Trojaner-Board - html/crypted.gen, avira schafft es nicht

Hallo zusammen,

ich bin neu hier und hoffe, dass ich jetzt alles richtig mache, habe auf jeden Fall die Anleitung gelesen :-)

Ich habe seit einigen Tagen das Problem mit dem Virus html/crypted.gen. Es werden immer verschiedene IE-Fenster geöffnet. Antivir erkennt den Virus zwar und ich drücke auf entfernen, doch das Problem taucht immer wieder auf.
Ich hoffe, dass mir jemand helfen kann! Ich würde mich sehr freuen!

Anbei sind die Logfiles und so weiter:

Malwarebytes:

Code:

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Datenbank Version: 4016

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

 

21.04.2010 17:13:42

mbam-log-2010-04-21 (17-13-42).txt

 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 107218

Laufzeit: 7 Minute(n), 7 Sekunde(n)

 

Infizierte Speicherprozesse: 1

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 3

 

Infizierte Speicherprozesse:

C:\Windows\bill107.exe (Worm.Koobface) -> Unloaded process successfully.

 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateien:

C:\Windows\bill107.exe (Worm.Koobface) -> Quarantined and deleted successfully.

C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

RSIT Info:

Code:

 

info.txt logfile of random's system information tool 1.06 2010-04-21 17:23:49

 

======Uninstall list======

 

32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}

Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}

Ad-Aware-->"C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}

Advanced Security for Outlook-->MsiExec.exe /I{7B4174E8-FE92-4269-808A-3B8D116D9538}

Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

CadiaFakturaFreeware-->MsiExec.exe /I{892772D7-1A4D-45A8-86E3-1D6CE9543659}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}

Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}

Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}

Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}

DAF Desk-->msiexec /qb /x {921601C8-3D48-9540-AFE5-557D728EC4C8}

DAF Desk-->MsiExec.exe /I{921601C8-3D48-9540-AFE5-557D728EC4C8}

Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}

Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}

Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}

Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}

Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}

Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE

Dell Video Chat-->C:\Program Files\Dell Video Chat\uninst.exe

Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"

Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}

Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat

easySales CRM-->MsiExec.exe /X{C9768400-8FAC-4C3C-B4D2-419CD8FA249B}

ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly

ElsterFormular-->C:\Program Files\ElsterFormular\uninstall.exe

Firebird 2.0.1-->"C:\Program Files\Firebird\Firebird_2_0\unins000.exe"

funkwerk Eumex 401 WIN-Tools V1.00-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8} /l1031 

Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1059\Installer\setup.exe" --uninstall --system-level

Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Document Manager 2.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat

HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Officejet 6500 E709 Series-->C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzscr01.exe -datfile hpwscr23.dat -forcereboot

HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}

IMAPSize 0.3.6-->"C:\Program Files\IMAPSize\unins000.exe"

Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall

Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall

Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 (BITROCKMSSQL)-->MsiExec.exe /I{B0F9497C-52B4-4686-8E73-74D866BBDF59}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{58D379F7-62BC-4748-8237-FE071ECE797C}

Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}

Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}

Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}

Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}

minicontrol 2.3.3-->C:\Program Files\minicontrol\uninstall.exe

Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (3.0)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nokia Connectivity Cable Driver-->MsiExec.exe /I{C50EF365-2898-489A-B6C7-30DAA466E9A2}

Nokia Ovi Suite Software Updater-->MsiExec.exe /X{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}

Nokia Ovi Suite-->C:\ProgramData\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe

Nokia Ovi Suite-->MsiExec.exe /X{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}

Nokia PC Suite-->C:\ProgramData\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ger.exe

Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}

Nokia Software Updater-->MsiExec.exe /X{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}

OCR Software by I.R.I.S. 12.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}

Ovi Desktop Sync Engine-->MsiExec.exe /X{F1C3541D-5B93-4131-B440-692FBA3DD250}

OviMPlatform-->MsiExec.exe /I{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}

PC Connectivity Solution-->MsiExec.exe /I{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}

PowerDVD DX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x7 -cluninstall

QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}

Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Skype™ 4.1-->MsiExec.exe /I{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}

StarMoney Business 4.0 Deutsche Bank Edition-->"C:\Program Files\InstallShield Installation Information\{17E74F5C-4943-41F9-B931-C5C82734B7C0}\setup.exe" -runfromtemp -l0x0007 -removeonly

Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Anmelde-Assistent-->MsiExec.exe /I{B5BCBD49-202F-4238-8398-D83D423A48B4}

Windows Live Call-->MsiExec.exe /I{835686C5-8650-49EB-8CA0-4528B4035495}

Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{DF5F687F-8018-4542-9F98-7084E9022917}

Windows Live Fotogalerie-->MsiExec.exe /X{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}

Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}

Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}

Windows Live Sync-->MsiExec.exe /X{8C1E2925-14F8-45AA-B999-1E2A74BF5607}

Windows Live Toolbar-->MsiExec.exe /X{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}

Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_3a2e1afb\nokbtmdm.inf

Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_d5bc047a\nokia_bluetooth.inf

Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf

 

======Security center information======

 

AS: Lavasoft Ad-Watch Live! (disabled)

AS: Windows Defender

 

======System event log======

 

Computer Name: ***

Event Code: 42

Message: Das System wechselt in den Ruhezustand.

Record Number: 33380

Source Name: Microsoft-Windows-Kernel-Power

Time Written: 20090903094442.250000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM

 

Computer Name: ***

Event Code: 7036

Message: Dienst "Windows-Bilderfassung" befindet sich jetzt im Status "Angehalten".

Record Number: 33379

Source Name: Service Control Manager

Time Written: 20090903094431.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***

Event Code: 7036

Message: Dienst "Net Driver HPZ12" befindet sich jetzt im Status "Beendet".

Record Number: 33378

Source Name: Service Control Manager

Time Written: 20090903094430.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***

Event Code: 7036

Message: Dienst "Pml Driver HPZ12" befindet sich jetzt im Status "Beendet".

Record Number: 33377

Source Name: Service Control Manager

Time Written: 20090903094430.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***

Event Code: 7036

Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 33376

Source Name: Service Control Manager

Time Written: 20090903093158.000000-000

Event Type: Informationen

User: 

 

=====Application event log=====

 

Computer Name: ***

Event Code: 10

Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Record Number: 750

Source Name: Microsoft-Windows-WMI

Time Written: 20090604154601.000000-000

Event Type: Fehler

User: 

 

Computer Name: ***

Event Code: 1

Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.

Record Number: 749

Source Name: Microsoft-Windows-CertificateServicesClient

Time Written: 20090604154544.423035-000

Event Type: Informationen

User: ***\***

 

Computer Name: ***

Event Code: 6000

Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.

Record Number: 748

Source Name: Microsoft-Windows-Winlogon

Time Written: 20090604154542.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***

Event Code: 4101

Message: Die Windows-Lizenz wurde überprüft.

Record Number: 747

Source Name: Microsoft-Windows-Winlogon

Time Written: 20090604154542.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***

Event Code: 7500

Message: Intel RAID-Controller: Unbekannter Controller

Anzahl der Serial ATA-Anschlüsse: 4

 

RAID Option ROM - Version: Unbekannt

Treiberversion: 8.2.0.1001

RAID-Plug-In - Version: 8.2.0.1001

Sprachressourcenversion des RAID-Plug-In: Datei nicht gefunden

Assistent zum Erstellen eines Volumes - Version: 8.2.0.1001

Sprachressourcenversion für Assistenten zum Erstellen eines Volumes: Datei nicht gefunden

Assistent zum Erstellen eines Volumes von einer vorhandenen Festplatte - Version: 8.2.0.1001

Sprachressourcenversion des Assistenten zum Erstellen eines Volumes von einer vorhandener Festplatte: Datei nicht gefunden

Assistent zum Bearbeiten des Volumes - Version: 8.2.0.1001

Sprachressourcenversion des Assistenten zum Bearbeiten des Volumes: Datei nicht gefunden

Assistent zum Löschen eines Volumes - Version: 8.2.0.1001

Sprachressourcenversion des Assistenten zum Löschen eines Volumes: Datei nicht gefunden

ISDI Bibliothek Version: 8.2.0.1001

Version 8.2.0.1001 des Benutzerbenachrichtigungstools des Event Monitor

Sprachressourcenversion des Benutzerbenachrichtigungstools des Event Monitor: Datei nicht gefunden

Event Monitor - Version: 8.2.0.1001

 

Festplatte 0

Verwendung: Unbekannte Festplattenverwendung

Status: Normal

Geräteanschluss: 0

Geräteanschlussposition: Intern

Aktueller Serial ATA-Übertragungsmodus: Generation 2

Modell: WDC WD2500BEVT-75ZCT2

Seriennummer: WD-WXH509946912

Firmware: 11.01A11

Native Command Queuing-Unterstützung: Ja

Systemfestplatte: Ja

Gesamtgröße: 232.8 GB

Physische Sektorgröße: 512 Byte

Logische Sektorgröße: 512 Byte

 

Unbelegter Anschluss 0

Geräteanschluss: 4

Geräteanschlussposition: Intern

 

Unbelegter Anschluss 1

Geräteanschluss: 5

Geräteanschlussposition: Intern

 

CD/DVD-Laufwerk 0

Geräteanschluss: 1

Geräteanschlussposition: Intern

Aktueller Serial ATA-Übertragungsmodus: Generation 1

Modell: TSSTcorp DVD+/-RW TS-L633B

Seriennummer: Daten nicht ausgegeben

Firmware: D400

 

Record Number: 746

Source Name: IAANTmon

Time Written: 20090604154537.000000-000

Event Type: Informationen

User: 

 

=====Security event log=====

 

Computer Name: ***

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

 

Antragsteller:

    Sicherheits-ID:        S-1-5-18

    Kontoname:        DBTOA000$

    Kontodomäne:        WORKGROUP

    Anmelde-ID:        0x3e7

    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

 

Konto, dessen Anmeldeinformationen verwendet wurden:

    Kontoname:        SYSTEM

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

 

Zielserver:

    Zielservername:    localhost

    Weitere Informationen:    localhost

 

Prozessinformationen:

    Prozess-ID:        0x250

    Prozessname:        C:\Windows\System32\services.exe

 

Netzwerkinformationen:

    Netzwerkadresse:    -

    Port:            -

 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 483

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090604075828.763988-000

Event Type: Überwachung erfolgreich

User: 

 

Computer Name: ***

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

 

Antragsteller:

    Sicherheits-ID:        S-1-5-18

    Kontoname:        SYSTEM

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-ID:        0x3e7

 

Berechtigungen:        SeAssignPrimaryTokenPrivilege

            SeTcbPrivilege

            SeSecurityPrivilege

            SeTakeOwnershipPrivilege

            SeLoadDriverPrivilege

            SeBackupPrivilege

            SeRestorePrivilege

            SeDebugPrivilege

            SeAuditPrivilege

            SeSystemEnvironmentPrivilege

            SeImpersonatePrivilege

Record Number: 482

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090604075817.173188-000

Event Type: Überwachung erfolgreich

User: 

 

Computer Name: ***

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.

 

Antragsteller:

    Sicherheits-ID:        S-1-5-18

    Kontoname:        DBTOA000$

    Kontodomäne:        WORKGROUP

    Anmelde-ID:        0x3e7

 

Anmeldetyp:            5

 

Neue Anmeldung:

    Sicherheits-ID:        S-1-5-18

    Kontoname:        SYSTEM

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-ID:        0x3e7

    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

 

Prozessinformationen:

    Prozess-ID:        0x250

    Prozessname:        C:\Windows\System32\services.exe

 

Netzwerkinformationen:

    Arbeitsstationsname:    

    Quellnetzwerkadresse:    -

    Quellport:        -

 

Detaillierte Authentifizierungsinformationen:

    Anmeldeprozess:        Advapi 

    Authentifizierungspaket:    Negotiate

    Übertragene Dienste:    -

    Paketname (nur NTLM):    -

    Schlüssellänge:        0

 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

     - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

    - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

    - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

    - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 481

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090604075817.173188-000

Event Type: Überwachung erfolgreich

User: 

 

Computer Name: ***

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

 

Antragsteller:

    Sicherheits-ID:        S-1-5-18

    Kontoname:        DBTOA000$

    Kontodomäne:        WORKGROUP

    Anmelde-ID:        0x3e7

    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

 

Konto, dessen Anmeldeinformationen verwendet wurden:

    Kontoname:        SYSTEM

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

 

Zielserver:

    Zielservername:    localhost

    Weitere Informationen:    localhost

 

Prozessinformationen:

    Prozess-ID:        0x250

    Prozessname:        C:\Windows\System32\services.exe

 

Netzwerkinformationen:

    Netzwerkadresse:    -

    Port:            -

 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 480

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090604075817.173188-000

Event Type: Überwachung erfolgreich

User: 

 

Computer Name: ***

Event Code: 1102

Message: Das Überwachungsprotokoll wurde gelöscht.

Subjekt:

    Sicherheits- ID:    S-1-5-21-1791723861-2511245918-1985112141-1000

    Kontoname:    ***

    Domänenname:    ***

    Logon-ID:    0xec817

Record Number: 479

Source Name: Microsoft-Windows-Eventlog

Time Written: 20090604075010.525188-000

Event Type: Überwachung erfolgreich

User: 

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\PC Connectivity Solution\;C:\Program Files\Business Objects\Common\3.5\bin\NOTES\;C:\Program Files\Business Objects\Common\3.5\bin\NOTES\DATA\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;C:\Program Files\sugarcrm-5.5.1RC\mssql\shared\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

RSIT log:

Code:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by *** at 2010-04-21 17:23:06

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 159 GB (71%) free of 223 GB

Total RAM: 2010 MB (38% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:23:45, on 21.04.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Users\***\Desktop\RSIT.exe

C:\Program Files\trend micro\***.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [StarMoneyRunEntry] "C:\Program Files\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix: 

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: StarMoney Business 4.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Program Files\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: vtigercrmApache510 - Apache Software Foundation - C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe

O23 - Service: vtigercrmMysql510 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

--

End of file - 10612 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{5A3BFD7D-8999-430D-9F90-5D1F563961B5}.job

C:\Windows\tasks\vtigerCRM Email Reminder.job

C:\Windows\tasks\vtigerCRM Notification Scheduler.job

C:\Windows\tasks\vtigerCRM Recurring Invoice.job

C:\Windows\tasks\vtigerCRM WorkFlow.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-09 1067352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-09 1067352]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-04-01 217088]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-04-01 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-04-01 173592]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-04-01 150552]

"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-12-22 3810304]

"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2009-01-09 1735760]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-08 178712]

"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-11-13 1807600]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-01-30 206064]

"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-04-11 818256]

""= []

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-04-01 483428]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

"StarMoneyRunEntry"=C:\Program Files\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe [2010-04-08 57864]

"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-05 128232]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-29 1086856]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

""= []

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25626408]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

 

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-05-27 10536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-04-01 210432]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{975d56d3-c9b1-11de-8c20-0023ae3ad389}]

shell\AutoRun\command - D:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1577e3f-4a9a-11de-843b-806e6f6e6963}]

shell\AutoRun\command - F:\SETUP.EXE /AUTORUN

shell\configure\command - F:\SETUP.EXE

shell\install\command - F:\SETUP.EXE

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-04-21 17:23:07 ----D---- C:\Program Files\trend micro

2010-04-21 17:23:06 ----D---- C:\rsit

2010-04-21 17:04:40 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes

2010-04-21 17:04:28 ----D---- C:\ProgramData\Malwarebytes

2010-04-21 17:04:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-04-19 20:50:12 ----D---- C:\Users\***\AppData\Roaming\HPAppData

2010-04-14 12:15:46 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-04-14 12:15:46 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-04-14 12:15:38 ----A---- C:\Windows\system32\vbscript.dll

2010-04-14 12:15:34 ----A---- C:\Windows\system32\iphlpsvc.dll

2010-04-14 12:14:58 ----A---- C:\Windows\system32\wintrust.dll

2010-04-14 12:14:44 ----A---- C:\Windows\system32\cabview.dll

2010-04-13 09:33:42 ----D---- C:\ProgramData\Apple Computer

2010-04-09 12:32:15 ----A---- C:\Windows\system32\mshtml.dll

2010-04-09 12:32:14 ----A---- C:\Windows\system32\ieframe.dll

2010-04-09 12:32:13 ----A---- C:\Windows\system32\wininet.dll

2010-04-09 12:32:13 ----A---- C:\Windows\system32\urlmon.dll

2010-04-09 12:32:13 ----A---- C:\Windows\system32\occache.dll

2010-04-09 12:32:13 ----A---- C:\Windows\system32\msfeeds.dll

2010-04-09 12:32:13 ----A---- C:\Windows\system32\iertutil.dll

2010-04-09 12:32:12 ----A---- C:\Windows\system32\mstime.dll

2010-04-09 12:32:12 ----A---- C:\Windows\system32\iedkcs32.dll

2010-04-09 12:32:11 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-04-09 12:32:11 ----A---- C:\Windows\system32\jsproxy.dll

2010-04-09 12:32:11 ----A---- C:\Windows\system32\ieUnatt.exe

2010-04-09 12:32:11 ----A---- C:\Windows\system32\ieui.dll

2010-04-09 12:32:11 ----A---- C:\Windows\system32\iesysprep.dll

2010-04-09 12:32:11 ----A---- C:\Windows\system32\iepeers.dll

2010-04-09 12:32:11 ----A---- C:\Windows\system32\ie4uinit.exe

2010-04-09 12:32:10 ----A---- C:\Windows\system32\msfeedssync.exe

2010-04-09 12:32:10 ----A---- C:\Windows\system32\iesetup.dll

2010-04-09 12:32:10 ----A---- C:\Windows\system32\iernonce.dll

2010-04-09 12:17:30 ----A---- C:\Windows\system32\javaws.exe

2010-04-09 12:17:30 ----A---- C:\Windows\system32\javaw.exe

2010-04-09 12:17:30 ----A---- C:\Windows\system32\java.exe

2010-04-09 11:01:59 ----D---- C:\Program Files\QuickTime(251)

2010-04-09 11:00:59 ----D---- C:\Users\***\AppData\Roaming\Avira

2010-04-01 21:39:11 ----D---- C:\Users\***\AppData\Roaming\dvdcss

2010-04-01 07:46:00 ----D---- C:\ProgramData\Sun

2010-04-01 07:45:57 ----D---- C:\Program Files\Common Files\Java

2010-03-24 13:03:49 ----D---- C:\Users\***\AppData\Roaming\elsterformular

2010-03-24 13:02:58 ----D---- C:\ProgramData\elsterformular

 

======List of files/folders modified in the last 1 months======

 

2010-04-21 17:23:18 ----D---- C:\Windows\Prefetch

2010-04-21 17:23:09 ----D---- C:\Windows\Temp

2010-04-21 17:23:07 ----RD---- C:\Program Files

2010-04-21 17:20:40 ----D---- C:\Users\***\AppData\Roaming\Skype

2010-04-21 17:20:18 ----D---- C:\Windows\system32\Tasks

2010-04-21 17:13:42 ----D---- C:\Windows

2010-04-21 17:10:19 ----SHD---- C:\System Volume Information

2010-04-21 17:04:32 ----D---- C:\Windows\system32\drivers

2010-04-21 17:04:28 ----HD---- C:\ProgramData

2010-04-21 16:34:14 ----D---- C:\Windows\System32

2010-04-21 16:34:14 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-04-21 08:35:08 ----D---- C:\Windows\Debug

2010-04-21 08:23:03 ----D---- C:\Program Files\CCleaner

2010-04-20 18:20:09 ----D---- C:\Windows\Tasks

2010-04-16 13:17:31 ----SHD---- C:\Windows\Installer

2010-04-16 13:16:09 ----D---- C:\Program Files\Google

2010-04-16 07:42:46 ----D---- C:\Program Files\StarMoney Business 4.0 Deutsche Bank Edition

2010-04-14 19:57:37 ----D---- C:\Windows\winsxs

2010-04-14 19:46:41 ----D---- C:\Windows\system32\catroot

2010-04-14 19:46:40 ----D---- C:\Windows\system32\catroot2

2010-04-14 19:14:46 ----D---- C:\Program Files\Windows Mail

2010-04-13 09:34:05 ----D---- C:\Program Files\QuickTime

2010-04-11 09:50:04 ----D---- C:\Program Files\Mozilla Firefox

2010-04-11 09:45:35 ----D---- C:\Windows\system32\migration

2010-04-11 09:45:35 ----D---- C:\Program Files\Internet Explorer

2010-04-10 21:42:44 ----D---- C:\Users\***\AppData\Roaming\vlc

2010-04-09 14:03:59 ----A---- C:\Windows\win.ini

2010-04-09 14:03:51 ----RSD---- C:\Windows\Fonts

2010-04-09 14:03:51 ----D---- C:\Program Files\Common Files\System

2010-04-09 13:38:47 ----A---- C:\Windows\ODBC.INI

2010-04-09 12:17:25 ----D---- C:\Program Files\Java

2010-04-09 12:07:51 ----D---- C:\Windows\system32\wbem

2010-04-09 12:07:23 ----D---- C:\Windows\system32\config

2010-04-09 12:07:01 ----SD---- C:\Windows\Downloaded Program Files

2010-04-09 12:07:01 ----RSD---- C:\Windows\Media

2010-04-09 12:07:00 ----D---- C:\Windows\system32\spool

2010-04-09 12:07:00 ----D---- C:\Windows\system32\Msdtc

2010-04-09 12:07:00 ----D---- C:\Windows\inf

2010-04-09 12:06:59 ----D---- C:\ProgramData\McAfee Security Scan

2010-04-09 12:06:48 ----D---- C:\Windows\registration

2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe

2010-04-01 07:45:57 ----D---- C:\Program Files\Common Files

2010-03-24 13:03:15 ----D---- C:\Program Files\ElsterFormular

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-04-01 192048]

R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-12-22 18424]

R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-17 1331192]

R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-04-01 4568064]

R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-01 62976]

R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-04-01 398336]

R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-09-01 304128]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s; C:\Windows\system32\DRIVERS\cmnsusbser.sys []

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]

S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-05 22904]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]

S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2009-04-11 15872]

S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]

S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]

S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-05-27 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-03-02 81920]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-08 354840]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-11 1265264]

R2 msftesql$BITROCKMSSQL;SQL Server FullText Search (BITROCKMSSQL); C:\Program Files\sugarcrm-5.5.1RC\mssql\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 92952]

R2 MSSQL$BITROCKMSSQL;SQL Server (BITROCKMSSQL); C:\Program Files\sugarcrm-5.5.1RC\mssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-01-30 201968]

R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [2009-04-01 254042]

R2 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate; C:\Program Files\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [2010-04-12 541192]

R2 vtigercrmApache510;vtigercrmApache510; C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe [2009-05-08 20541]

R2 vtigercrmMysql510;vtigercrmMysql510; C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt --defaults-file=C:\Program Files\vtigercrm-5.1.0\mysql\my.ini vtigercrmMysql510 []

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-12-22 26112]

R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc []

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-03-02 1994752]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-27 133104]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-05-27 16680]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

 

-----------------EOF-----------------

Wenn ich was vergessen haben sollte, bitte nicht böse sein. Ich liefere dann ganz schnell nach :-)

Hier die OTL txt

OTL logfile created on: 22.04.2010 11:14:55 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 154,87 Gb Free Space | 70,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14,65 Gb Total Space | 8,41 Gb Free Space | 57,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Programme\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe ()
PRC - C:\Programme\vtigercrm-5.1.0\apache\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\sugarcrm-5.5.1RC\mssql\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\sugarcrm-5.5.1RC\mssql\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (StarMoney Business 4.0 OnlineUpdate) -- C:\Programme\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (vtigercrmMysql510) -- C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe ()
SRV - (vtigercrmApache510) -- C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$BITROCKMSSQL) SQL Server (BITROCKMSSQL) -- C:\Program Files\sugarcrm-5.5.1RC\mssql\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (msftesql$BITROCKMSSQL) SQL Server FullText Search (BITROCKMSSQL) -- C:\Program Files\sugarcrm-5.5.1RC\mssql\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.pflege-phase.de | hxxp://www.deraktionaer.de/xist4c/web/Online---Musterdepot_id_1261_.htm;jsessionid=9731F347B95346A3DD2AC4363D529A96 | www.spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.23 10:37:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009.12.21 12:30:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.28 18:33:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.11 09:50:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 19:53:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.09 11:02:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009.12.17 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.12.17 14:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.22 07:22:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions
[2010.02.06 12:56:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.06.29 08:38:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.19 22:31:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.09.15 22:19:24 | 000,000,000 | ---D | M] (German Stock Viewer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{5b52d398-ca0f-4ae2-a74b-fc8b3529e4d6}
[2009.12.23 11:23:23 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.04.21 08:23:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.17 16:13:03 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.01.14 10:43:23 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.01.14 10:43:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.12 19:55:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.18 12:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009.12.19 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\foxyseotool@foxyseotool.com
[2010.01.14 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onda2rub.default\extensions\piclens@cooliris.com
[2010.04.09 12:17:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.11 09:50:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.11 09:50:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.11 09:50:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.11 09:50:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.11 09:50:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [StarMoneyRunEntry] C:\Program Files\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.209.104.250 213.209.104.220
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{975d56d3-c9b1-11de-8c20-0023ae3ad389}\Shell - "" = AutoRun
O33 - MountPoints2\{975d56d3-c9b1-11de-8c20-0023ae3ad389}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{e1577e3f-4a9a-11de-843b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e1577e3f-4a9a-11de-843b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e1577e3f-4a9a-11de-843b-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e1577e3f-4a9a-11de-843b-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.22 09:44:19 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.21 17:23:07 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.21 17:23:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.21 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Viruskram
[2010.04.21 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.04.21 17:04:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.21 17:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.21 17:04:27 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.21 17:04:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.21 12:55:09 | 000,103,424 | ---- | C] (hxxp://subversion.tigris.org/) -- C:\Users\***\AppData\Local\rdr_1271847305.exe
[2010.04.20 22:54:36 | 000,103,424 | ---- | C] (hxxp://subversion.tigris.org/) -- C:\Users\***\AppData\Local\rdr_1271796874.exe
[2010.04.20 16:45:23 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.20 16:45:23 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.19 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HPAppData
[2010.04.14 12:15:46 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 12:15:46 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 12:15:43 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 12:15:42 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 12:15:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.13 09:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.09 12:32:13 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.04.09 12:32:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.04.09 12:32:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.09 12:32:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.09 12:32:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.09 12:32:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.04.09 12:32:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.09 12:32:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.04.09 12:32:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.04.09 12:32:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.09 12:32:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.04.09 12:32:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.04.09 12:32:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.04.09 12:32:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.04.09 12:32:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.04.09 12:17:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.09 12:17:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.09 12:17:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.09 11:01:59 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime(251)
[2010.04.09 11:00:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.04.01 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.04.01 07:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.01 07:45:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.03.24 13:03:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular
[2010.03.24 13:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular

========== Files - Modified Within 30 Days ==========

[2010.04.22 11:16:23 | 002,883,584 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.04.22 11:06:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.22 11:06:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.22 11:03:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.22 09:44:24 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.04.22 09:19:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.22 09:09:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.22 07:22:31 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A3BFD7D-8999-430D-9F90-5D1F563961B5}.job
[2010.04.21 17:25:04 | 001,732,090 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.21 17:25:04 | 000,984,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.21 17:25:04 | 000,429,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.21 17:25:03 | 000,487,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.21 17:25:03 | 000,005,942 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.21 17:18:20 | 000,076,000 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.21 17:18:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.21 17:17:58 | 000,320,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.21 17:17:36 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.21 17:16:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.21 17:16:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.21 17:15:50 | 002,771,900 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.04.21 17:09:17 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.21 17:01:24 | 000,002,484 | ---- | M] () -- C:\Users\***\Documents\cc_20100421_170120.reg
[2010.04.21 17:00:42 | 000,044,686 | ---- | M] () -- C:\Users\***\Documents\cc_20100421_170014.reg
[2010.04.21 12:55:09 | 000,103,424 | ---- | M] (hxxp://subversion.tigris.org/) -- C:\Users\***\AppData\Local\rdr_1271847305.exe
[2010.04.20 22:54:36 | 000,103,424 | ---- | M] (hxxp://subversion.tigris.org/) -- C:\Users\***\AppData\Local\rdr_1271796874.exe
[2010.04.20 16:54:40 | 000,000,002 | ---- | M] () -- C:\Users\***\AppData\Local\010112010146100109.xxe
[2010.04.19 20:44:53 | 000,000,002 | ---- | M] () -- C:\Users\***\AppData\Local\010112010146115119.xxe
[2010.04.19 20:44:40 | 000,000,002 | ---- | M] () -- C:\Users\***\AppData\Local\0101120101465198.xxe
[2010.04.19 20:42:25 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.04.14 20:20:06 | 000,002,216 | ---- | M] () -- C:\Users\***\Desktop\logo-feder_ohne_text.jpg
[2010.04.12 21:07:43 | 000,024,415 | ---- | M] () -- C:\Users\***\Documents\Kündigung Handy.pdf
[2010.04.10 20:48:34 | 000,082,432 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 14:03:59 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010.04.09 13:38:47 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.25 14:21:25 | 000,022,842 | ---- | M] () -- C:\Users\***\Documents\Briefvorlage.odt
[2010.03.25 14:21:08 | 000,090,433 | ---- | M] () -- C:\Users\***\Documents\Briefvorlage.pdf

========== Files Created - No Company Name ==========

[2010.04.21 17:09:12 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.21 17:01:22 | 000,002,484 | ---- | C] () -- C:\Users\***\Documents\cc_20100421_170120.reg
[2010.04.21 17:00:19 | 000,044,686 | ---- | C] () -- C:\Users\***\Documents\cc_20100421_170014.reg
[2010.04.20 22:47:35 | 2108,018,688 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.20 16:54:40 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\010112010146100109.xxe
[2010.04.19 20:44:53 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\010112010146115119.xxe
[2010.04.19 20:44:40 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\0101120101465198.xxe
[2010.04.14 20:20:04 | 000,002,216 | ---- | C] () -- C:\Users\***\Desktop\logo-feder_ohne_text.jpg
[2010.04.12 21:07:41 | 000,024,415 | ---- | C] () -- C:\Users\***\Documents\Kündigung Handy.pdf
[2010.03.25 14:21:05 | 000,090,433 | ---- | C] () -- C:\Users\***\Documents\Briefvorlage.pdf
[2009.12.22 21:14:40 | 000,000,055 | ---- | C] () -- C:\Windows\cryavitompeg.ini
[2009.11.06 22:17:37 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2009.09.11 09:57:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.22 12:37:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.27 16:06:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.05.27 16:06:51 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.05.27 15:58:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.01.03 17:57:06 | 000,404,480 | ---- | C] () -- C:\Windows\System32\maybubble2.dll
< End of report >