Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) (https://www.trojaner-board.de/116836-freunde-haben-spammail-meinem-absender-erhalten-offer-bundler-st-tr-crypt-xpack-gen-2-a.html)

cosinus 13.06.2012 21:40
Das ist aber weder ein CustomScan, noch wurde da der Haken bei alle Benutzer gesetzt

Gutschein007 16.06.2012 11:32
OTL Logfile:
Code:
OTL logfile created on: 15.06.2012 02:31:16 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 387,99 Mb Available Physical Memory | 37,91% Memory free
4,73 Gb Paging File | 4,09 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 15,28 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 68,02 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
 
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.15 02:27:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.06.15 01:18:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.03 20:49:06 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 20:49:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINXP\system32\LGScsiCommandService.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 02:06:28 | 009,459,912 | ---- | M] () -- C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012.06.15 01:18:31 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.05.03 20:49:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2012.06.15 01:18:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINXP\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.03 20:49:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.03 20:49:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINXP\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011.12.19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.11.29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.14 09:48:04 | 000,762,232 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2009.05.14 09:48:04 | 000,021,752 | R--- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.03.08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.03.21 22:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001.08.18 05:30:24 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001.08.07 16:37:18 | 000,014,133 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Running] -- C:\WINXP\System32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKCU\..\SearchScopes\{4F460226-AC2D-4412-A3F5-A1E15F69BAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.15 01:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 20:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
 
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 14:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions
[2010.09.25 20:51:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\searchplugins\conduit.xml
[2011.11.24 23:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.15 13:08:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.06.15 01:18:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.16 17:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 01:18:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.20 14:57:22 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 01:18:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 01:18:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 01:18:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 01:18:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 01:18:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.22 01:49:13 | 000,432,883 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14896 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5973BCFD-3540-4587-BCB8-25B5E351E066}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\SYSTEM32\Userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.20 11:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 20:04:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\we\Recent
[2012.06.11 07:37:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Desktop\logfile
[2012.06.11 07:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.06.11 07:35:52 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.06.08 13:11:34 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.07 16:09:27 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.06 21:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 18:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 15:46:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\adaware
[2012.06.05 15:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.06.05 15:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.06.05 15:44:48 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbapifs.sys
[2012.06.05 15:44:46 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbaphd.sys
[2012.06.05 15:44:44 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbhips.sys
[2012.06.05 15:44:43 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbtis.sys
[2012.06.05 15:42:59 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFwIm.sys
[2012.06.05 15:42:58 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFw.sys
[2012.06.05 15:42:22 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\VDD
[2012.06.05 15:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.06.05 15:32:49 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\vgx.dll
[2012.06.05 15:30:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 14:16:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012.06.05 14:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.19 01:00:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Eigene Dateien\5d news
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 02:06:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerApp.exe
[2012.06.15 02:06:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl
[2012.06.15 01:51:52 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.15 01:51:25 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.06.15 01:51:21 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 01:13:40 | 000,449,236 | ---- | M] () -- C:\WINXP\System32\perfh007.dat
[2012.06.15 01:13:40 | 000,432,928 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012.06.15 01:13:40 | 000,080,544 | ---- | M] () -- C:\WINXP\System32\perfc007.dat
[2012.06.15 01:13:40 | 000,067,884 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012.06.15 01:02:15 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012.06.15 00:25:35 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.06.15 00:25:28 | 000,168,304 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.12 21:23:11 | 000,001,738 | ---- | M] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.12 20:28:36 | 000,002,473 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Desktop\Microsoft Word.lnk
[2012.06.10 20:29:11 | 000,001,190 | ---- | M] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.10 12:00:03 | 000,001,074 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.08 13:34:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.07 15:57:00 | 000,001,234 | ---- | M] () -- C:\WINXP\wininit.ini
[2012.06.05 18:37:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\crypt32.dll
[2012.05.30 21:05:34 | 746,308,460 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[2012.05.16 06:37:23 | 000,376,321 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Desktop\CASHANTRAG_20120516_213507_0B4D4AB508899782621012271E3B6CD5cash_25652.pdf
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.15 00:25:28 | 000,168,304 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.13 23:05:20 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012.06.12 21:23:11 | 000,001,738 | ---- | C] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.10 20:29:11 | 000,001,190 | ---- | C] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.08 13:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.05 18:46:06 | 000,001,074 | ---- | C] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.05 15:44:57 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 20:56:41 | 746,308,460 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[2012.05.16 06:37:23 | 000,376,321 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Desktop\CASHANTRAG_20120516_213507_0B4D4AB508899782621012271E3B6CD5cash_25652.pdf
[2012.02.16 06:09:41 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011.11.29 12:52:18 | 000,034,888 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011.11.09 22:45:09 | 000,000,062 | ---- | C] () -- C:\WINXP\GPlrLanc.dat
[2011.05.02 17:19:39 | 000,001,234 | ---- | C] () -- C:\WINXP\wininit.ini
[2011.04.20 15:21:44 | 000,000,064 | ---- | C] () -- C:\WINXP\System32\rp_stats.dat
[2011.04.20 15:21:44 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\rp_rules.dat
[2011.04.12 20:10:45 | 000,005,504 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys
[2011.01.23 22:54:33 | 000,042,771 | ---- | C] () -- C:\WINXP\CSTBox.INI
[2011.01.05 15:33:32 | 000,210,944 | ---- | C] () -- C:\WINXP\System32\MSVCRT10.DLL
[2011.01.05 15:33:32 | 000,000,114 | ---- | C] () -- C:\WINXP\kpcms.ini
[2011.01.05 15:03:40 | 000,032,397 | ---- | C] () -- C:\WINXP\SGTBox.INI
[2010.12.18 18:33:59 | 000,000,190 | ---- | C] () -- C:\WINXP\QTW.INI
[2010.12.18 18:32:49 | 000,070,880 | ---- | C] () -- C:\WINXP\Unwise.exe
[2010.12.18 18:32:49 | 000,005,145 | ---- | C] () -- C:\WINXP\Unwise.ini
[2010.12.14 11:05:44 | 000,000,087 | ---- | C] () -- C:\WINXP\cdplayer.ini
[2010.11.22 15:57:32 | 000,762,232 | R--- | C] () -- C:\WINXP\System32\drivers\UDXTTM6010.sys
[2010.11.11 22:28:23 | 000,000,069 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2010.11.09 08:49:15 | 000,138,752 | ---- | C] () -- C:\WINXP\System32\MASE32.DLL
[2010.11.09 08:49:15 | 000,136,192 | ---- | C] () -- C:\WINXP\System32\MAMC32.DLL
[2010.11.09 08:49:15 | 000,057,856 | ---- | C] () -- C:\WINXP\System32\MASD32.DLL
[2010.11.09 08:49:14 | 000,196,096 | ---- | C] () -- C:\WINXP\System32\MACD32.DLL
[2010.11.09 08:49:14 | 000,027,648 | ---- | C] () -- C:\WINXP\System32\MA32.DLL
[2010.10.15 13:11:07 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2010.10.15 12:43:07 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\WINXP\System32\StarOpen.sys
[2010.07.30 13:45:29 | 000,000,145 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT
[2010.07.23 21:35:45 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 20:52:31 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.21 20:44:50 | 000,354,816 | ---- | C] () -- C:\WINXP\System32\PsisDecd.dll
[2010.07.21 20:41:50 | 000,520,192 | ---- | C] () -- C:\WINXP\System32\ati2sgag.exe
[2010.07.21 20:41:44 | 000,121,995 | R--- | C] () -- C:\WINXP\System32\atiicdxx.dat
[2010.07.20 15:05:21 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll
[2010.07.20 14:55:03 | 000,165,376 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2010.07.20 14:55:02 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini
[2010.07.20 14:54:58 | 000,790,528 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2010.07.20 14:54:58 | 000,134,144 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2010.07.20 14:54:55 | 000,108,032 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2010.07.20 14:11:16 | 000,000,169 | ---- | C] () -- C:\WINXP\RtlRack.ini
[2010.07.20 14:07:13 | 000,049,152 | R--- | C] () -- C:\WINXP\System32\ChCfg.exe
[2010.07.20 14:06:42 | 000,147,456 | R--- | C] () -- C:\WINXP\System32\RtlCPAPI.dll
[2010.07.20 14:06:31 | 000,000,164 | R--- | C] () -- C:\WINXP\avrack.ini
[2010.07.20 13:49:53 | 000,000,397 | ---- | C] () -- C:\WINXP\ODBC.INI
[2010.07.20 13:29:43 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2010.07.20 12:08:30 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2010.07.20 11:20:08 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2010.07.20 11:14:35 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2012.06.05 15:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2010.11.11 22:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.01.04 22:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.12.28 14:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2010.12.29 06:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2011.04.13 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NeoEdge Networks
[2010.10.13 18:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.07.20 14:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010.07.20 14:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.01.05 15:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.05.29 13:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.11.11 22:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2010.11.22 16:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2011.06.09 12:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.03.27 07:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.11.23 07:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.11.30 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.03.25 20:57:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.14 20:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.13 18:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2011.04.12 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ashampoo
[2010.11.11 22:56:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canneverbe Limited
[2011.08.04 19:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canon
[2011.07.25 11:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoft
[2011.07.25 11:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.15 04:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\EAC
[2011.01.03 15:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\GetRightToGo
[2011.07.16 09:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MSNInstaller
[2011.03.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MumboJumbo
[2011.03.23 21:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Oberon Media
[2010.10.13 17:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PC Suite
[2011.01.31 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PhotoScape
[2011.01.03 17:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PriceGong
[2012.06.07 23:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\QuickScan
[2010.10.17 21:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\smc
[2011.10.30 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium
[2010.11.23 09:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TerraTec
[2012.05.14 23:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Thunderbird
[2011.06.09 12:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TomTom
[2011.03.25 20:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TuneUp Software
[2010.11.12 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ulead Systems
[2012.06.10 12:00:03 | 000,001,074 | ---- | M] () -- C:\WINXP\Tasks\Ad-Aware Antivirus Scheduled Scan.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
[/code]

code]OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 15.06.2012 02:31:16 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 387,99 Mb Available Physical Memory | 37,91% Memory free
4,73 Gb Paging File | 4,09 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 15,28 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 68,02 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
 
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:Channel Editor -- (TerraTec Electronic GmbH)
"C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINXP\explorer.exe" = C:\WINXP\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E74138F2-5F04-4E4F-8389-419E012C9B4C}" = ATI Catalyst Control Center
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Stellarium Plugins Bundle_is1" = Stellarium Plugin Bundle 0.0.1
"Stellarium Satllites Plugin_is1" = Stellarium Satellites Plugin 0.1.2
"Stellarium_is1" = Stellarium 0.11.0
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 04:30:46 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 08.06.2012 05:18:14 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kss.exe, Version 12.0.1.117, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 08.06.2012 05:54:48 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.06.2012 21:23:52 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.06.2012 21:49:14 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 10.06.2012 05:27:11 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 13.06.2012 11:20:07 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 14.06.2012 19:54:12 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 13.06.2012 11:19:15 | Computer Name = WE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht ordnungsgemäß gestartet.
 
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 13.06.2012 12:03:15 | Computer Name = WE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AdobeFlashPlayerUpdateSvc.
 
Error - 13.06.2012 12:03:48 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 13.06.2012 16:52:35 | Computer Name = WE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 14.06.2012 18:27:33 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
 werden muss. Die Systemzeit kann durch den Zeitdienst um  maximal +54000 Sekunden
 geändert werden. Stellen Sie sicher, dass die Uhrzeit  und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
 funktionsfähig ist.
 
Error - 14.06.2012 18:33:49 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
 werden muss. Die Systemzeit kann durch den Zeitdienst um  maximal +54000 Sekunden
 geändert werden. Stellen Sie sicher, dass die Uhrzeit  und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
 funktionsfähig ist.
 
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---

code]OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 15.06.2012 02:31:16 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 387,99 Mb Available Physical Memory | 37,91% Memory free
4,73 Gb Paging File | 4,09 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 15,28 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 68,02 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
 
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:Channel Editor -- (TerraTec Electronic GmbH)
"C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINXP\explorer.exe" = C:\WINXP\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E74138F2-5F04-4E4F-8389-419E012C9B4C}" = ATI Catalyst Control Center
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Stellarium Plugins Bundle_is1" = Stellarium Plugin Bundle 0.0.1
"Stellarium Satllites Plugin_is1" = Stellarium Satellites Plugin 0.1.2
"Stellarium_is1" = Stellarium 0.11.0
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 04:30:46 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 08.06.2012 05:18:14 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kss.exe, Version 12.0.1.117, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 08.06.2012 05:54:48 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.06.2012 21:23:52 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.06.2012 21:49:14 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 10.06.2012 05:27:11 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 13.06.2012 11:20:07 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 14.06.2012 19:54:12 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 13.06.2012 11:19:15 | Computer Name = WE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht ordnungsgemäß gestartet.
 
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 13.06.2012 12:03:15 | Computer Name = WE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AdobeFlashPlayerUpdateSvc.
 
Error - 13.06.2012 12:03:48 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 13.06.2012 16:52:35 | Computer Name = WE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 14.06.2012 18:27:33 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
 werden muss. Die Systemzeit kann durch den Zeitdienst um  maximal +54000 Sekunden
 geändert werden. Stellen Sie sicher, dass die Uhrzeit  und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
 funktionsfähig ist.
 
Error - 14.06.2012 18:33:49 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
 werden muss. Die Systemzeit kann durch den Zeitdienst um  maximal +54000 Sekunden
 geändert werden. Stellen Sie sicher, dass die Uhrzeit  und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
 funktionsfähig ist.
 
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---
[/code]

Gutschein007 17.06.2012 19:24
Hatte wohl falsch gepostet. Hier die ZIP-Dateien.

cosinus 18.06.2012 09:37
Kannst du bitte mal meine Anleitung richtig umsetzen!

Code:
Scan Mode: Current user
Du hast schon wieder vergessen den Haken bei scanne alle Benutzer zu setzen!
Und ein CustomScan war das auch wieder nicht! :nixda:

Gutschein007 18.06.2012 14:41
OTL Logfile:
Code:
OTL logfile created on: 18.06.2012 14:52:41 - Run 3
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 359,81 Mb Available Physical Memory | 35,16% Memory free
4,73 Gb Paging File | 4,07 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 17,14 Gb Free Space | 21,17% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 25,52 Gb Free Space | 37,48% Space Free | Partition Type: NTFS
 
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 14:46:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads\OTL(2).exe
PRC - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.03 20:49:06 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 20:49:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINXP\system32\LGScsiCommandService.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.03 20:49:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2012.06.15 01:18:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINXP\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.03 20:49:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.03 20:49:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINXP\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011.12.19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.11.29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.14 09:48:04 | 000,762,232 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2009.05.14 09:48:04 | 000,021,752 | R--- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.03.08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.03.21 22:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001.08.18 05:30:24 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001.08.07 16:37:18 | 000,014,133 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Running] -- C:\WINXP\System32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{4F460226-AC2D-4412-A3F5-A1E15F69BAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.15 01:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 20:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
 
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 14:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions
[2010.09.25 20:51:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\searchplugins\conduit.xml
[2012.06.16 16:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.15 01:18:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.16 17:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 01:18:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.20 14:57:22 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 01:18:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 01:18:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 01:18:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 01:18:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 01:18:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.22 01:49:13 | 000,432,883 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14896 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5973BCFD-3540-4587-BCB8-25B5E351E066}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\SYSTEM32\Userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.20 11:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "UleadBurningHelper"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINXP\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install
ActiveX: {9081C200-BB08-7627-0F48-6753DE30F9A6} - Outlook Express
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
Drivers32: msacm.ac3acm - C:\WINXP\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINXP\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINXP\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINXP\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINXP\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINXP\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINXP\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINXP\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINXP\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.17 10:52:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\we\Recent
[2012.06.11 07:37:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Desktop\logfile
[2012.06.11 07:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.06.11 07:35:52 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.06.06 21:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 18:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 15:46:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\adaware
[2012.06.05 15:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.06.05 15:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.06.05 15:44:48 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbapifs.sys
[2012.06.05 15:44:46 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbaphd.sys
[2012.06.05 15:44:44 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbhips.sys
[2012.06.05 15:44:43 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbtis.sys
[2012.06.05 15:42:59 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFwIm.sys
[2012.06.05 15:42:58 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFw.sys
[2012.06.05 15:42:22 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\VDD
[2012.06.05 15:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.06.05 15:30:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 14:16:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012.06.05 14:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 14:31:38 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.18 14:23:21 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.06.18 14:23:19 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.06.18 14:23:14 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 14:23:14 | 000,168,304 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.16 19:49:31 | 000,000,000 | ---- | M] () -- C:\WINXP\System32\SBRC.dat
[2012.06.16 16:03:54 | 000,001,074 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.15 03:05:20 | 000,002,473 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Desktop\Microsoft Word.lnk
[2012.06.15 01:13:40 | 000,449,236 | ---- | M] () -- C:\WINXP\System32\perfh007.dat
[2012.06.15 01:13:40 | 000,432,928 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012.06.15 01:13:40 | 000,080,544 | ---- | M] () -- C:\WINXP\System32\perfc007.dat
[2012.06.15 01:13:40 | 000,067,884 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012.06.12 21:23:11 | 000,001,738 | ---- | M] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.10 20:29:11 | 000,001,190 | ---- | M] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.08 13:34:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.07 15:57:00 | 000,001,234 | ---- | M] () -- C:\WINXP\wininit.ini
[2012.06.05 18:37:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 21:05:34 | 746,308,460 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.18 14:23:14 | 000,168,304 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.16 19:49:31 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\SBRC.dat
[2012.06.12 21:23:11 | 000,001,738 | ---- | C] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.10 20:29:11 | 000,001,190 | ---- | C] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.08 13:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.05 18:46:06 | 000,001,074 | ---- | C] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.05 15:44:57 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 20:56:41 | 746,308,460 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[2012.02.16 06:09:41 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011.11.29 12:52:18 | 000,034,888 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011.11.09 22:45:09 | 000,000,062 | ---- | C] () -- C:\WINXP\GPlrLanc.dat
[2011.05.02 17:19:39 | 000,001,234 | ---- | C] () -- C:\WINXP\wininit.ini
[2011.04.20 15:21:44 | 000,000,064 | ---- | C] () -- C:\WINXP\System32\rp_stats.dat
[2011.04.20 15:21:44 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\rp_rules.dat
[2011.04.12 20:10:45 | 000,005,504 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys
[2011.01.23 22:54:33 | 000,042,771 | ---- | C] () -- C:\WINXP\CSTBox.INI
[2011.01.05 15:33:32 | 000,210,944 | ---- | C] () -- C:\WINXP\System32\MSVCRT10.DLL
[2011.01.05 15:33:32 | 000,000,114 | ---- | C] () -- C:\WINXP\kpcms.ini
[2011.01.05 15:03:40 | 000,032,397 | ---- | C] () -- C:\WINXP\SGTBox.INI
[2010.12.18 18:33:59 | 000,000,190 | ---- | C] () -- C:\WINXP\QTW.INI
[2010.12.18 18:32:49 | 000,070,880 | ---- | C] () -- C:\WINXP\Unwise.exe
[2010.12.18 18:32:49 | 000,005,145 | ---- | C] () -- C:\WINXP\Unwise.ini
[2010.12.14 11:05:44 | 000,000,087 | ---- | C] () -- C:\WINXP\cdplayer.ini
[2010.11.22 15:57:32 | 000,762,232 | R--- | C] () -- C:\WINXP\System32\drivers\UDXTTM6010.sys
[2010.11.11 22:28:23 | 000,000,069 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2010.11.09 08:49:15 | 000,138,752 | ---- | C] () -- C:\WINXP\System32\MASE32.DLL
[2010.11.09 08:49:15 | 000,136,192 | ---- | C] () -- C:\WINXP\System32\MAMC32.DLL
[2010.11.09 08:49:15 | 000,057,856 | ---- | C] () -- C:\WINXP\System32\MASD32.DLL
[2010.11.09 08:49:14 | 000,196,096 | ---- | C] () -- C:\WINXP\System32\MACD32.DLL
[2010.11.09 08:49:14 | 000,027,648 | ---- | C] () -- C:\WINXP\System32\MA32.DLL
[2010.10.15 13:11:07 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2010.10.15 12:43:07 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\WINXP\System32\StarOpen.sys
[2010.07.30 13:45:29 | 000,000,145 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT
[2010.07.23 21:35:45 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 20:52:31 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.21 20:44:50 | 000,354,816 | ---- | C] () -- C:\WINXP\System32\PsisDecd.dll
[2010.07.21 20:41:50 | 000,520,192 | ---- | C] () -- C:\WINXP\System32\ati2sgag.exe
[2010.07.21 20:41:44 | 000,121,995 | R--- | C] () -- C:\WINXP\System32\atiicdxx.dat
[2010.07.20 15:05:21 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll
[2010.07.20 14:55:03 | 000,165,376 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2010.07.20 14:55:02 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini
[2010.07.20 14:54:58 | 000,790,528 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2010.07.20 14:54:58 | 000,134,144 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2010.07.20 14:54:55 | 000,108,032 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2010.07.20 14:11:16 | 000,000,169 | ---- | C] () -- C:\WINXP\RtlRack.ini
[2010.07.20 14:07:13 | 000,049,152 | R--- | C] () -- C:\WINXP\System32\ChCfg.exe
[2010.07.20 14:06:42 | 000,147,456 | R--- | C] () -- C:\WINXP\System32\RtlCPAPI.dll
[2010.07.20 14:06:31 | 000,000,164 | R--- | C] () -- C:\WINXP\avrack.ini
[2010.07.20 13:49:53 | 000,000,397 | ---- | C] () -- C:\WINXP\ODBC.INI
[2010.07.20 13:29:43 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2010.07.20 12:08:30 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2010.07.20 11:20:08 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2010.07.20 11:14:35 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2012.06.05 15:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2010.11.11 22:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.01.04 22:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.12.28 14:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2010.12.29 06:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2011.04.13 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NeoEdge Networks
[2010.10.13 18:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.07.20 14:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010.07.20 14:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.01.05 15:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.05.29 13:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.11.11 22:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2010.11.22 16:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2011.06.09 12:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.03.27 07:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.11.23 07:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.11.30 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.03.25 20:57:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.14 20:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.06 21:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 18:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.13 18:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2011.04.12 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ashampoo
[2010.11.11 22:56:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canneverbe Limited
[2011.08.04 19:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canon
[2011.07.25 11:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoft
[2011.07.25 11:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.15 04:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\EAC
[2011.01.03 15:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\GetRightToGo
[2011.07.16 09:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MSNInstaller
[2011.03.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MumboJumbo
[2011.03.23 21:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Oberon Media
[2010.10.13 17:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PC Suite
[2011.01.31 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PhotoScape
[2011.01.03 17:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PriceGong
[2012.06.07 23:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\QuickScan
[2010.10.17 21:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\smc
[2011.10.30 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium
[2010.11.23 09:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TerraTec
[2012.05.14 23:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Thunderbird
[2011.06.09 12:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TomTom
[2011.03.25 20:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TuneUp Software
[2010.11.12 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ulead Systems
[2012.06.16 16:03:54 | 000,001,074 | ---- | M] () -- C:\WINXP\Tasks\Ad-Aware Antivirus Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.15 04:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\AccurateRip
[2012.06.13 18:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2011.01.23 22:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Adobe
[2012.03.24 14:56:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Apple Computer
[2011.04.12 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ashampoo
[2010.07.21 20:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\ATI
[2011.10.16 12:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Avira
[2010.11.11 22:56:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canneverbe Limited
[2011.08.04 19:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canon
[2010.11.11 22:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Cyberlink
[2011.08.04 13:43:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\dvdcss
[2011.07.25 11:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoft
[2011.07.25 11:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.15 04:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\EAC
[2011.01.03 15:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\GetRightToGo
[2011.01.05 15:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Help
[2010.07.20 11:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Identities
[2011.11.07 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\InstallShield
[2010.07.20 13:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Macromedia
[2011.01.16 13:41:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Malwarebytes
[2011.07.08 19:57:23 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Microsoft
[2010.07.20 13:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Microsoft Web Folders
[2010.07.20 13:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla
[2011.07.16 09:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MSNInstaller
[2011.03.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MumboJumbo
[2011.03.23 21:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Oberon Media
[2010.10.13 17:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PC Suite
[2011.01.31 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PhotoScape
[2011.01.03 17:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PriceGong
[2012.06.07 23:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\QuickScan
[2011.11.07 22:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Real
[2011.06.14 21:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Skype
[2010.10.24 20:05:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\skypePM
[2010.10.17 21:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\smc
[2011.10.30 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium
[2010.07.20 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Sun
[2010.11.23 09:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TerraTec
[2012.05.14 23:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Thunderbird
[2011.06.09 12:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TomTom
[2011.03.25 20:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TuneUp Software
[2010.11.12 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ulead Systems
[2011.09.15 09:32:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\vlc
[2011.01.04 16:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.10.31 17:25:50 | 000,721,689 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium\modules\unins000.exe
[2011.10.31 17:26:25 | 000,721,689 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium\modules\Satellites\unins000.exe
 
< %SYSTEMDRIVE%\*.exe >
[2012.04.26 09:02:32 | 089,166,136 | ---- | M] (LG Electronics) -- C:\LGPCSuiteIV_Setup.exe
[2010.11.22 14:12:28 | 013,120,008 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-de-de-xp.exe
 
< MD5 for: AGP440.SYS  >
[2007.10.09 20:15:40 | 016,734,399 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINXP\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINXP\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2007.10.09 20:15:40 | 016,734,399 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINXP\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINXP\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINXP\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINXP\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.09 20:06:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINXP\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\ServicePackFiles\i386\userinit.exe
[2011.04.20 16:20:17 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINXP\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINXP\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.07.20 13:06:27 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2010.07.20 13:06:27 | 000,663,552 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2010.07.20 13:06:27 | 000,417,792 | ---- | M] () -- C:\WINXP\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[51 C:\WINXP\system32\*.tmp files -> C:\WINXP\system32\*.tmp -> ]

< End of report >
--- --- ---

cosinus 18.06.2012 15:28
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
[2010.07.20 14:57:22 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.20 11:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gutschein007 19.06.2012 21:16
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-299502267-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from keyword.URL
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
File F:\LGAutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: we
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33099 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: we
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINXP\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.49.0 log created on 06192012_220806

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 20.06.2012 11:06
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Gutschein007 20.06.2012 16:24
Code:
17:16:34.0437 3700        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:16:34.0515 3700        ============================================================
17:16:34.0515 3700        Current date / time: 2012/06/20 17:16:34.0515
17:16:34.0515 3700        SystemInfo:
17:16:34.0515 3700       
17:16:34.0515 3700        OS Version: 5.1.2600 ServicePack: 3.0
17:16:34.0515 3700        Product type: Workstation
17:16:34.0515 3700        ComputerName: WE
17:16:34.0515 3700        UserName: we
17:16:34.0515 3700        Windows directory: C:\WINXP
17:16:34.0515 3700        System windows directory: C:\WINXP
17:16:34.0515 3700        Processor architecture: Intel x86
17:16:34.0515 3700        Number of processors: 1
17:16:34.0515 3700        Page size: 0x1000
17:16:34.0515 3700        Boot type: Normal boot
17:16:34.0515 3700        ============================================================
17:16:36.0828 3700        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:16:36.0828 3700        ============================================================
17:16:36.0828 3700        \Device\Harddisk0\DR0:
17:16:36.0828 3700        MBR partitions:
17:16:36.0828 3700        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA1E8F09
17:16:36.0859 3700        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA1E8F87, BlocksNum 0x882FB3A
17:16:36.0859 3700        ============================================================
17:16:36.0984 3700        C: <-> \Device\Harddisk0\DR0\Partition0
17:16:37.0015 3700        S: <-> \Device\Harddisk0\DR0\Partition1
17:16:37.0015 3700        ============================================================
17:16:37.0015 3700        Initialize success
17:16:37.0015 3700        ============================================================
17:18:23.0250 3900        ============================================================
17:18:23.0250 3900        Scan started
17:18:23.0250 3900        Mode: Manual; SigCheck; TDLFS;
17:18:23.0250 3900        ============================================================
17:18:23.0687 3900        61883          (914a9709fc3bf419ad2f85547f2a4832) C:\WINXP\system32\DRIVERS\61883.sys
17:18:25.0515 3900        61883 - ok
17:18:25.0531 3900        Abiosdsk - ok
17:18:25.0546 3900        abp480n5 - ok
17:18:25.0609 3900        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINXP\system32\DRIVERS\ACPI.sys
17:18:25.0890 3900        ACPI - ok
17:18:25.0937 3900        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINXP\system32\drivers\ACPIEC.sys
17:18:26.0203 3900        ACPIEC - ok
17:18:26.0312 3900        AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
17:18:26.0343 3900        AdobeActiveFileMonitor9.0 - ok
17:18:26.0375 3900        adpu160m - ok
17:18:26.0437 3900        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys
17:18:26.0734 3900        aec - ok
17:18:26.0796 3900        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINXP\System32\drivers\afd.sys
17:18:26.0875 3900        AFD - ok
17:18:26.0890 3900        Aha154x - ok
17:18:26.0906 3900        aic78u2 - ok
17:18:26.0937 3900        aic78xx - ok
17:18:27.0281 3900        ALCXWDM        (f3e15607ba53249c765e36388b332c2f) C:\WINXP\system32\drivers\ALCXWDM.SYS
17:18:27.0703 3900        ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
17:18:27.0703 3900        ALCXWDM - detected UnsignedFile.Multi.Generic (1)
17:18:27.0843 3900        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINXP\system32\alrsvc.dll
17:18:28.0187 3900        Alerter - ok
17:18:28.0218 3900        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINXP\System32\alg.exe
17:18:28.0328 3900        ALG - ok
17:18:28.0359 3900        AliIde - ok
17:18:28.0421 3900        AmdK7          (3a0dafac778236559c14c7203fb550eb) C:\WINXP\system32\DRIVERS\amdk7.sys
17:18:28.0750 3900        AmdK7 - ok
17:18:28.0765 3900        amsint - ok
17:18:28.0859 3900        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:18:28.0890 3900        AntiVirSchedulerService - ok
17:18:28.0968 3900        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:18:28.0984 3900        AntiVirService - ok
17:18:29.0062 3900        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:18:29.0093 3900        Apple Mobile Device - ok
17:18:29.0156 3900        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINXP\System32\appmgmts.dll
17:18:29.0281 3900        AppMgmt - ok
17:18:29.0328 3900        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINXP\system32\DRIVERS\arp1394.sys
17:18:29.0640 3900        Arp1394 - ok
17:18:29.0656 3900        asc - ok
17:18:29.0671 3900        asc3350p - ok
17:18:29.0687 3900        asc3550 - ok
17:18:29.0765 3900        ASPI            (54ab078660e536da72b21a27f56b035b) C:\WINXP\System32\DRIVERS\ASPI32.sys
17:18:29.0781 3900        ASPI ( UnsignedFile.Multi.Generic ) - warning
17:18:29.0781 3900        ASPI - detected UnsignedFile.Multi.Generic (1)
17:18:29.0875 3900        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:18:29.0921 3900        aspnet_state - ok
17:18:29.0937 3900        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys
17:18:30.0250 3900        AsyncMac - ok
17:18:30.0296 3900        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys
17:18:30.0625 3900        atapi - ok
17:18:30.0640 3900        Atdisk - ok
17:18:30.0703 3900        Ati HotKey Poller (c4b5144443a368741e6427faa44c5491) C:\WINXP\system32\Ati2evxx.exe
17:18:30.0843 3900        Ati HotKey Poller - ok
17:18:30.0921 3900        ATI Smart      (48b441dc9ce7ca32152aedbd2243fcd9) C:\WINXP\system32\ati2sgag.exe
17:18:31.0000 3900        ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:18:31.0000 3900        ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:18:31.0140 3900        ati2mtag        (221f0a33229cce7bf2f7640d3bb8845d) C:\WINXP\system32\DRIVERS\ati2mtag.sys
17:18:31.0343 3900        ati2mtag - ok
17:18:31.0453 3900        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys
17:18:31.0765 3900        Atmarpc - ok
17:18:31.0812 3900        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINXP\System32\audiosrv.dll
17:18:32.0125 3900        AudioSrv - ok
17:18:32.0171 3900        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys
17:18:32.0500 3900        audstub - ok
17:18:32.0546 3900        Avc            (f8e6956a614f15a0860474c5e2a7de6b) C:\WINXP\system32\DRIVERS\avc.sys
17:18:32.0859 3900        Avc - ok
17:18:32.0906 3900        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINXP\system32\DRIVERS\avgntflt.sys
17:18:32.0984 3900        avgntflt - ok
17:18:33.0046 3900        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINXP\system32\DRIVERS\avipbb.sys
17:18:33.0078 3900        avipbb - ok
17:18:33.0140 3900        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINXP\system32\DRIVERS\avkmgr.sys
17:18:33.0156 3900        avkmgr - ok
17:18:33.0234 3900        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys
17:18:33.0531 3900        Beep - ok
17:18:33.0593 3900        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINXP\system32\qmgr.dll
17:18:33.0937 3900        BITS - ok
17:18:34.0031 3900        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
17:18:34.0078 3900        Bonjour Service - ok
17:18:34.0125 3900        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINXP\System32\browser.dll
17:18:34.0421 3900        Browser - ok
17:18:34.0468 3900        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys
17:18:34.0765 3900        cbidf2k - ok
17:18:34.0796 3900        CCDECODE        (fdc06e2ada8c468ebb161624e03976cf) C:\WINXP\system32\DRIVERS\CCDECODE.sys
17:18:34.0843 3900        CCDECODE - ok
17:18:34.0859 3900        cd20xrnt - ok
17:18:34.0906 3900        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys
17:18:35.0187 3900        Cdaudio - ok
17:18:35.0234 3900        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys
17:18:35.0546 3900        Cdfs - ok
17:18:35.0593 3900        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys
17:18:35.0890 3900        Cdrom - ok
17:18:35.0906 3900        Changer - ok
17:18:35.0937 3900        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINXP\system32\cisvc.exe
17:18:36.0234 3900        CiSvc - ok
17:18:36.0250 3900        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINXP\system32\clipsrv.exe
17:18:36.0562 3900        ClipSrv - ok
17:18:36.0656 3900        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:36.0734 3900        clr_optimization_v2.0.50727_32 - ok
17:18:36.0750 3900        CmdIde - ok
17:18:36.0781 3900        COMSysApp - ok
17:18:36.0828 3900        Cpqarray - ok
17:18:36.0875 3900        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINXP\System32\cryptsvc.dll
17:18:37.0140 3900        CryptSvc - ok
17:18:37.0156 3900        dac2w2k - ok
17:18:37.0187 3900        dac960nt - ok
17:18:37.0265 3900        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINXP\system32\rpcss.dll
17:18:37.0343 3900        DcomLaunch - ok
17:18:37.0406 3900        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINXP\System32\dhcpcsvc.dll
17:18:37.0687 3900        Dhcp - ok
17:18:37.0734 3900        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys
17:18:38.0046 3900        Disk - ok
17:18:38.0062 3900        dmadmin - ok
17:18:38.0171 3900        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINXP\system32\drivers\dmboot.sys
17:18:38.0562 3900        dmboot - ok
17:18:38.0593 3900        dmio            (53720ab12b48719d00e327da470a619a) C:\WINXP\system32\drivers\dmio.sys
17:18:38.0875 3900        dmio - ok
17:18:38.0906 3900        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys
17:18:39.0187 3900        dmload - ok
17:18:39.0250 3900        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINXP\System32\dmserver.dll
17:18:39.0578 3900        dmserver - ok
17:18:39.0625 3900        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys
17:18:39.0890 3900        DMusic - ok
17:18:39.0937 3900        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINXP\System32\dnsrslvr.dll
17:18:40.0015 3900        Dnscache - ok
17:18:40.0062 3900        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINXP\System32\dot3svc.dll
17:18:40.0359 3900        Dot3svc - ok
17:18:40.0375 3900        dpti2o - ok
17:18:40.0406 3900        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys
17:18:40.0703 3900        drmkaud - ok
17:18:40.0734 3900        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINXP\System32\eapsvc.dll
17:18:41.0031 3900        EapHost - ok
17:18:41.0093 3900        EL90X          (be492ac87790457ecdacecc967f38c55) C:\WINXP\system32\DRIVERS\el90xnd5.sys
17:18:41.0375 3900        EL90X - ok
17:18:41.0406 3900        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINXP\System32\ersvc.dll
17:18:41.0718 3900        ERSvc - ok
17:18:41.0781 3900        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINXP\system32\services.exe
17:18:41.0843 3900        Eventlog - ok
17:18:41.0906 3900        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINXP\system32\es.dll
17:18:41.0968 3900        EventSystem - ok
17:18:42.0031 3900        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys
17:18:42.0296 3900        Fastfat - ok
17:18:42.0359 3900        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINXP\System32\shsvcs.dll
17:18:42.0453 3900        FastUserSwitchingCompatibility - ok
17:18:42.0484 3900        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\DRIVERS\fdc.sys
17:18:42.0750 3900        Fdc - ok
17:18:42.0781 3900        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINXP\system32\drivers\Fips.sys
17:18:43.0062 3900        Fips - ok
17:18:43.0109 3900        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys
17:18:43.0375 3900        Flpydisk - ok
17:18:43.0406 3900        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\drivers\fltmgr.sys
17:18:43.0703 3900        FltMgr - ok
17:18:43.0812 3900        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:43.0828 3900        FontCache3.0.0.0 - ok
17:18:43.0859 3900        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys
17:18:44.0125 3900        Fs_Rec - ok
17:18:44.0156 3900        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINXP\system32\DRIVERS\ftdisk.sys
17:18:44.0453 3900        Ftdisk - ok
17:18:44.0500 3900        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
17:18:44.0531 3900        GEARAspiWDM - ok
17:18:44.0562 3900        getPlusHelper - ok
17:18:44.0625 3900        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys
17:18:44.0906 3900        Gpc - ok
17:18:44.0984 3900        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:18:45.0296 3900        helpsvc - ok
17:18:45.0343 3900        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINXP\System32\hidserv.dll
17:18:45.0609 3900        HidServ - ok
17:18:45.0625 3900        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys
17:18:45.0937 3900        hidusb - ok
17:18:46.0000 3900        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINXP\System32\kmsvc.dll
17:18:46.0281 3900        hkmsvc - ok
17:18:46.0312 3900        hpn - ok
17:18:46.0390 3900        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINXP\system32\Drivers\HTTP.sys
17:18:46.0453 3900        HTTP - ok
17:18:46.0484 3900        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINXP\System32\w3ssl.dll
17:18:46.0781 3900        HTTPFilter - ok
17:18:46.0812 3900        i2omgmt - ok
17:18:46.0828 3900        i2omp - ok
17:18:46.0875 3900        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINXP\system32\DRIVERS\i8042prt.sys
17:18:47.0171 3900        i8042prt - ok
17:18:47.0312 3900        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:47.0437 3900        idsvc - ok
17:18:47.0484 3900        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys
17:18:47.0796 3900        Imapi - ok
17:18:47.0875 3900        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINXP\system32\imapi.exe
17:18:48.0156 3900        ImapiService - ok
17:18:48.0187 3900        ini910u - ok
17:18:48.0218 3900        IntelIde - ok
17:18:48.0265 3900        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\drivers\ip6fw.sys
17:18:48.0578 3900        Ip6Fw - ok
17:18:48.0609 3900        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys
17:18:48.0906 3900        IpFilterDriver - ok
17:18:48.0953 3900        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys
17:18:49.0281 3900        IpInIp - ok
17:18:49.0312 3900        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys
17:18:49.0609 3900        IpNat - ok
17:18:49.0734 3900        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Programme\iPod\bin\iPodService.exe
17:18:49.0875 3900        iPod Service - ok
17:18:49.0937 3900        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys
17:18:50.0250 3900        IPSec - ok
17:18:50.0265 3900        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys
17:18:50.0406 3900        IRENUM - ok
17:18:50.0453 3900        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINXP\system32\DRIVERS\isapnp.sys
17:18:50.0718 3900        isapnp - ok
17:18:50.0796 3900        JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Programme\Java\jre6\bin\jqs.exe
17:18:50.0843 3900        JavaQuickStarterService - ok
17:18:50.0875 3900        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINXP\system32\DRIVERS\kbdclass.sys
17:18:51.0171 3900        Kbdclass - ok
17:18:51.0218 3900        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINXP\system32\DRIVERS\kbdhid.sys
17:18:51.0500 3900        kbdhid - ok
17:18:51.0562 3900        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys
17:18:51.0859 3900        kmixer - ok
17:18:51.0906 3900        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINXP\system32\drivers\KSecDD.sys
17:18:52.0000 3900        KSecDD - ok
17:18:52.0062 3900        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINXP\System32\srvsvc.dll
17:18:52.0125 3900        lanmanserver - ok
17:18:52.0171 3900        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINXP\System32\wkssvc.dll
17:18:52.0234 3900        lanmanworkstation - ok
17:18:52.0250 3900        lbrtfdc - ok
17:18:52.0281 3900        LgBttPort - ok
17:18:52.0312 3900        lgbusenum - ok
17:18:52.0343 3900        LGScsiCommandService (2bf9d85fe233d1d7a0174d1df5f468b2) C:\WINXP\system32\LGScsiCommandService.exe
17:18:52.0375 3900        LGScsiCommandService ( UnsignedFile.Multi.Generic ) - warning
17:18:52.0375 3900        LGScsiCommandService - detected UnsignedFile.Multi.Generic (1)
17:18:52.0390 3900        LGVMODEM - ok
17:18:52.0453 3900        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINXP\System32\lmhsvc.dll
17:18:52.0734 3900        LmHosts - ok
17:18:52.0796 3900        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINXP\System32\msgsvc.dll
17:18:53.0109 3900        Messenger - ok
17:18:53.0171 3900        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys
17:18:53.0437 3900        mnmdd - ok
17:18:53.0468 3900        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINXP\system32\mnmsrvc.exe
17:18:53.0796 3900        mnmsrvc - ok
17:18:53.0843 3900        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINXP\system32\drivers\Modem.sys
17:18:54.0109 3900        Modem - ok
17:18:54.0140 3900        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINXP\system32\DRIVERS\mouclass.sys
17:18:54.0421 3900        Mouclass - ok
17:18:54.0453 3900        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINXP\system32\DRIVERS\mouhid.sys
17:18:54.0734 3900        mouhid - ok
17:18:54.0765 3900        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys
17:18:55.0093 3900        MountMgr - ok
17:18:55.0156 3900        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:18:55.0187 3900        MozillaMaintenance - ok
17:18:55.0234 3900        MPE            (83eff7b976ae24f1a496ca94a8a19919) C:\WINXP\system32\DRIVERS\MPE.sys
17:18:55.0250 3900        MPE - ok
17:18:55.0265 3900        mraid35x - ok
17:18:55.0312 3900        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys
17:18:55.0593 3900        MRxDAV - ok
17:18:55.0671 3900        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINXP\system32\DRIVERS\mrxsmb.sys
17:18:55.0750 3900        MRxSmb - ok
17:18:55.0796 3900        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINXP\system32\msdtc.exe
17:18:56.0093 3900        MSDTC - ok
17:18:56.0156 3900        MSDV            (8575d788395c4d6378d98d1ed7cdadb9) C:\WINXP\system32\DRIVERS\msdv.sys
17:18:56.0203 3900        MSDV - ok
17:18:56.0250 3900        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys
17:18:56.0515 3900        Msfs - ok
17:18:56.0531 3900        MSIServer - ok
17:18:56.0562 3900        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys
17:18:56.0859 3900        MSKSSRV - ok
17:18:56.0890 3900        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys
17:18:57.0140 3900        MSPCLOCK - ok
17:18:57.0156 3900        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys
17:18:57.0437 3900        MSPQM - ok
17:18:57.0468 3900        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys
17:18:57.0734 3900        mssmbios - ok
17:18:57.0765 3900        MSTEE          (d5059366b361f0e1124753447af08aa2) C:\WINXP\system32\drivers\MSTEE.sys
17:18:57.0875 3900        MSTEE - ok
17:18:57.0921 3900        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINXP\system32\drivers\Mup.sys
17:18:57.0968 3900        Mup - ok
17:18:58.0000 3900        NABTSFEC        (ac31b352ce5e92704056d409834beb74) C:\WINXP\system32\DRIVERS\NABTSFEC.sys
17:18:58.0015 3900        NABTSFEC - ok
17:18:58.0093 3900        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINXP\System32\qagentrt.dll
17:18:58.0390 3900        napagent - ok
17:18:58.0453 3900        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys
17:18:58.0734 3900        NDIS - ok
17:18:58.0750 3900        NdisIP          (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINXP\system32\DRIVERS\NdisIP.sys
17:18:58.0781 3900        NdisIP - ok
17:18:58.0812 3900        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINXP\system32\DRIVERS\ndistapi.sys
17:18:58.0890 3900        NdisTapi - ok
17:18:58.0921 3900        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys
17:18:59.0203 3900        Ndisuio - ok
17:18:59.0234 3900        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys
17:18:59.0484 3900        NdisWan - ok
17:18:59.0546 3900        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINXP\system32\drivers\NDProxy.sys
17:18:59.0609 3900        NDProxy - ok
17:18:59.0656 3900        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys
17:18:59.0937 3900        NetBIOS - ok
17:18:59.0984 3900        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys
17:19:00.0265 3900        NetBT - ok
17:19:00.0312 3900        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINXP\system32\netdde.exe
17:19:00.0609 3900        NetDDE - ok
17:19:00.0625 3900        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINXP\system32\netdde.exe
17:19:00.0890 3900        NetDDEdsdm - ok
17:19:00.0921 3900        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:01.0203 3900        Netlogon - ok
17:19:01.0265 3900        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINXP\System32\netman.dll
17:19:01.0531 3900        Netman - ok
17:19:01.0640 3900        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:19:01.0671 3900        NetTcpPortSharing - ok
17:19:01.0703 3900        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINXP\system32\DRIVERS\nic1394.sys
17:19:01.0968 3900        NIC1394 - ok
17:19:02.0031 3900        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINXP\System32\mswsock.dll
17:19:02.0062 3900        Nla - ok
17:19:02.0140 3900        NMSAccess      (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
17:19:02.0156 3900        NMSAccess - ok
17:19:02.0203 3900        nmwcd          (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINXP\system32\drivers\ccdcmb.sys
17:19:02.0453 3900        nmwcd - ok
17:19:02.0500 3900        nmwcdc          (3859c69a77793180548802dac9f34a38) C:\WINXP\system32\drivers\ccdcmbo.sys
17:19:02.0640 3900        nmwcdc - ok
17:19:02.0687 3900        nmwcdnsu        (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINXP\system32\drivers\nmwcdnsu.sys
17:19:02.0828 3900        nmwcdnsu - ok
17:19:02.0859 3900        nmwcdnsuc      (d15bac979144fb69ed28f97b2dd84d48) C:\WINXP\system32\drivers\nmwcdnsuc.sys
17:19:02.0984 3900        nmwcdnsuc - ok
17:19:03.0015 3900        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys
17:19:03.0250 3900        Npfs - ok
17:19:03.0328 3900        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys
17:19:03.0656 3900        Ntfs - ok
17:19:03.0703 3900        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:03.0968 3900        NtLmSsp - ok
17:19:04.0031 3900        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINXP\system32\ntmssvc.dll
17:19:04.0359 3900        NtmsSvc - ok
17:19:04.0406 3900        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys
17:19:04.0671 3900        Null - ok
17:19:04.0703 3900        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys
17:19:04.0968 3900        NwlnkFlt - ok
17:19:04.0984 3900        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
17:19:05.0281 3900        NwlnkFwd - ok
17:19:05.0328 3900        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINXP\system32\DRIVERS\ohci1394.sys
17:19:05.0593 3900        ohci1394 - ok
17:19:05.0640 3900        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINXP\system32\DRIVERS\parport.sys
17:19:05.0937 3900        Parport - ok
17:19:05.0968 3900        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys
17:19:06.0265 3900        PartMgr - ok
17:19:06.0296 3900        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINXP\system32\drivers\ParVdm.sys
17:19:06.0546 3900        ParVdm - ok
17:19:06.0578 3900        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINXP\system32\DRIVERS\pccsmcfd.sys
17:19:06.0609 3900        pccsmcfd - ok
17:19:06.0640 3900        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINXP\system32\DRIVERS\pci.sys
17:19:06.0921 3900        PCI - ok
17:19:06.0937 3900        PCIDump - ok
17:19:06.0968 3900        PCIIde - ok
17:19:07.0000 3900        PCLEPCI        (0edd0d2d4da1b2b9ddc1a0d2c8112e19) C:\WINXP\system32\drivers\PCLEPCI.sys
17:19:07.0015 3900        PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
17:19:07.0015 3900        PCLEPCI - detected UnsignedFile.Multi.Generic (1)
17:19:07.0062 3900        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINXP\system32\drivers\Pcmcia.sys
17:19:07.0328 3900        Pcmcia - ok
17:19:07.0328 3900        PDCOMP - ok
17:19:07.0359 3900        PDFRAME - ok
17:19:07.0375 3900        PDRELI - ok
17:19:07.0406 3900        PDRFRAME - ok
17:19:07.0421 3900        perc2 - ok
17:19:07.0437 3900        perc2hib - ok
17:19:07.0515 3900        pfc            (444f122e68db44c0589227781f3c8b3f) C:\WINXP\system32\drivers\pfc.sys
17:19:07.0515 3900        pfc ( UnsignedFile.Multi.Generic ) - warning
17:19:07.0515 3900        pfc - detected UnsignedFile.Multi.Generic (1)
17:19:07.0578 3900        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINXP\system32\services.exe
17:19:07.0609 3900        PlugPlay - ok
17:19:07.0625 3900        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:07.0937 3900        PolicyAgent - ok
17:19:07.0968 3900        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys
17:19:08.0250 3900        PptpMiniport - ok
17:19:08.0250 3900        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:08.0546 3900        ProtectedStorage - ok
17:19:08.0562 3900        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys
17:19:08.0828 3900        PSched - ok
17:19:08.0859 3900        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys
17:19:09.0140 3900        Ptilink - ok
17:19:09.0156 3900        ql1080 - ok
17:19:09.0171 3900        Ql10wnt - ok
17:19:09.0203 3900        ql12160 - ok
17:19:09.0218 3900        ql1240 - ok
17:19:09.0234 3900        ql1280 - ok
17:19:09.0281 3900        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys
17:19:09.0531 3900        RasAcd - ok
17:19:09.0593 3900        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINXP\System32\rasauto.dll
17:19:09.0859 3900        RasAuto - ok
17:19:09.0906 3900        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys
17:19:10.0156 3900        Rasl2tp - ok
17:19:10.0203 3900        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINXP\System32\rasmans.dll
17:19:10.0468 3900        RasMan - ok
17:19:10.0484 3900        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys
17:19:10.0796 3900        RasPppoe - ok
17:19:10.0812 3900        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys
17:19:11.0062 3900        Raspti - ok
17:19:11.0093 3900        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys
17:19:11.0375 3900        Rdbss - ok
17:19:11.0406 3900        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys
17:19:11.0671 3900        RDPCDD - ok
17:19:11.0734 3900        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys
17:19:12.0015 3900        rdpdr - ok
17:19:12.0062 3900        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINXP\system32\drivers\RDPWD.sys
17:19:12.0125 3900        RDPWD - ok
17:19:12.0171 3900        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINXP\system32\sessmgr.exe
17:19:12.0453 3900        RDSessMgr - ok
17:19:12.0500 3900        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINXP\system32\DRIVERS\redbook.sys
17:19:12.0796 3900        redbook - ok
17:19:12.0843 3900        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINXP\System32\mprdim.dll
17:19:13.0125 3900        RemoteAccess - ok
17:19:13.0156 3900        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINXP\system32\regsvc.dll
17:19:13.0421 3900        RemoteRegistry - ok
17:19:13.0468 3900        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINXP\system32\locator.exe
17:19:13.0734 3900        RpcLocator - ok
17:19:13.0828 3900        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINXP\system32\rpcss.dll
17:19:13.0875 3900        RpcSs - ok
17:19:13.0921 3900        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINXP\system32\rsvp.exe
17:19:14.0218 3900        RSVP - ok
17:19:14.0265 3900        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:14.0531 3900        SamSs - ok
17:19:14.0531 3900        SBRE - ok
17:19:14.0578 3900        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINXP\System32\SCardSvr.exe
17:19:14.0890 3900        SCardSvr - ok
17:19:14.0937 3900        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINXP\system32\schedsvc.dll
17:19:15.0187 3900        Schedule - ok
17:19:15.0234 3900        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys
17:19:15.0343 3900        Secdrv - ok
17:19:15.0375 3900        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINXP\System32\seclogon.dll
17:19:15.0687 3900        seclogon - ok
17:19:15.0718 3900        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINXP\system32\sens.dll
17:19:15.0968 3900        SENS - ok
17:19:16.0015 3900        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINXP\system32\DRIVERS\serenum.sys
17:19:16.0281 3900        serenum - ok
17:19:16.0312 3900        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINXP\system32\DRIVERS\serial.sys
17:19:16.0593 3900        Serial - ok
17:19:16.0734 3900        ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
17:19:16.0828 3900        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:19:16.0828 3900        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:19:16.0875 3900        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys
17:19:17.0140 3900        Sfloppy - ok
17:19:17.0218 3900        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINXP\System32\ipnathlp.dll
17:19:17.0531 3900        SharedAccess - ok
17:19:17.0578 3900        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINXP\System32\shsvcs.dll
17:19:17.0609 3900        ShellHWDetection - ok
17:19:17.0625 3900        Simbad - ok
17:19:17.0671 3900        SLIP            (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINXP\system32\DRIVERS\SLIP.sys
17:19:17.0687 3900        SLIP - ok
17:19:17.0718 3900        Sparrow - ok
17:19:17.0750 3900        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys
17:19:18.0031 3900        splitter - ok
17:19:18.0078 3900        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINXP\system32\spoolsv.exe
17:19:18.0125 3900        Spooler - ok
17:19:18.0187 3900        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINXP\system32\DRIVERS\sr.sys
17:19:18.0296 3900        sr - ok
17:19:18.0359 3900        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINXP\system32\srsvc.dll
17:19:18.0484 3900        srservice - ok
17:19:18.0531 3900        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINXP\system32\DRIVERS\srv.sys
17:19:18.0625 3900        Srv - ok
17:19:18.0671 3900        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINXP\System32\ssdpsrv.dll
17:19:18.0796 3900        SSDPSRV - ok
17:19:18.0843 3900        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINXP\system32\DRIVERS\ssmdrv.sys
17:19:18.0859 3900        ssmdrv - ok
17:19:18.0906 3900        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINXP\system32\drivers\StarOpen.sys
17:19:18.0906 3900        StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:19:18.0906 3900        StarOpen - detected UnsignedFile.Multi.Generic (1)
17:19:18.0968 3900        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINXP\system32\wiaservc.dll
17:19:19.0250 3900        stisvc - ok
17:19:19.0296 3900        streamip        (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINXP\system32\DRIVERS\StreamIP.sys
17:19:19.0328 3900        streamip - ok
17:19:19.0375 3900        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys
17:19:19.0671 3900        swenum - ok
17:19:19.0718 3900        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys
17:19:19.0968 3900        swmidi - ok
17:19:19.0984 3900        SwPrv - ok
17:19:20.0015 3900        symc810 - ok
17:19:20.0046 3900        symc8xx - ok
17:19:20.0062 3900        sym_hi - ok
17:19:20.0078 3900        sym_u3 - ok
17:19:20.0125 3900        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys
17:19:20.0406 3900        sysaudio - ok
17:19:20.0453 3900        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINXP\system32\smlogsvc.exe
17:19:20.0718 3900        SysmonLog - ok
17:19:20.0796 3900        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINXP\System32\tapisrv.dll
17:19:21.0078 3900        TapiSrv - ok
17:19:21.0140 3900        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINXP\system32\DRIVERS\tcpip.sys
17:19:21.0203 3900        Tcpip - ok
17:19:21.0250 3900        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys
17:19:21.0515 3900        TDPIPE - ok
17:19:21.0562 3900        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys
17:19:21.0812 3900        TDTCP - ok
17:19:21.0843 3900        TermDD          (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys
17:19:22.0125 3900        TermDD - ok
17:19:22.0187 3900        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINXP\System32\termsrv.dll
17:19:22.0468 3900        TermService - ok
17:19:22.0531 3900        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINXP\System32\shsvcs.dll
17:19:22.0562 3900        Themes - ok
17:19:22.0609 3900        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINXP\system32\tlntsvr.exe
17:19:22.0750 3900        TlntSvr - ok
17:19:22.0875 3900        TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
17:19:22.0906 3900        TomTomHOMEService - ok
17:19:22.0921 3900        TosIde - ok
17:19:22.0953 3900        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINXP\system32\trkwks.dll
17:19:23.0218 3900        TrkWks - ok
17:19:23.0265 3900        TTHID          (f3996987080426d4e87ecd9d4fe373af) C:\WINXP\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys
17:19:23.0296 3900        TTHID - ok
17:19:23.0328 3900        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys
17:19:23.0609 3900        Udfs - ok
17:19:23.0718 3900        UDXTTM6010      (328762250ddf538cf007cf692dd6e934) C:\WINXP\system32\DRIVERS\UDXTTM6010.sys
17:19:23.0796 3900        UDXTTM6010 - ok
17:19:23.0812 3900        ultra - ok
17:19:23.0875 3900        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys
17:19:24.0187 3900        Update - ok
17:19:24.0234 3900        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINXP\System32\upnphost.dll
17:19:24.0375 3900        upnphost - ok
17:19:24.0421 3900        upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\WINXP\system32\DRIVERS\usbser_lowerflt.sys
17:19:24.0546 3900        upperdev - ok
17:19:24.0578 3900        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINXP\System32\ups.exe
17:19:24.0781 3900        UPS - ok
17:19:24.0843 3900        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\WINXP\system32\Drivers\usbaapl.sys
17:19:24.0906 3900        USBAAPL - ok
17:19:24.0921 3900        usbbus - ok
17:19:24.0968 3900        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys
17:19:25.0218 3900        usbccgp - ok
17:19:25.0234 3900        UsbDiag - ok
17:19:25.0281 3900        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys
17:19:25.0593 3900        usbehci - ok
17:19:25.0640 3900        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys
17:19:25.0906 3900        usbhub - ok
17:19:25.0921 3900        USBModem - ok
17:19:25.0984 3900        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINXP\system32\DRIVERS\usbscan.sys
17:19:26.0265 3900        usbscan - ok
17:19:26.0312 3900        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINXP\system32\drivers\usbser.sys
17:19:26.0531 3900        usbser - ok
17:19:26.0562 3900        UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\WINXP\system32\DRIVERS\usbser_lowerfltj.sys
17:19:26.0687 3900        UsbserFilt - ok
17:19:26.0703 3900        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS
17:19:26.0953 3900        USBSTOR - ok
17:19:26.0984 3900        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys
17:19:27.0250 3900        usbuhci - ok
17:19:27.0265 3900        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys
17:19:27.0515 3900        VgaSave - ok
17:19:27.0546 3900        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINXP\system32\DRIVERS\viaagp.sys
17:19:27.0812 3900        viaagp - ok
17:19:27.0843 3900        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINXP\system32\DRIVERS\viaide.sys
17:19:28.0125 3900        ViaIde - ok
17:19:28.0156 3900        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINXP\system32\drivers\VolSnap.sys
17:19:28.0421 3900        VolSnap - ok
17:19:28.0468 3900        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINXP\System32\vssvc.exe
17:19:28.0609 3900        VSS - ok
17:19:28.0656 3900        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINXP\system32\w32time.dll
17:19:28.0906 3900        W32Time - ok
17:19:28.0953 3900        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys
17:19:29.0187 3900        Wanarp - ok
17:19:29.0281 3900        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINXP\system32\Drivers\wdf01000.sys
17:19:29.0343 3900        Wdf01000 - ok
17:19:29.0359 3900        WDICA - ok
17:19:29.0406 3900        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys
17:19:29.0671 3900        wdmaud - ok
17:19:29.0718 3900        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINXP\System32\webclnt.dll
17:19:30.0000 3900        WebClient - ok
17:19:30.0093 3900        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINXP\system32\wbem\WMIsvc.dll
17:19:30.0375 3900        winmgmt - ok
17:19:30.0437 3900        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINXP\system32\mspmsnsv.dll
17:19:30.0484 3900        WmdmPmSN - ok
17:19:30.0578 3900        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINXP\System32\advapi32.dll
17:19:30.0671 3900        Wmi - ok
17:19:30.0734 3900        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINXP\system32\wbem\wmiapsrv.exe
17:19:31.0000 3900        WmiApSrv - ok
17:19:31.0171 3900        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
17:19:31.0281 3900        WMPNetworkSvc - ok
17:19:31.0328 3900        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINXP\system32\DRIVERS\wpdusb.sys
17:19:31.0359 3900        WpdUsb - ok
17:19:31.0406 3900        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINXP\system32\wscsvc.dll
17:19:31.0671 3900        wscsvc - ok
17:19:31.0703 3900        WSTCODEC        (233cdd1c06942115802eb7ce6669e099) C:\WINXP\system32\DRIVERS\WSTCODEC.SYS
17:19:31.0734 3900        WSTCODEC - ok
17:19:31.0781 3900        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINXP\system32\wuauserv.dll
17:19:32.0078 3900        wuauserv - ok
17:19:32.0109 3900        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys
17:19:32.0156 3900        WudfPf - ok
17:19:32.0203 3900        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys
17:19:32.0234 3900        WudfRd - ok
17:19:32.0265 3900        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINXP\System32\WUDFSvc.dll
17:19:32.0296 3900        WudfSvc - ok
17:19:32.0375 3900        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINXP\System32\wzcsvc.dll
17:19:32.0656 3900        WZCSVC - ok
17:19:32.0703 3900        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINXP\System32\xmlprov.dll
17:19:32.0953 3900        xmlprov - ok
17:19:33.0000 3900        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:19:33.0781 3900        \Device\Harddisk0\DR0 - ok
17:19:33.0781 3900        Boot (0x1200)  (fff7d1580dd8b0ca065154d0e6c8f214) \Device\Harddisk0\DR0\Partition0
17:19:33.0796 3900        \Device\Harddisk0\DR0\Partition0 - ok
17:19:33.0812 3900        Boot (0x1200)  (c01e695939d0539bcb9d9d5126af65ed) \Device\Harddisk0\DR0\Partition1
17:19:33.0812 3900        \Device\Harddisk0\DR0\Partition1 - ok
17:19:33.0812 3900        ============================================================
17:19:33.0812 3900        Scan finished
17:19:33.0812 3900        ============================================================
17:19:33.0968 3892        Detected object count: 8
17:19:33.0968 3892        Actual detected object count: 8
17:22:17.0296 3892        ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0296 3892        ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0296 3892        ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0296 3892        ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0312 3892        ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0312 3892        ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0312 3892        LGScsiCommandService ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0312 3892        LGScsiCommandService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0328 3892        PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0328 3892        PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0328 3892        pfc ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0328 3892        pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0343 3892        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0343 3892        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0343 3892        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0343 3892        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 20.06.2012 22:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gutschein007 21.06.2012 17:02
Hallo Cosinus,
ich weiß zwar nicht genau, was Du da mit meinem PC machst, aber deine Geduld (mit mir als PC-Laie) und dein investiertes Engagement, RESPEKT !

Combofix Logfile:
Code:
ComboFix 12-06-21.01 - we 21.06.2012  8:06.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.659 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\we\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\we\4.0
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\we\WINDOWS
c:\programme\Internet Explorer\SET458.tmp
c:\winxp\IsUn0407.exe
c:\winxp\system32\_000006_.tmp.dll
c:\winxp\system32\_000007_.tmp.dll
c:\winxp\system32\_000008_.tmp.dll
c:\winxp\system32\_000009_.tmp.dll
c:\winxp\system32\_000010_.tmp.dll
c:\winxp\system32\_000011_.tmp.dll
c:\winxp\system32\_000019_.tmp.dll
c:\winxp\system32\_000020_.tmp.dll
c:\winxp\system32\_000021_.tmp.dll
c:\winxp\system32\_000022_.tmp.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-19 19:26 . 2012-06-19 19:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\GFI Software
2012-06-18 14:54 . 2012-06-18 14:54        --------        d-----w-        C:\_OTL
2012-06-11 05:35 . 2012-06-11 05:35        --------        d-----w-        c:\programme\7-Zip
2012-06-10 18:25 . 2012-06-10 18:25        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Eigene Dateien
2012-06-06 19:37 . 2012-06-06 19:37        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
2012-06-05 16:44 . 2012-06-05 16:44        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
2012-06-05 13:46 . 2012-06-05 13:46        --------        d-----w-        c:\dokumente und einstellungen\we\Lokale Einstellungen\Anwendungsdaten\adaware
2012-06-05 13:45 . 2012-06-05 13:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
2012-06-05 13:42 . 2012-06-19 19:26        --------        d-----w-        c:\programme\Ad-Aware Antivirus
2012-06-05 13:32 . 2011-04-30 08:50        766464        ------w-        c:\winxp\system32\dllcache\vgx.dll
2012-06-05 13:30 . 2012-06-13 16:20        --------        d-----w-        c:\dokumente und einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 00:06 . 2012-04-09 15:23        426184        ----a-w-        c:\winxp\system32\FlashPlayerApp.exe
2012-06-15 00:06 . 2011-10-09 20:08        70344        ----a-w-        c:\winxp\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2004-08-03 22:57        604160        ----a-w-        c:\winxp\system32\crypt32.dll
2012-05-15 15:35 . 2007-10-09 18:05        841216        ----a-w-        c:\winxp\system32\wininet.dll
2012-05-15 13:56 . 2007-10-09 18:06        1863296        ----a-w-        c:\winxp\system32\win32k.sys
2012-05-05 03:14 . 2007-10-09 18:06        2194944        ----a-w-        c:\winxp\system32\ntoskrnl.exe
2012-05-05 03:14 . 2007-02-28 08:06        2071424        ----a-w-        c:\winxp\system32\ntkrnlpa.exe
2012-05-03 18:49 . 2011-10-16 10:07        83392        ----a-w-        c:\winxp\system32\drivers\avgntflt.sys
2012-05-03 18:49 . 2011-10-16 10:07        137928        ----a-w-        c:\winxp\system32\drivers\avipbb.sys
2012-05-02 13:46 . 2010-07-20 09:13        139656        ----a-w-        c:\winxp\system32\drivers\rdpwd.sys
2012-04-26 07:02 . 2012-04-26 07:02        89166136        ----a-w-        C:\LGPCSuiteIV_Setup.exe
2012-04-23 14:38 . 2007-10-09 18:04        1830912        ----a-w-        c:\winxp\system32\inetcpl.cpl
2012-04-23 14:38 . 2007-10-09 16:19        78336        ----a-w-        c:\winxp\system32\ieencode.dll
2012-04-23 14:38 . 2007-10-09 16:19        17408        ------w-        c:\winxp\system32\corpol.dll
2012-06-14 23:18 . 2012-06-14 23:18        85472        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-03 348624]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Ad-Aware Browsing Protection"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2012-04-23 124928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41        37296        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 00:25        497648        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41        45056        ----a-w-        c:\programme\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:52        15360        ----a-w-        c:\winxp\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09        421736        ----a-w-        c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49        14940040        ----a-r-        c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42        577536        ------r-        c:\winxp\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21        247728        ----a-w-        c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\ChannelEditor\\CinergyDvrChannelEditor.exe"=
"c:\\WINXP\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINXP\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
.
R1 avkmgr;avkmgr;c:\winxp\system32\drivers\avkmgr.sys [16.10.2011 12:07 36000]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06.09.2010 03:19 169408]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.10.2011 12:07 86224]
R2 LGScsiCommandService;LG SCSI command service;c:\winxp\system32\LGScsiCommandService.exe [26.04.2012 08:58 47616]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 TTHID;Cinergy Hybrid-Stick HID service;c:\winxp\system32\drivers\Cinergy_Hybrid-Stick_HID.sys [22.11.2010 15:57 21752]
R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\winxp\system32\drivers\UDXTTM6010.sys [22.11.2010 15:57 762232]
S1 SBRE;SBRE;\??\c:\winxp\system32\drivers\SBREdrv.sys --> c:\winxp\system32\drivers\SBREdrv.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\winxp\system32\drivers\ASPI32.SYS [20.02.2012 13:06 16512]
S3 LgBttPort;LGE Bluetooth TransPort;c:\winxp\system32\DRIVERS\lgbtport.sys --> c:\winxp\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\winxp\system32\DRIVERS\lgbtbus.sys --> c:\winxp\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\winxp\system32\DRIVERS\lgvmodem.sys --> c:\winxp\system32\DRIVERS\lgvmodem.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 23:00 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\winxp\system32\drivers\nmwcdnsu.sys [20.07.2010 14:19 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\winxp\system32\drivers\nmwcdnsuc.sys [20.07.2010 14:19 8320]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: maris.com\www.redshift
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.web.de
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-NokiaOviSuite2 - c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\QTTask.exe
MSConfigStartUp-SearchSettings - c:\programme\pdfforge Toolbar\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-21 17:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\winxp\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4004)
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.dll
c:\winxp\system32\wpdshserviceobj.dll
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\winxp\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\winxp\system32\wbem\wmiapsrv.exe
c:\winxp\system32\Ati2evxx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  17:27:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-21 15:27
.
Vor Suchlauf: 14 Verzeichnis(se), 18.446.962.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 18.334.175.232 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AF7EFABF980B3341CCB9E26C2CAD0D53
[/CODE]
--- --- ---

cosinus 21.06.2012 19:21
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gutschein007 22.06.2012 16:34
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 06:15:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-17 WDC_WD1600AAJB-00J3A0 rev.01.03E01
Running: rxy0hg9f.exe; Driver: C:\DOKUME~1\we\LOKALE~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT  F7E4206C                                                                                    ZwClose
SSDT  F7E42026                                                                                    ZwCreateKey
SSDT  F7E42076                                                                                    ZwCreateSection
SSDT  F7E4201C                                                                                    ZwCreateThread
SSDT  F7E4202B                                                                                    ZwDeleteKey
SSDT  F7E42035                                                                                    ZwDeleteValueKey
SSDT  F7E42067                                                                                    ZwDuplicateObject
SSDT  F7E4203A                                                                                    ZwLoadKey
SSDT  F7E42008                                                                                    ZwOpenProcess
SSDT  F7E4200D                                                                                    ZwOpenThread
SSDT  F7E4208F                                                                                    ZwQueryValueKey
SSDT  F7E42044                                                                                    ZwReplaceKey
SSDT  F7E42080                                                                                    ZwRequestWaitReplyPort
SSDT  F7E4203F                                                                                    ZwRestoreKey
SSDT  F7E4207B                                                                                    ZwSetContextThread
SSDT  F7E42085                                                                                    ZwSetSecurityObject
SSDT  F7E42030                                                                                    ZwSetValueKey
SSDT  F7E4208A                                                                                    ZwSystemDebugControl
SSDT  F7E42017                                                                                    ZwTerminateProcess

---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress]          [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT  C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]  [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager vError get version
hxxp://www.online-solutions.ru/en/
Saved at 16:37:25 on 22.06.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.21312

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINXP\system32\sdnclean.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINXP\system32\alsndmgr.cpl  (File found, but it contains no detailed information)
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINXP\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINXP\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINXP\system32\javacpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINXP\System32\DRIVERS\ASPI32.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINXP\system32\drivers\Changer.sys  (File not found)
"Cinergy Hybrid-Stick BDA service" (UDXTTM6010) - ? - C:\WINXP\System32\DRIVERS\UDXTTM6010.sys
"Cinergy Hybrid-Stick HID service" (TTHID) - "DTV-DVB" - C:\WINXP\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys
"i2omgmt" (i2omgmt) - ? - C:\WINXP\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINXP\system32\drivers\lbrtfdc.sys  (File not found)
"LG Bluetooth Bus Enumerator" (lgbusenum) - ? - C:\WINXP\System32\DRIVERS\lgbtbus.sys  (File not found)
"LGE Bluetooth TransPort" (LgBttPort) - ? - C:\WINXP\System32\DRIVERS\lgbtport.sys  (File not found)
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\WINXP\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\WINXP\System32\DRIVERS\lgusbmodem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\WINXP\System32\DRIVERS\lgusbdiag.sys  (File not found)
"LGE Virtual Modem" (LGVMODEM) - ? - C:\WINXP\System32\DRIVERS\lgvmodem.sys  (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINXP\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINXP\system32\drivers\PCIDump.sys  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINXP\system32\drivers\PCLEPCI.sys
"PDCOMP" (PDCOMP) - ? - C:\WINXP\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINXP\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINXP\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINXP\system32\drivers\PDRFRAME.sys  (File not found)
"SBRE" (SBRE) - ? - C:\WINXP\system32\drivers\SBREdrv.sys  (File not found)
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINXP\System32\drivers\ALCXWDM.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINXP\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINXP\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\we\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Ad-Aware Browsing Protection" - "Lavasoft" - "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINXP\system32\avmprmon.dll
"PDFCreator" - ? - C:\WINXP\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINXP\system32\ati2sgag.exe
"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"getPlus(R) Helper" (getPlusHelper) - ? - C:\Programme\NOS\bin\getPlus_Helper.dll  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LG SCSI command service" (LGScsiCommandService) - ? - C:\WINXP\system32\LGScsiCommandService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINXP\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-22 16:41:31
-----------------------------
16:41:31.446    OS Version: Windows 5.1.2600 Service Pack 3
16:41:31.446    Number of processors: 1 586 0x602
16:41:31.446    ComputerName: WE  UserName: we
16:41:31.837    Initialize success
16:42:19.915    AVAST engine defs: 12062200
16:42:22.759    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-17
16:42:22.759    Disk 0 Vendor: WDC_WD1600AAJB-00J3A0 01.03E01 Size: 152627MB BusType: 3
16:42:22.774    Disk 0 MBR read successfully
16:42:22.774    Disk 0 MBR scan
16:42:22.805    Disk 0 Windows XP default MBR code
16:42:22.821    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        82897 MB offset 63
16:42:22.821    Disk 0 Partition - 00    0F Extended LBA            69727 MB offset 169774920
16:42:22.837    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        69727 MB offset 169774983
16:42:22.837    Disk 0 scanning sectors +312576705
16:42:22.930    Disk 0 scanning C:\WINXP\system32\drivers
16:42:39.774    Service scanning
16:42:58.243    Modules scanning
16:43:03.509    Disk 0 trace - called modules:
16:43:04.024    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
16:43:04.024    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86778ab8]
16:43:04.024    3 CLASSPNP.SYS[f786ffd7] -> nt!IofCallDriver -> \Device\0000005a[0x8677e9e8]
16:43:04.040    5 ACPI.sys[f77e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-17[0x8677cd98]
16:43:04.352    AVAST engine scan C:\WINXP
16:43:09.821    AVAST engine scan C:\WINXP\system32
16:47:09.571    AVAST engine scan C:\WINXP\system32\drivers
16:47:35.774    AVAST engine scan C:\Dokumente und Einstellungen\we
17:08:15.149    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:16:32.399    Scan finished successfully
17:30:55.759    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\we\Desktop\MBR.dat"
17:30:55.759    The log file has been saved successfully to "C:\Dokumente und Einstellungen\we\Desktop\aswMBR.txt"

cosinus 24.06.2012 15:27
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gutschein007 24.06.2012 23:06
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/24/2012 at 11:29 PM

Application Version : 5.1.1002

Core Rules Database Version : 8788
Trace Rules Database Version: 6600

Scan type      : Complete Scan
Total Scan Time : 01:57:51

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 482
Memory threats detected  : 0
Registry items scanned    : 33875
Registry threats detected : 1
File items scanned        : 87839
File threats detected    : 0

System.BrokenFileAssociation
        HKCR\.exe
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.24.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
we :: WE [Administrator]

Schutz: Deaktiviert

25.06.2012 00:08:34
mbam-log-2012-06-25 (00-08-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 296145
Laufzeit: 45 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:51 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131