 2096        Udfs - ok
14:19:40.0968 2096        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:19:41.0015 2096        ultra - ok
14:19:41.0078 2096        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:19:41.0093 2096        Update - ok
14:19:41.0156 2096        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:19:41.0171 2096        USBAAPL - ok
14:19:41.0312 2096        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:19:41.0343 2096        usbccgp - ok
14:19:41.0406 2096        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:19:41.0406 2096        usbehci - ok
14:19:41.0453 2096        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:19:41.0453 2096        usbhub - ok
14:19:41.0500 2096        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:19:41.0515 2096        usbscan - ok
14:19:41.0546 2096        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:19:41.0546 2096        USBSTOR - ok
14:19:41.0687 2096        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:19:41.0687 2096        usbuhci - ok
14:19:41.0703 2096        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:19:41.0703 2096        VgaSave - ok
14:19:41.0734 2096        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:19:41.0734 2096        viaagp - ok
14:19:41.0765 2096        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:19:41.0781 2096        ViaIde - ok
14:19:41.0796 2096        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:19:41.0828 2096        VolSnap - ok
14:19:41.0890 2096        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:19:41.0890 2096        Wanarp - ok
14:19:41.0921 2096        Wbutton - ok
14:19:41.0984 2096        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:19:41.0984 2096        Wdf01000 - ok
14:19:42.0000 2096        WDICA - ok
14:19:42.0046 2096        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:19:42.0046 2096        wdmaud - ok
14:19:42.0140 2096        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:19:42.0140 2096        WS2IFSL - ok
14:19:42.0234 2096        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:19:42.0250 2096        WudfPf - ok
14:19:42.0265 2096        xcpip - ok
14:19:42.0296 2096        xpsec - ok
14:19:42.0359 2096        yukonwxp        (936a0e2d44adf93ce0df8e92aab29c6e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:19:42.0359 2096        yukonwxp - ok
14:19:42.0390 2096        z_m2z2.sys - ok
14:19:42.0421 2096        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:19:42.0640 2096        \Device\Harddisk0\DR0 - ok
14:19:42.0640 2096        Boot (0x1200)  (91d6b1d934ceb4f52c778ac82d45fd5f) \Device\Harddisk0\DR0\Partition0
14:19:42.0656 2096        \Device\Harddisk0\DR0\Partition0 - ok
14:19:42.0656 2096        ============================================================
14:19:42.0656 2096        Scan finished
14:19:42.0656 2096        ============================================================
14:19:42.0671 1256        Detected object count: 0
14:19:42.0671 1256        Actual detected object count: 0
Passwörter etc. habe ich von einem sicheren PC geändert, bin ich soweit auf dem richtigen Weg?

Chris4You 27.12.2011 15:04
Hi,

nochmal bitte mbrcheck laufen lassen...

Die Treiber bitte bei virustotal prüfen lassen:
Dateien Online überprüfen lassen
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\WINDOWS\system32\DRIVERS\yk51x86.sys
z_m2z2.sys (wahrscheinlich im gleichen Pfad)...
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

Eigentlich ist Neuaufsetzen angesagt...

chris

GerdKueller 27.12.2011 15:16
hi chris :bussi:
mbr check bringt

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000000c

Kernel Drivers (total 146):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF7B8C000 \WINDOWS\system32\KDCOM.DLL
  0xF7A9C000 \WINDOWS\system32\BOOTVID.dll
  0xF763C000 ACPI.sys
  0xF7B8E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF762B000 pci.sys
  0xF768C000 isapnp.sys
  0xF7AA0000 compbatt.sys
  0xF7AA4000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7C54000 pciide.sys
  0xF790C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF760D000 pcmcia.sys
  0xF769C000 MountMgr.sys
  0xF75EE000 ftdisk.sys
  0xF7B90000 dmload.sys
  0xF75C8000 dmio.sys
  0xF7AA8000 ACPIEC.sys
  0xF7C55000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF7914000 PartMgr.sys
  0xF76AC000 VolSnap.sys
  0xF75B0000 atapi.sys
  0xF74DA000 iaStor.sys
  0xF76BC000 disk.sys
  0xF76CC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF74BA000 fltmgr.sys
  0xF74A8000 sr.sys
  0xF7491000 KSecDD.sys
  0xF7404000 Ntfs.sys
  0xF73D7000 NDIS.sys
  0xF73BD000 Mup.sys
  0xF7B92000 BMLoad.sys
  0xF7B3C000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0xF776C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF53F6000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xF53E2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF53BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF5218000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
  0xF7A5C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF51F4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7A64000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF777C000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
  0xF51E0000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0xF778C000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
  0xF7B40000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF779C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7A6C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF51B0000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xF7BC8000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7A74000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF77AC000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF77BC000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF77CC000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF518D000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7A7C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF5174000 \SystemRoot\system32\DRIVERS\avfwim.sys
  0xF7DD0000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF77DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7B4C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF515D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF77EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF77FC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7A94000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF514C000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF780C000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7924000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF793C000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF511C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF781C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7BCC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF50BE000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7B68000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF50AC000 \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
  0xF782C000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
  0xF503B000 \SystemRoot\System32\Drivers\wdf01000.sys
  0xF783C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA205B000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xA2037000 \SystemRoot\system32\drivers\portcls.sys
  0xA2AD9000 \SystemRoot\system32\drivers\drmk.sys
  0xA1F64000 \SystemRoot\system32\DRIVERS\smserial.sys
  0xA2FF8000 \SystemRoot\System32\Drivers\Modem.SYS
  0xA2AC9000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xA311C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF7C18000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xA2B58000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7C1A000 \SystemRoot\System32\Drivers\Beep.SYS
  0xA2D24000 \SystemRoot\System32\drivers\vga.sys
  0xF7C1C000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7C1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xA2D1C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xA2D14000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xA3118000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xA1EE1000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xA1E88000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xA2D0C000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
  0xA1E60000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xA1E3A000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA1E02000 \SystemRoot\system32\DRIVERS\tcpip6.sys
  0xA2AB9000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xA1DE5000 \SystemRoot\system32\DRIVERS\avfwot.sys
  0xF788C000 \SystemRoot\system32\drivers\ip6fw.sys
  0xF79A4000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x9FC2E000 \SystemRoot\System32\Drivers\bthport.sys
  0xF7328000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0x9EEF6000 \SystemRoot\System32\drivers\afd.sys
  0xA95CA000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xA6A05000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x9CE00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x9C994000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9DC1F000 \SystemRoot\System32\Drivers\Hotkey.SYS
  0x9DBBF000 \SystemRoot\System32\Drivers\Fips.SYS
  0x9DC17000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9DBAF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xA3000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9DC13000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9DB9F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xA2CFC000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x9C8DB000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x9DB8F000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0x9DB7F000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0x9C8B6000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x9DB5F000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0x9C7E0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0x9CEF9000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9D798000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xA284C000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
  0xBF453000 \SystemRoot\System32\ATMFD.DLL
  0x9C7C7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA963E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9C78A000 \SystemRoot\system32\drivers\wdmaud.sys
  0x9DB6F000 \SystemRoot\system32\drivers\sysaudio.sys
  0x9C33B000 \??\C:\WINDOWS\system32\drivers\mqac.sys
  0x9C309000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
  0xF6B40000 \SystemRoot\system32\DRIVERS\secdrv.sys
  0x9C289000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA2906000 \SystemRoot\System32\Drivers\TDTCP.SYS
  0x9BF6E000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x9BCFD000 \SystemRoot\System32\Drivers\HTTP.sys
  0x9BDE6000 \??\C:\DOKUME~1\FABIAN~1\LOKALE~1\Temp\aswMBR.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
      0 System Idle Process
      4 System
    1528 C:\WINDOWS\system32\smss.exe
    1664 csrss.exe
    1788 C:\WINDOWS\system32\winlogon.exe
    1832 C:\WINDOWS\system32\services.exe
    1844 C:\WINDOWS\system32\lsass.exe
    2044 C:\WINDOWS\system32\svchost.exe
    172 svchost.exe
    272 C:\WINDOWS\system32\svchost.exe
    448 svchost.exe
    488 svchost.exe
    820 C:\WINDOWS\system32\spoolsv.exe
    904 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1168 C:\WINDOWS\explorer.exe
    1344 C:\Programme\Launch Manager\WButton.exe
    1356 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    1364 C:\WINDOWS\sm56hlpr.exe
    1384 C:\WINDOWS\RTHDCPL.EXE
    1400 C:\Programme\Launch Manager\LaunchAp.exe
    1420 C:\WINDOWS\system32\hkcmd.exe
    1440 C:\Programme\Launch Manager\HotkeyApp.exe
    1448 C:\WINDOWS\system32\rundll32.exe
    1484 C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe
    1504 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1564 C:\WINDOWS\system32\ctfmon.exe
    1596 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
    1640 C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom Internet Manager\ouc.exe
    1724 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
    1896 msdtc.exe
    1652 C:\WINDOWS\system32\svchost.exe
    1512 C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
    552 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    640 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    588 C:\Programme\Bonjour\mDNSResponder.exe
    952 svchost.exe
    1300 C:\WINDOWS\system32\cisvc.exe
    564 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
    976 C:\Programme\Java\jre6\bin\jqs.exe
    812 C:\WINDOWS\system32\tcpsvcs.exe
    128 C:\WINDOWS\system32\snmp.exe
    2172 C:\WINDOWS\system32\svchost.exe
    2512 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
    3476 C:\WINDOWS\system32\mqsvc.exe
    232 C:\WINDOWS\system32\mqtgsvc.exe
    2864 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    3084 C:\Programme\Avira\AntiVir Desktop\avmailc.exe
    3336 C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
    2380 alg.exe
    3032 C:\WINDOWS\system32\svchost.exe
    3492 C:\WINDOWS\system32\dllhost.exe
    1188 C:\WINDOWS\system32\dllhost.exe
    3052 C:\WINDOWS\system32\cidaemon.exe
    1700 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    4044 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    3992 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    2436 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    3932 C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    740 C:\Dokumente und Einstellungen\XXX\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 00000029

      Size  Device Name          MBR Status
  --------------------------------------------
    55 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Name durch XXX ersetzt.
Am anderen bin ich dran, hoffe ich kann das :kaffee:

Edit
das wirst du nicht meinen oder?
Code:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5:        936a0e2d44adf93ce0df8e92aab29c6e
Date first seen:        2009-06-19 03:51:46 (UTC)
Date last seen:        2011-04-09 16:42:07 (UTC)
Detection ratio:        0/42
eher das?

Code:
Additional informationShow all
MD5  : 936a0e2d44adf93ce0df8e92aab29c6e
SHA1  : 74374d9ff067b70aa9f54444645a40dc3768b0c0
SHA256: bec48289e9a8598589119398e2fe82f8017015dfd4463503197dc6cc5d096c35
ssdeep: 6144:9qAdI+XVDYlkroYNmI/kJA9aWadWcpyO3mzundT9uMz:S+XVDYlkroKv/kJ2cpyOWzudTI
Mz
File size : 244608 bytes
First seen: 2009-06-19 03:51:46
Last seen : 2011-12-27 14:26:57
TrID:
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
sigcheck:
publisher....: Marvell
copyright....: (c) Copyright 2002-2006 Marvell_. All rights reserved.
product......: Marvell Yukon Ethernet Controller
description..: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller
original name: YK51X86.sys
internal name: YK51X86.sys
file version.: 8.51.2.3 built by: WinDDK
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x9A80
timedatestamp....: 0x43F5A5ED (Fri Feb 17 10:31:09 2006)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x480, 0x2D52E, 0x2D580, 6.45, 1ffc4afdff4b68ab09841fdddfff9330
.rdata, 0x2DA00, 0x3CE0, 0x3D00, 4.93, 262a317a9eee77f23fa47bad626e6eb4
.data, 0x31700, 0x92D, 0x980, 4.42, 0a5337cc9e49166122a9686925162f62
INIT, 0x32080, 0x8EC, 0x900, 5.37, 43b1fbfef414a786e153a0d0048fd48a
.rsrc, 0x32980, 0x7D00, 0x7D00, 7.56, 0c6cf148ab46409c67e64000c89285e3
.reloc, 0x3A680, 0x14CC, 0x1500, 6.30, 1fc52d22dbc7018d0e73cdb3778ef273

[[ 3 import(s) ]]
NDIS.SYS: NdisMRegisterInterrupt, NdisWriteErrorLogEntry, NdisAllocateSpinLock, NdisFreeSpinLock, NdisMFreeSharedMemory, NdisMAllocateSharedMemory, NdisMGetDmaAlignment, NdisReleaseSpinLock, NdisAcquireSpinLock, NdisInterlockedDecrement, NdisInterlockedIncrement, NdisGetCurrentSystemTime, NdisQueryBufferSafe, NdisInterlockedRemoveHeadList, NdisInterlockedInsertTailList, NdisReadConfiguration, NdisReadNetworkAddress, NdisAllocateMemoryWithTag, NdisFreeMemory, NdisReadPciSlotInformation, NdisWritePciSlotInformation, NdisScheduleWorkItem, NdisFreePacketPool, NdisFreeBufferPool, NdisFreePacket, NdisFreeBuffer, NdisAdjustBufferLength, NdisAllocatePacket, NdisAllocateBuffer, NdisAllocateBufferPool, NdisMRegisterIoPortRange, NdisMCancelTimer, NdisMQueryAdapterResources, NdisMInitializeScatterGatherDma, NdisInterlockedInsertHeadList, NdisSystemProcessorCount, NdisMUnmapIoSpace, NdisMDeregisterIoPortRange, NdisMFreeMapRegisters, NdisWaitEvent, NdisMDeregisterInterrupt, NdisMDeregisterAdapterShutdownHandler, NdisSetTimer, NdisDprReleaseSpinLock, NdisDprAcquireSpinLock, NdisMSetPeriodicTimer, NdisMInitializeTimer, NdisInitializeEvent, NdisMSetAttributesEx, NdisCloseConfiguration, NdisOpenConfiguration, NdisTerminateWrapper, NdisMRegisterMiniport, NdisInitializeWrapper, NDIS_BUFFER_TO_SPAN_PAGES, NdisQueryBufferOffset, NdisIMGetCurrentPacketStack, NdisMapFile, NdisOpenFile, NdisUnmapFile, NdisCloseFile, NdisAllocatePacketPool, NdisMMapIoSpace
HAL.dll: KeStallExecutionProcessor
ntoskrnl.exe: WRITE_REGISTER_ULONG, ObfDereferenceObject, ExUnregisterCallback, ZwPowerInformation, WRITE_REGISTER_UCHAR, ExRegisterCallback, ExCreateCallback, WRITE_REGISTER_USHORT, strncmp, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwClose, ZwOpenSection, wcslen
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 188032
CompanyName: Marvell
EntryPoint: 0x9a80
FileDescription: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 239 kB
FileSubtype: 6
FileType: Win32 EXE
FileVersion: 8.51.2.3 built by: WinDDK
FileVersionNumber: 8.51.2.3
ImageVersion: 5.1
InitializedDataSize: 55424
InternalName: YK51X86.sys
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2002-2006 Marvell . All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Driver
OriginalFilename: YK51X86.sys
PEType: PE32
ProductName: Marvell Yukon Ethernet Controller
ProductVersion: 8.51.2.3
ProductVersionNumber: 8.51.2.3
Subsystem: Native
SubsystemVersion: 5.1
TimeStamp: 2006:02:17 11:31:09+01:00
UninitializedDataSize: 0

Die z_m2z2.sys finde ich nicht

Chris4You 27.12.2011 16:00
Hi,

sieht nicht so schlecht aus...

Was macht der Rechner...`?

Scan mit SystemLook

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User/Win7 mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:
:filefind
z_m2z2.sys

:regfind
z_m2z2.sys
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte dann nochmal ein vollständiges OTL-Log (mit Extras)...

chris

GerdKueller 27.12.2011 18:13
Dem Rechner gehts besser, rauffahren klappt wieder im ersten Anlauf und Avira hält die Füße still...

hier das Ewigkeitswerk

Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 12/27/2011 bei 06:09 PM

Version der Applikation : 5.0.1142

Version der Kern-Datenbank : 8087
Version der Spur-Datenbank : 5899

Scan Art      : kompletter Scann
Totale Scann-Zeit : 02:08:40

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Gescannte Speicherelemente  : 598
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 37738
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 155809
Erfasste Datei-Elemente  : 0
und hier zumindest ein Teil des SystemLook, irgendwann kommt dann immer die Fehlermeldung das Programm muss beendet werden - es wurde ein Fehler festgestellt - Systembericht senden...

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:20 on 27/12/2011 by Fabian Küller
Administrator - Elevation successful

========== filefind ==========

Searching for "z_m2z2.sys"
No files found.

========== regfind ==========

Searching for "z_m2z2.sys"
Code:
OTL logfile created on: 27.12.2011 18:15:45 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 410,63 Mb Available Physical Memory | 40,49% Memory free
1,64 Gb Paging File | 1,21 Gb Available in Paging File | 73,93% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 11,78 Gb Free Space | 21,09% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
PRC - C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WButton.exe ()
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_b427739.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\libxml2.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\cares.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Launch Manager\WButton.exe ()
MOD - C:\WINDOWS\sm56cht.dll ()
MOD - C:\WINDOWS\sm56fra.dll ()
MOD - C:\WINDOWS\sm56jpn.dll ()
MOD - C:\WINDOWS\sm56chs.dll ()
MOD - C:\WINDOWS\sm56spn.dll ()
MOD - C:\WINDOWS\sm56itl.dll ()
MOD - C:\WINDOWS\sm56eng.dll ()
MOD - C:\WINDOWS\sm56brz.dll ()
MOD - C:\WINDOWS\sm56ger.dll ()
MOD - C:\Programme\Launch Manager\LaunchAp.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (Akamai) -- c:\programme\gemeinsame dateien\akamai/netsession_win_b427739.dll ()
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DCService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (filtertdidriver) -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys (Huawei Technologies Co., Ltd.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
 
[2008.10.19 19:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2008.10.19 19:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2011.10.06 14:43:21 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\Fabian K\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\Fabian K\u00FCller\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Fabian K\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GreenWebPlayer = C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\
CHR - Extension: Gradient = C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ipehkhefmnpkdbcpgbononhiohcabocp\1.0\
 
O1 HOSTS File: ([2011.05.17 15:59:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Programme\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD791768-6D7A-4526-A39B-5A3AF543AD5A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 16:21:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2011.12.27 15:56:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SUPERAntiSpyware.com
[2011.12.27 15:54:22 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\XXX\Desktop\SUPERAntiSpyware.exe
[2011.12.27 15:05:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\XXX\Recent
[2011.12.26 23:25:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.26 17:38:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2011.12.26 13:30:18 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.12.25 11:36:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\RavensburgerTipToi
[2011.12.25 11:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\tiptoi® Manager
[2011.12.25 11:35:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2011.12.25 11:34:15 | 000,000,000 | ---D | C] -- C:\Programme\Ravensburger tiptoi
[2011.12.20 13:22:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.12.20 08:41:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2011.12.20 08:39:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.12.20 08:38:58 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.11.29 19:22:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Ski Challenge 12 (AT)
[2011.11.29 19:22:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Game Alarm
[2011.11.29 14:56:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Greentube
[2011.03.18 13:13:39 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[4 C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 16:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2011.12.27 16:17:36 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\SystemLook.exe
[2011.12.27 15:56:12 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 15:55:43 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\XXX\Desktop\SUPERAntiSpyware.exe
[2011.12.27 15:12:39 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\MBRCheck.exe
[2011.12.27 15:11:40 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mbr.exe
[2011.12.27 14:51:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.27 14:50:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.27 14:50:18 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 14:48:00 | 000,294,388 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111227_144705.reg
[2011.12.26 17:29:33 | 000,294,100 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111226_172906.reg
[2011.12.26 13:40:31 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\defogger_reenable
[2011.12.25 11:36:29 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\tiptoi.lnk
[2011.12.21 20:44:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.12.20 12:58:09 | 000,043,870 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\wklnhst.dat
[2011.12.20 10:51:56 | 000,305,000 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111220_105150.reg
[2011.12.20 08:41:12 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.12.15 09:11:41 | 003,549,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.13 17:34:33 | 000,049,664 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.09 20:08:40 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.11.29 19:22:47 | 000,001,564 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Ski Challenge 12 (AT) starten.lnk
[4 C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.27 16:17:39 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\SystemLook.exe
[2011.12.27 15:56:12 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 15:12:42 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\MBRCheck.exe
[2011.12.27 15:11:43 | 000,089,088 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mbr.exe
[2011.12.27 14:47:06 | 000,294,388 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111227_144705.reg
[2011.12.26 17:29:08 | 000,294,100 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111226_172906.reg
[2011.12.26 13:40:31 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\defogger_reenable
[2011.12.25 11:36:29 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\tiptoi.lnk
[2011.12.20 10:51:52 | 000,305,000 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111220_105150.reg
[2011.12.20 08:41:12 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.11.29 19:22:47 | 000,001,564 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Ski Challenge 12 (AT) starten.lnk
[2011.05.17 15:08:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.17 15:08:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.17 15:08:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.17 15:08:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.17 15:08:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.10 19:57:07 | 173,838,160 | ---- | C] () -- C:\Programme\Samsung_New_PC_Studio_1.5.1.10064_2.exe
[2010.12.17 14:09:30 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Adobe GIF Format CS5 Prefs
[2010.03.22 15:04:14 | 000,050,388 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.11.03 15:56:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.11.03 15:56:12 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.11.03 15:56:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\$_hpcst$.hpc
[2009.04.25 08:08:57 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2009.04.22 20:12:44 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0_x.dat
[2009.02.18 08:12:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.02.18 08:12:02 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.01.17 10:06:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini
[2008.10.11 09:32:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.08.01 13:30:57 | 000,043,870 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\wklnhst.dat
[2008.07.07 08:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI
[2008.07.04 20:16:02 | 000,000,024 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\xpy.ini
[2008.06.15 19:32:39 | 000,003,112 | ---- | C] () -- C:\WINDOWS\tm.ini
[2008.05.28 21:09:38 | 003,278,848 | ---- | C] () -- C:\Programme\Duden Korrektor PLUS.msi
[2008.04.08 21:00:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.02.13 15:21:26 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.11.19 16:00:23 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.11.19 16:00:23 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.06.05 17:10:53 | 000,001,648 | ---- | C] () -- C:\Programme\PowerDVD.lnk
[2007.04.18 17:23:16 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007.04.18 16:16:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007.04.14 20:30:01 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.07 19:16:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.04.06 09:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.04.05 11:12:47 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.23 16:43:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.10.23 16:43:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.10.23 16:43:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.10.23 16:43:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.10.23 16:43:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.10.23 16:43:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.10.23 16:43:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.10.23 16:43:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.10.23 16:43:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.10.23 16:43:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.01.30 21:20:28 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.30 21:02:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.01.30 20:55:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.01.30 20:49:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.01.30 20:48:22 | 003,549,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.01.30 20:41:40 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.01.30 20:41:23 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.01.30 20:41:23 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.01.30 20:41:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.01.30 20:41:01 | 000,520,678 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.01.30 20:41:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.01.30 20:41:01 | 000,099,228 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.01.30 20:41:01 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.01.30 20:40:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.01.30 20:40:59 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.01.30 20:40:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.30 20:40:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.01.30 20:40:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.01.30 20:40:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.01.30 20:40:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.08.28 01:07:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.18 17:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.07.26 19:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.11.03 18:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.12.25 11:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2010.12.16 12:07:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.02.10 20:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.13 18:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sports Interactive
[2008.07.02 19:55:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.12.16 10:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2008.10.19 19:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.12.26 23:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.12.26 23:25:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.04.12 10:17:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.12.23 14:20:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.03.22 11:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011.12.20 13:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.02.07 20:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Amazon
[2010.12.16 16:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.02.18 08:12:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\DonationCoder
[2011.07.26 19:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\elsterformular
[2009.04.24 12:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Foxit
[2010.03.22 12:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Foxit Software
[2010.09.06 11:14:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\gtk-2.0
[2007.04.05 13:50:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ICQ Toolbar
[2008.11.18 13:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Kazaa Lite
[2007.10.10 20:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\LimeWire
[2010.12.26 19:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Notepad++
[2009.12.29 20:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\OpenOffice.org
[2009.11.03 18:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\PC Suite
[2007.07.07 18:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\pokerth
[2011.12.25 11:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\RavensburgerTipToi
[2011.03.10 16:09:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Samsung
[2009.12.30 17:52:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sports Interactive
[2010.12.16 16:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.05.18 17:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom
[2011.05.18 17:42:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom Internet Manager
[2008.10.19 19:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TomTom
[2011.12.26 23:26:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.04.24 08:33:41 | 000,000,000 | ---D | M] -- C:\83c45d19af270721f5b488fb
[2009.04.22 19:35:39 | 000,000,000 | ---D | M] -- C:\Addon
[2011.05.17 15:15:55 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2011.12.26 23:42:28 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008.12.21 21:11:55 | 000,000,000 | ---D | M] -- C:\DeskUpdate.tmp
[2011.12.25 11:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.01.17 10:35:38 | 000,000,000 | ---D | M] -- C:\EPLAN
[2011.11.29 19:22:31 | 000,000,000 | ---D | M] -- C:\Games
[2008.12.23 13:53:40 | 000,000,000 | ---D | M] -- C:\Inetpub
[2007.04.18 16:16:33 | 000,000,000 | ---D | M] -- C:\Intel
[2007.05.15 19:10:39 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.11.18 14:23:42 | 000,000,000 | ---D | M] -- C:\My Shared Folder
[2007.04.05 13:45:48 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.27 14:50:16 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.17 16:05:56 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.17 16:14:57 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.27 14:57:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.12.23 13:43:14 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.27 15:05:44 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011.03.18 13:16:45 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2011.02.10 19:57:15 | 173,838,160 | ---- | M] () -- C:\Programme\Samsung_New_PC_Studio_1.5.1.10064_2.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 07:57:27

< End of report >

GerdKueller 27.12.2011 18:41
Nochmal die OTL, da ich denke die letzte war nicht ganz korrekt.
Die Extra.txt gibts aber nicht :confused:

Code:
OTL logfile created on: 27.12.2011 18:30:35 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 378,48 Mb Available Physical Memory | 37,32% Memory free
1,64 Gb Paging File | 1,19 Gb Available in Paging File | 72,76% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 11,75 Gb Free Space | 21,03% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
PRC - C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WButton.exe ()
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_b427739.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\libxml2.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\cares.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Launch Manager\WButton.exe ()
MOD - C:\WINDOWS\sm56cht.dll ()
MOD - C:\WINDOWS\sm56fra.dll ()
MOD - C:\WINDOWS\sm56jpn.dll ()
MOD - C:\WINDOWS\sm56chs.dll ()
MOD - C:\WINDOWS\sm56spn.dll ()
MOD - C:\WINDOWS\sm56itl.dll ()
MOD - C:\WINDOWS\sm56eng.dll ()
MOD - C:\WINDOWS\sm56brz.dll ()
MOD - C:\WINDOWS\sm56ger.dll ()
MOD - C:\Programme\Launch Manager\LaunchAp.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (Akamai) -- c:\programme\gemeinsame dateien\akamai/netsession_win_b427739.dll ()
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DCService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (filtertdidriver) -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys (Huawei Technologies Co., Ltd.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
 
[2008.10.19 19:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2008.10.19 19:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2011.10.06 14:43:21 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\XXX\u00FCller\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GreenWebPlayer = C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\
CHR - Extension: Gradient = C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ipehkhefmnpkdbcpgbononhiohcabocp\1.0\
 
O1 HOSTS File: ([2011.05.17 15:59:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O3 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Programme\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD791768-6D7A-4526-A39B-5A3AF543AD5A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 16:21:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2011.12.27 15:56:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SUPERAntiSpyware.com
[2011.12.27 15:54:22 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\XXX\Desktop\SUPERAntiSpyware.exe
[2011.12.27 15:05:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\XXX\Recent
[2011.12.26 23:25:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.26 17:38:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2011.12.26 13:30:18 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.12.25 11:36:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\RavensburgerTipToi
[2011.12.25 11:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\tiptoi® Manager
[2011.12.25 11:35:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2011.12.25 11:34:15 | 000,000,000 | ---D | C] -- C:\Programme\Ravensburger tiptoi
[2011.12.20 13:22:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.12.20 08:41:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2011.12.20 08:39:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.12.20 08:38:58 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.11.29 19:22:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Ski Challenge 12 (AT)
[2011.11.29 19:22:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Game Alarm
[2011.11.29 14:56:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Greentube
[2011.03.18 13:13:39 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[4 C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 16:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe
[2011.12.27 16:17:36 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\SystemLook.exe
[2011.12.27 15:56:12 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 15:55:43 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\XXX\Desktop\SUPERAntiSpyware.exe
[2011.12.27 15:12:39 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\MBRCheck.exe
[2011.12.27 15:11:40 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mbr.exe
[2011.12.27 14:51:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.27 14:50:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.27 14:50:18 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 14:48:00 | 000,294,388 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111227_144705.reg
[2011.12.26 17:29:33 | 000,294,100 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111226_172906.reg
[2011.12.26 13:40:31 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\defogger_reenable
[2011.12.25 11:36:29 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\tiptoi.lnk
[2011.12.21 20:44:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.12.20 12:58:09 | 000,043,870 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\wklnhst.dat
[2011.12.20 10:51:56 | 000,305,000 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111220_105150.reg
[2011.12.20 08:41:12 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.12.15 09:11:41 | 003,549,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.13 17:34:33 | 000,049,664 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.09 20:08:40 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.11.29 19:22:47 | 000,001,564 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Ski Challenge 12 (AT) starten.lnk
[4 C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\XXX\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.27 16:17:39 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\SystemLook.exe
[2011.12.27 15:56:12 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 15:12:42 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\MBRCheck.exe
[2011.12.27 15:11:43 | 000,089,088 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mbr.exe
[2011.12.27 14:47:06 | 000,294,388 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111227_144705.reg
[2011.12.26 17:29:08 | 000,294,100 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111226_172906.reg
[2011.12.26 13:40:31 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\defogger_reenable
[2011.12.25 11:36:29 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\tiptoi.lnk
[2011.12.20 10:51:52 | 000,305,000 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Eigene Dateien\cc_20111220_105150.reg
[2011.12.20 08:41:12 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.11.29 19:22:47 | 000,001,564 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Ski Challenge 12 (AT) starten.lnk
[2011.05.17 15:08:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.17 15:08:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.17 15:08:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.17 15:08:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.17 15:08:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.10 19:57:07 | 173,838,160 | ---- | C] () -- C:\Programme\Samsung_New_PC_Studio_1.5.1.10064_2.exe
[2010.12.17 14:09:30 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Adobe GIF Format CS5 Prefs
[2010.03.22 15:04:14 | 000,050,388 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.11.03 15:56:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.11.03 15:56:12 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.11.03 15:56:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\$_hpcst$.hpc
[2009.04.25 08:08:57 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2009.04.22 20:12:44 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0_x.dat
[2009.02.18 08:12:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.02.18 08:12:02 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.01.17 10:06:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini
[2008.10.11 09:32:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.08.01 13:30:57 | 000,043,870 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\wklnhst.dat
[2008.07.07 08:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI
[2008.07.04 20:16:02 | 000,000,024 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\xpy.ini
[2008.06.15 19:32:39 | 000,003,112 | ---- | C] () -- C:\WINDOWS\tm.ini
[2008.05.28 21:09:38 | 003,278,848 | ---- | C] () -- C:\Programme\Duden Korrektor PLUS.msi
[2008.04.08 21:00:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.02.13 15:21:26 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.11.19 16:00:23 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.11.19 16:00:23 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.06.05 17:10:53 | 000,001,648 | ---- | C] () -- C:\Programme\PowerDVD.lnk
[2007.04.18 17:23:16 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007.04.18 16:16:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007.04.14 20:30:01 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.07 19:16:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.04.06 09:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.04.05 11:12:47 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.23 16:43:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.10.23 16:43:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.10.23 16:43:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.10.23 16:43:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.10.23 16:43:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.10.23 16:43:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.10.23 16:43:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.10.23 16:43:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.10.23 16:43:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.10.23 16:43:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.01.30 21:20:28 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.30 21:02:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.01.30 20:55:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.01.30 20:49:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.01.30 20:48:22 | 003,549,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.01.30 20:41:40 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.01.30 20:41:23 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.01.30 20:41:23 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.01.30 20:41:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.01.30 20:41:01 | 000,520,678 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.01.30 20:41:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.01.30 20:41:01 | 000,099,228 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.01.30 20:41:01 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.01.30 20:40:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.01.30 20:40:59 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.01.30 20:40:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.30 20:40:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.01.30 20:40:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.01.30 20:40:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.01.30 20:40:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.08.28 01:07:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.18 17:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011.07.26 19:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.11.03 18:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.12.25 11:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2010.12.16 12:07:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.02.10 20:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.05.13 18:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sports Interactive
[2008.07.02 19:55:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.12.16 10:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2008.10.19 19:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.12.26 23:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.12.26 23:25:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.04.12 10:17:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.12.23 14:20:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.03.22 11:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011.12.25 11:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXller\Anwendungsdaten\RavensburgerTipToi
[2011.12.20 13:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.02.07 20:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Amazon
[2010.12.16 16:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.02.18 08:12:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\DonationCoder
[2011.07.26 19:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\elsterformular
[2009.04.24 12:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Foxit
[2010.03.22 12:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Foxit Software
[2010.09.06 11:14:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\gtk-2.0
[2007.04.05 13:50:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ICQ Toolbar
[2008.11.18 13:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Kazaa Lite
[2007.10.10 20:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\LimeWire
[2010.12.26 19:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Notepad++
[2009.12.29 20:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\OpenOffice.org
[2009.11.03 18:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\PC Suite
[2007.07.07 18:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\pokerth
[2011.12.25 11:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\RavensburgerTipToi
[2011.03.10 16:09:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Samsung
[2009.12.30 17:52:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sports Interactive
[2010.12.16 16:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.05.18 17:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom
[2011.05.18 17:42:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Telekom Internet Manager
[2008.10.19 19:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TomTom
[2011.12.26 23:26:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.04.24 08:33:41 | 000,000,000 | ---D | M] -- C:\83c45d19af270721f5b488fb
[2009.04.22 19:35:39 | 000,000,000 | ---D | M] -- C:\Addon
[2011.05.17 15:15:55 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2011.12.26 23:42:28 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008.12.21 21:11:55 | 000,000,000 | ---D | M] -- C:\DeskUpdate.tmp
[2011.12.25 11:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.01.17 10:35:38 | 000,000,000 | ---D | M] -- C:\EPLAN
[2011.11.29 19:22:31 | 000,000,000 | ---D | M] -- C:\Games
[2008.12.23 13:53:40 | 000,000,000 | ---D | M] -- C:\Inetpub
[2007.04.18 16:16:33 | 000,000,000 | ---D | M] -- C:\Intel
[2007.05.15 19:10:39 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.11.18 14:23:42 | 000,000,000 | ---D | M] -- C:\My Shared Folder
[2007.04.05 13:45:48 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.27 14:50:16 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.17 16:05:56 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.17 16:14:57 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.27 14:57:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.12.23 13:43:14 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.27 15:05:44 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011.03.18 13:16:45 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2011.02.10 19:57:15 | 173,838,160 | ---- | M] () -- C:\Programme\Samsung_New_PC_Studio_1.5.1.10064_2.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 07:57:27

< End of report >

Chris4You 27.12.2011 19:01
Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:otl
O3 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-3902489987-3502258820-393941312-1005\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
[2009.04.22 20:12:44 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0_x.dat
:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

GerdKueller 27.12.2011 19:41
Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\WINDOWS\system32\edacded0_x.dat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
 
User: XXX
->Temp folder emptied: 54342469 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6195124 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 343 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 111826 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 666262 bytes
 
%systemdrive% .tmp files removed: 6977 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 7733 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3599432 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12272011_193640

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_410.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_6a8.dat moved successfully.

Registry entries deleted on Reboot...

Chris4You 28.12.2011 07:25
Hi,

so, abschließend noch ein Scan mit Prevx, dann sollten wir durch sein...

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

GerdKueller 28.12.2011 09:10
Hat nix gefunden, sollte das tatsächlich so "einfach" gewesen sein :Boogie:


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19