Trojaner-Board - Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner (https://www.trojaner-board.de/98514-desktop-icons-unsichtbar-festplattenfehlermeldung-mehrere-trojaner.html)

Desktop Icons unsichtbar, Festplattenfehlermeldung, Mehrere Trojaner

Hallo,

ich habe plötzlich Fehlermeldungen bezüglich der Festplatte erhalten: Sie sei defekt und ich solle das System neu starten. Hat das System dann von allein getan. Danach waren alle Icons vom Desktop verschwunden und alle Ordner leer.
Nach unhide sind alle Ordner wieder voll und die Programme laufen auch, es können aber keine Icons oder Verknüpfungen mehr auf dem Desktop abgelegt werden. Dieser bleibt leer.
Ich habe Malewarebytes Anti-Malware laufen lassen und OTL.
Hier sind die entsprechenden logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6474

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

29.04.2011 20:41:36
mbam-log-2011-04-29 (20-41-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158955
Laufzeit: 5 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BUDNI Fotowelt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7558E739-8E7C-44BB-BCE7-1BF0D72B7026} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Spyware.Passwords.XGen) -> Value: nonep -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\Michael\startmenü\programme\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\Michael\lokale einstellungen\Temp\tmp75021f33\aport.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\20307764.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\bikminqaaqkwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\null0.09932019442772955.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michael\lokale einstellungen\Temp\jar_cache8235702996812621430.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\6.0\63\2762f47f-1c01bfa3 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michael\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michael\startmenü\programme\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michael\startmenü\programme\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programme\icqtoolbar\tbu2\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Und hier OTL:OTL Logfile:

Code:

OTL logfile created on: 29.04.2011 21:09:43 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 116,41 Gb Total Space | 16,00 Gb Free Space | 13,74% Space Free | Partition Type: NTFS

Drive D: | 109,63 Gb Total Space | 60,70 Gb Free Space | 55,37% Space Free | Partition Type: NTFS

Drive E: | 6,83 Gb Total Space | 0,55 Gb Free Space | 7,99% Space Free | Partition Type: FAT32

Drive K: | 956,55 Mb Total Space | 860,78 Mb Free Space | 89,99% Space Free | Partition Type: FAT32

 

Computer Name: NATHAN | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ALCFDRTM.EXE (Realtek Semiconductor Corp.)

PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()

PRC - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)

PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)

PRC - C:\WINDOWS\CNYHKey.exe (Chicony)

PRC - C:\WINDOWS\system32\CmUCREye.exe ()

PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\WINDOWS\mHotkey.exe ()

PRC - C:\Programme\Lexmark X6100 Series\lxbfbmon.exe (Lexmark International, Inc.)

PRC - C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Programme\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)

MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)

MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)

MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (NMIndexingService) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avp) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()

SRV - (CyberLink Media Library Service) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)

DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)

DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (T-Online International AG, Marmiko IT-Solutions GmbH)

DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)

DRV - (CMISTOR) -- C:\WINDOWS\system32\drivers\cmiucr.SYS (C-Media Corporation)

DRV - (pfsvgae) -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Temp\pfsvgae.sys ()

DRV - (RT2500USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (FreshIO) -- C:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys ()

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.sys (Adaptec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f84595040000000000000012bf63dc31&tlver=1.4.19.19&ss=1&affID=17395

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.31 11:22:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.23 15:33:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.01 20:49:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\THBExt [2009.08.23 19:54:45 | 000,000,000 | ---D | M]

 

[2010.04.24 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions

[2010.04.24 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.04.28 23:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions

[2010.10.07 20:51:20 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010.08.31 20:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.31 20:27:15 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}

[2010.10.07 20:51:22 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}

[2008.11.08 21:16:55 | 000,000,000 | ---D | M] (Denimfox) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{6032AA22-F6B2-11DC-8F07-A83F56D89593}

[2010.12.18 21:23:13 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}

[2009.04.28 20:50:02 | 000,000,000 | ---D | M] (Media Converter) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2010.02.07 18:10:45 | 000,000,000 | ---D | M] (Save Link in Folder) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{7a46f9fe-4818-4837-ae4a-39c53978ae99}

[2011.04.15 21:35:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.03.13 18:48:37 | 000,000,000 | ---D | M] (Context Search) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}

[2010.08.31 20:28:01 | 000,000,000 | ---D | M] ("PriceDrop") -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{987211C6-B504-4ab2-90BF-60CC49808D42}

[2010.01.17 17:05:42 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}

[2010.08.31 20:27:42 | 000,000,000 | ---D | M] ("FootieFox") -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}

[2010.06.06 13:55:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.08.31 20:28:01 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}

[2010.08.31 20:27:54 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2011.03.13 18:48:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2009.10.18 16:46:19 | 000,000,000 | ---D | M] (Amazon Mini Shop) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{d9d07618-6444-429b-8c8f-d22439c760cf}

[2010.02.07 18:10:01 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}

[2011.03.13 18:48:39 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.06.06 13:55:42 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

[2010.08.31 20:27:15 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\chromifox@altmusictv.com

[2011.04.25 17:10:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\engine@conduit.com

[2011.03.13 18:48:41 | 000,000,000 | ---D | M] (Feed Sidebar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\feedbar@efinke.com

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de

[2010.08.31 20:27:25 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\piclens@cooliris.com

[2008.11.08 21:17:27 | 000,000,000 | ---D | M] (YouPlayer) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\youplayer@addons.mozilla.org

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults

[2010.08.31 20:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions

[2010.02.07 18:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions

[2010.02.07 18:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS

[2011.04.28 23:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.07.14 18:08:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.02.22 11:11:59 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

[2011.03.24 00:39:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.04.10 14:48:22 | 000,002,428 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml

[2011.03.24 00:39:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.24 00:39:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.24 00:39:12 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.24 00:39:12 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()

O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)

O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe ()

O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [LaunchList] C:\Programme\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm ()

O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\haufereader - No CLSID value found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.03.11 21:45:58 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.29 20:32:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes

[2011.04.29 20:32:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.04.29 20:32:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.04.29 20:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.04.29 20:32:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.04.29 20:32:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.28 23:32:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Michael\Recent

[2011.04.27 19:30:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2011.04.27 19:29:50 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2011.04.27 19:25:56 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2011.04.27 19:23:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.04.25 17:11:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DVDVideoSoft

[2011.04.25 17:01:24 | 008,590,480 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Michael\Desktop\FreeDVDVideoBurner.exe

[2011.04.21 10:33:48 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll

[2011.04.17 17:21:02 | 006,482,143 | ---- | C] (Koyote Soft ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Setup_696FreeFlvConverter.exe

[2011.04.16 11:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Red Kawa

[2011.04.16 11:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Red Kawa

[2011.04.16 11:08:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Regensoft

[2011.04.16 11:07:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Geckofx

[2011.04.16 11:07:18 | 000,000,000 | ---D | C] -- C:\Programme\Regensoft

[2011.04.16 11:07:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Regensoft

[2011.04.16 11:07:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Regensoft

[2011.04.16 11:07:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\AviSynth 2.5

[2011.04.16 11:07:09 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5

[2011.04.16 11:07:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AviSynth 2.5

[2011.04.16 11:06:44 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa

[2011.04.16 11:06:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Red Kawa

[2011.04.15 21:35:26 | 000,000,000 | ---D | C] -- C:\Programme\Conduit

[2011.04.15 21:32:48 | 013,586,992 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\FreeYouTubeDownload21033.exe

[2011.04.10 15:03:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PriceGong

[2011.04.10 15:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BabylonToolbar

[2011.04.10 14:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Guitar Pro 6

[2011.04.10 14:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Guitar Pro 6

[2011.04.10 14:44:06 | 307,272,406 | ---- | C] (Arobas Music ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\GuitarPro6Demo-rev8020.exe

[2011.04.06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe

[2011.04.06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll

[2011.03.31 11:22:39 | 002,833,568 | ---- | C] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Michael\Desktop\install_flash_player.exe

[2010.06.06 14:34:45 | 000,386,048 | ---- | C] (Jacek Pazera) -- C:\Programme\mp4toavi.exe

[2006.12.12 16:57:25 | 006,848,212 | ---- | C] ( ) -- C:\Programme\Budni.exe

[2005.10.09 12:04:35 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2036.02.07 03:58:15 | 002,786,937 | R--- | M] (T-Online) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SoftwarePlus.exe

[2011.04.29 21:12:54 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (2) mit Alice.lnk

[2011.04.29 20:53:28 | 000,000,750 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit thunderbird.exe.lnk

[2011.04.29 20:47:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.04.29 20:46:31 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011.04.29 20:46:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.04.29 20:46:24 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.29 20:45:21 | 022,792,480 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2011.04.29 20:45:21 | 001,313,568 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2011.04.29 20:45:21 | 000,310,508 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2011.04.29 20:45:21 | 000,127,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2011.04.29 20:44:34 | 000,048,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\wklnhst.dat

[2011.04.29 20:43:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.04.29 20:42:48 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI

[2011.04.29 20:32:24 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.28 23:21:11 | 000,000,336 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\20307764

[2011.04.28 18:28:58 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Microsoft Word.lnk

[2011.04.27 15:38:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011.04.25 17:09:37 | 000,000,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\DVDVideoSoft Free Studio.lnk

[2011.04.25 17:01:58 | 008,590,480 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Michael\Desktop\FreeDVDVideoBurner.exe

[2011.04.21 10:34:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2011.04.21 10:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011.04.21 10:33:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.04.17 17:21:04 | 006,482,143 | ---- | M] (Koyote Soft ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Setup_696FreeFlvConverter.exe

[2011.04.16 11:05:27 | 019,503,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\ps3video9-600-setup.exe

[2011.04.15 21:34:09 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Free YouTube Download.lnk

[2011.04.15 21:32:59 | 013,586,992 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\FreeYouTubeDownload21033.exe

[2011.04.14 10:05:00 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.04.13 21:07:04 | 000,478,802 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.04.13 21:07:04 | 000,436,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.04.13 21:07:04 | 000,092,948 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.04.13 21:07:04 | 000,069,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.04.10 14:53:58 | 000,000,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Guitar Pro 6.lnk

[2011.04.10 14:47:02 | 307,272,406 | ---- | M] (Arobas Music ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\GuitarPro6Demo-rev8020.exe

[2011.04.10 14:40:49 | 000,287,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SoftonicDownloader_fuer_guitar-pro.exe

[2011.04.06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe

[2011.04.06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll

[2011.04.04 19:34:19 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011.04.04 19:34:19 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2011.03.31 11:22:40 | 002,833,568 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Michael\Desktop\install_flash_player.exe

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.04.29 21:12:54 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (2) mit Alice.lnk

[2011.04.29 20:53:28 | 000,000,750 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit thunderbird.exe.lnk

[2011.04.29 20:32:23 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.28 23:21:10 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\20307764

[2011.04.21 10:34:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2011.04.21 10:33:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011.04.16 11:03:59 | 019,503,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\ps3video9-600-setup.exe

[2011.04.15 21:34:26 | 000,000,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\DVDVideoSoft Free Studio.lnk

[2011.04.15 21:34:09 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Free YouTube Download.lnk

[2011.04.10 14:53:58 | 000,000,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Guitar Pro 6.lnk

[2011.04.10 14:40:48 | 000,287,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SoftonicDownloader_fuer_guitar-pro.exe

[2010.09.16 20:15:44 | 000,071,256 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010.09.10 12:37:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2010.06.06 14:51:23 | 000,000,292 | ---- | C] () -- C:\Programme\mp4toavi.ini

[2010.05.03 21:22:57 | 000,000,405 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010.04.23 20:00:13 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini

[2009.11.25 19:01:57 | 000,000,228 | ---- | C] () -- C:\WINDOWS\winlemm.ini

[2009.04.30 12:54:14 | 000,026,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[2009.04.05 09:26:39 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2009.04.05 09:26:39 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2009.04.05 09:26:39 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009.04.05 09:26:39 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2009.03.29 22:24:56 | 000,003,621 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

[2009.02.15 12:20:46 | 000,002,985 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat

[2009.02.15 12:15:43 | 001,073,528 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2009.02.15 12:15:43 | 000,013,781 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat

[2009.02.12 07:08:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat

[2008.10.08 21:10:23 | 000,000,597 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini

[2008.10.08 21:10:21 | 002,129,971 | ---- | C] () -- C:\WINDOWS\Batman Hush.dat

[2008.10.08 21:10:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe

[2008.08.16 23:06:07 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2008.08.16 23:06:07 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2008.08.16 23:05:51 | 022,792,480 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008.08.16 23:05:51 | 001,313,568 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008.04.13 19:46:56 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Audio Ripper.INI

[2008.03.27 23:00:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008.03.22 18:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI

[2008.03.11 23:17:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll

[2008.03.10 21:11:26 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI

[2008.03.10 20:42:06 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

[2008.03.10 20:41:23 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.03.10 20:41:23 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.03.10 20:41:23 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.03.10 20:41:23 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.03.10 20:41:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.03.09 19:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008.03.09 18:52:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.03.02 21:14:49 | 000,006,292 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

[2008.01.22 21:45:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2008.01.22 21:45:51 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2008.01.22 21:45:50 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008.01.03 18:29:25 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2007.11.04 23:20:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2007.11.04 23:20:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2007.11.04 23:20:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2007.11.04 23:20:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2007.11.04 23:20:23 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2007.09.09 12:05:30 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2007.06.16 11:33:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007.04.06 13:58:25 | 000,000,176 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006.10.30 20:41:37 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2006.10.30 20:41:36 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2006.08.18 20:45:31 | 000,048,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\wklnhst.dat

[2006.08.18 20:43:43 | 000,095,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006.08.18 20:43:43 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2006.03.01 15:01:44 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2006.03.01 15:01:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini

[2006.02.28 15:52:15 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe

[2006.02.28 15:52:15 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2006.02.28 15:52:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll

[2006.02.28 15:52:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe

[2006.02.28 15:52:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2006.02.28 15:52:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll

[2006.02.28 15:52:15 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll

[2006.02.28 15:52:15 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini

[2006.02.28 15:51:08 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCREye.exe

[2006.02.28 13:18:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.02.28 13:18:15 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2006.02.28 13:18:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.02.28 13:18:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.02.28 13:18:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.02.28 13:18:14 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2006.02.28 13:18:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2006.02.28 13:18:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006.01.30 12:25:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2006.01.30 10:51:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2005.11.01 13:12:47 | 000,000,207 | ---- | C] () -- C:\WINDOWS\WISO.INI

[2005.10.18 15:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2005.10.16 16:35:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.10.16 14:47:59 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2005.10.12 11:48:49 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll

[2005.10.12 08:39:03 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005.10.09 14:55:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.10.09 14:27:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005.10.09 13:48:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005.10.09 12:27:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005.10.09 12:25:40 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2005.10.09 12:25:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\A3DA537E26.sys

[2005.10.09 12:11:51 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe

[2005.10.09 12:04:35 | 000,730,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys

[2005.10.09 12:04:35 | 000,041,243 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll

[2005.10.09 12:04:35 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys

[2005.10.09 12:04:35 | 000,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll

[2005.10.09 12:04:35 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\capitask.exe

[2005.10.09 11:53:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll

[2005.10.09 11:53:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll

[2005.10.09 11:53:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe

[2005.10.09 07:47:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.10.09 07:46:56 | 000,478,802 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2005.10.09 07:46:56 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2005.10.09 07:46:56 | 000,092,948 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2005.10.09 07:46:56 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2005.10.09 07:46:50 | 000,436,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005.10.09 07:46:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005.10.09 07:46:50 | 000,069,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005.10.09 07:46:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005.10.09 07:46:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005.10.09 07:46:50 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005.10.09 07:46:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005.10.09 07:46:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005.10.09 07:46:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005.10.09 07:46:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005.10.09 07:46:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005.10.09 07:46:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2005.10.08 23:52:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005.10.08 23:51:38 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005.10.08 22:59:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005.10.08 22:56:19 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005.10.08 15:40:15 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe

[2005.10.08 15:40:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll

[2005.10.08 15:40:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe

[2005.10.08 15:40:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI

[2005.10.08 15:30:55 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005.10.08 15:18:30 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2003.09.23 07:58:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBFIH.EXE

[2003.09.23 07:48:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL

[2002.11.13 21:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll

[2002.09.04 20:42:38 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini

[2001.10.10 09:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll

[2001.10.10 09:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll

[2001.03.07 09:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll

[2001.01.19 21:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

[1999.01.27 00:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL

[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 85 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX

@Alternate Data Stream - 85 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Namco Networks:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A7364D37AEE5DAD1

 

< End of report >

--- --- ---

Ich hoffe, Ihr könnt mir helfen!

Viele Grüße
Mike

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Logs erstellen:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne,

danke, dass Du Dich meiner annimmst!
Hier der log des Malwarebytes- Komplettscans:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6484

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01.05.2011 19:07:22
mbam-log-2011-05-01 (19-07-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 296491
Laufzeit: 1 Stunde(n), 21 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und hier das Ergebnis des OTL Custom-Scans:OTL Logfile:

Code:

OTL logfile created on: 01.05.2011 19:21:06 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 116,41 Gb Total Space | 16,54 Gb Free Space | 14,21% Space Free | Partition Type: NTFS

Drive D: | 109,63 Gb Total Space | 60,67 Gb Free Space | 55,35% Space Free | Partition Type: NTFS

Drive E: | 6,83 Gb Total Space | 0,55 Gb Free Space | 7,99% Space Free | Partition Type: FAT32

Drive K: | 956,55 Mb Total Space | 860,78 Mb Free Space | 89,99% Space Free | Partition Type: FAT32

 

Computer Name: NATHAN | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe (Apple Inc.)

PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ALCFDRTM.EXE (Realtek Semiconductor Corp.)

PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()

PRC - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)

PRC - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)

PRC - C:\WINDOWS\CNYHKey.exe (Chicony)

PRC - C:\WINDOWS\system32\CmUCREye.exe ()

PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\WINDOWS\mHotkey.exe ()

PRC - C:\Programme\Lexmark X6100 Series\lxbfbmon.exe (Lexmark International, Inc.)

PRC - C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Programme\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)

MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)

MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)

MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (NMIndexingService) --  File not found

SRV - (AppMgmt) --  File not found

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avp) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe ()

SRV - (CyberLink Media Library Service) -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)

DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)

DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (T-Online International AG, Marmiko IT-Solutions GmbH)

DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)

DRV - (CMISTOR) -- C:\WINDOWS\system32\drivers\cmiucr.SYS (C-Media Corporation)

DRV - (pfsvgae) -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Temp\pfsvgae.sys ()

DRV - (RT2500USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (FreshIO) -- C:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys ()

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.sys (Adaptec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f84595040000000000000012bf63dc31&tlver=1.4.19.19&ss=1&affID=17395

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.01 11:20:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.01 11:20:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.01 20:49:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\THBExt [2009.08.23 19:54:45 | 000,000,000 | ---D | M]

 

[2010.04.24 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions

[2010.04.24 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.05.01 14:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions

[2010.10.07 20:51:20 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010.08.31 20:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.31 20:27:15 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}

[2011.05.01 11:22:41 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

[2008.11.08 21:16:55 | 000,000,000 | ---D | M] (Denimfox) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{6032AA22-F6B2-11DC-8F07-A83F56D89593}

[2010.12.18 21:23:13 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}

[2009.04.28 20:50:02 | 000,000,000 | ---D | M] (Media Converter) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2011.04.15 21:35:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.03.13 18:48:37 | 000,000,000 | ---D | M] (Context Search) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}

[2010.01.17 17:05:42 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}

[2010.06.06 13:55:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.01 11:23:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2011.03.13 18:48:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2009.10.18 16:46:19 | 000,000,000 | ---D | M] (Amazon Mini Shop) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{d9d07618-6444-429b-8c8f-d22439c760cf}

[2010.02.07 18:10:01 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}

[2011.03.13 18:48:39 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.06.06 13:55:42 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

[2010.08.31 20:27:15 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\chromifox@altmusictv.com

[2011.04.25 17:10:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\engine@conduit.com

[2011.03.13 18:48:41 | 000,000,000 | ---D | M] (Feed Sidebar) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\feedbar@efinke.com

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de

[2011.05.01 14:25:03 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\piclens@cooliris.com

[2008.11.08 21:17:27 | 000,000,000 | ---D | M] (YouPlayer) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\youplayer@addons.mozilla.org

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome

[2010.02.07 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults

[2010.08.31 20:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions

[2010.02.07 18:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions

[2010.02.07 18:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS

[2011.05.01 11:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.07.14 18:08:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.02.22 11:11:59 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}

[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.04.10 14:48:22 | 000,002,428 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()

O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)

O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot]  File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe ()

O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [LaunchList] C:\Programme\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm ()

O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\haufereader - No CLSID value found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.03.11 21:45:58 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package - 

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp -  File not found

Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)

Drivers32: VIDC.I420 - vdrcodec.dll File not found

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (64471380418101248)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.01 11:39:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Michael\Recent

[2011.05.01 11:13:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Michael\IETldCache

[2011.05.01 11:02:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011.05.01 10:56:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011.04.30 12:54:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

[2011.04.30 12:50:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner

[2011.04.30 12:50:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2011.04.30 12:49:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

[2011.04.29 20:32:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes

[2011.04.29 20:32:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.04.29 20:32:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.04.29 20:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.04.29 20:32:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.04.29 20:32:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.27 19:30:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2011.04.27 19:29:50 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2011.04.27 19:25:56 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2011.04.25 17:11:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DVDVideoSoft

[2011.04.25 17:01:24 | 008,590,480 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Dokumente und Einstellungen\Michael\Desktop\FreeDVDVideoBurner.exe

[2011.04.17 17:21:02 | 006,482,143 | ---- | C] (Koyote Soft                                                 ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Setup_696FreeFlvConverter.exe

[2011.04.16 11:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Red Kawa

[2011.04.16 11:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Red Kawa

[2011.04.16 11:08:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Regensoft

[2011.04.16 11:07:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Geckofx

[2011.04.16 11:07:18 | 000,000,000 | ---D | C] -- C:\Programme\Regensoft

[2011.04.16 11:07:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Regensoft

[2011.04.16 11:07:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Regensoft

[2011.04.16 11:07:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\AviSynth 2.5

[2011.04.16 11:07:09 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5

[2011.04.16 11:07:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AviSynth 2.5

[2011.04.16 11:06:44 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa

[2011.04.16 11:06:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Red Kawa

[2011.04.15 21:35:26 | 000,000,000 | ---D | C] -- C:\Programme\Conduit

[2011.04.15 21:32:48 | 013,586,992 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\FreeYouTubeDownload21033.exe

[2011.04.10 15:03:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PriceGong

[2011.04.10 15:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BabylonToolbar

[2011.04.10 14:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Guitar Pro 6

[2011.04.10 14:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Guitar Pro 6

[2011.04.10 14:44:06 | 307,272,406 | ---- | C] (Arobas Music                                                ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\GuitarPro6Demo-rev8020.exe

[2010.06.06 14:34:45 | 000,386,048 | ---- | C] (Jacek Pazera) -- C:\Programme\mp4toavi.exe

[2006.12.12 16:57:25 | 006,848,212 | ---- | C] (                                                            ) -- C:\Programme\Budni.exe

[2005.10.09 12:04:35 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2036.02.07 03:58:15 | 002,786,937 | R--- | M] (T-Online) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SoftwarePlus.exe

[2011.05.01 15:19:04 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (4) mit Alice.lnk

[2011.05.01 12:54:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.05.01 12:53:18 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011.05.01 12:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.05.01 12:53:08 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.01 11:44:39 | 022,792,480 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2011.05.01 11:44:39 | 001,313,568 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2011.05.01 11:44:39 | 000,310,508 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2011.05.01 11:44:39 | 000,127,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2011.05.01 11:20:53 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2011.04.30 14:06:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.04.30 14:06:14 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI

[2011.04.30 12:50:39 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

[2011.04.30 12:37:15 | 000,048,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\wklnhst.dat

[2011.04.30 12:26:33 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Microsoft Word.lnk

[2011.04.30 12:24:08 | 000,000,154 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit Netzwerkverbindungen.lnk

[2011.04.30 10:42:49 | 000,000,630 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit iTunes.lnk

[2011.04.30 10:40:33 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (3) mit Alice.lnk

[2011.04.30 10:37:28 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit firefox.lnk

[2011.04.29 21:12:54 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (2) mit Alice.lnk

[2011.04.29 20:53:28 | 000,000,750 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit thunderbird.exe.lnk

[2011.04.29 20:32:24 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.28 23:21:11 | 000,000,336 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\20307764

[2011.04.27 15:38:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011.04.25 17:09:37 | 000,000,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\DVDVideoSoft Free Studio.lnk

[2011.04.25 17:01:58 | 008,590,480 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Dokumente und Einstellungen\Michael\Desktop\FreeDVDVideoBurner.exe

[2011.04.21 10:34:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2011.04.21 10:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011.04.17 17:21:04 | 006,482,143 | ---- | M] (Koyote Soft                                                 ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Setup_696FreeFlvConverter.exe

[2011.04.16 11:05:27 | 019,503,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\ps3video9-600-setup.exe

[2011.04.15 21:34:09 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Free YouTube Download.lnk

[2011.04.15 21:32:59 | 013,586,992 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\FreeYouTubeDownload21033.exe

[2011.04.14 10:05:00 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.04.13 21:07:04 | 000,478,802 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.04.13 21:07:04 | 000,436,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.04.13 21:07:04 | 000,092,948 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.04.13 21:07:04 | 000,069,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.04.10 14:53:58 | 000,000,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Guitar Pro 6.lnk

[2011.04.10 14:47:02 | 307,272,406 | ---- | M] (Arobas Music                                                ) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\GuitarPro6Demo-rev8020.exe

[2011.04.10 14:40:49 | 000,287,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SoftonicDownloader_fuer_guitar-pro.exe

[2011.04.04 19:34:19 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011.04.04 19:34:19 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Michael\Eigene Dateien\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.05.01 15:19:04 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (4) mit Alice.lnk

[2011.05.01 11:20:53 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk

[2011.05.01 11:20:53 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2011.04.30 12:50:39 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

[2011.04.30 12:24:08 | 000,000,154 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit Netzwerkverbindungen.lnk

[2011.04.30 10:42:49 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit iTunes.lnk

[2011.04.30 10:40:33 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (3) mit Alice.lnk

[2011.04.30 10:37:28 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit firefox.lnk

[2011.04.29 21:12:54 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung (2) mit Alice.lnk

[2011.04.29 20:53:28 | 000,000,750 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Verknüpfung mit thunderbird.exe.lnk

[2011.04.29 20:32:23 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.28 23:21:10 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\20307764

[2011.04.21 10:34:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2011.04.21 10:33:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011.04.16 11:03:59 | 019,503,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\ps3video9-600-setup.exe

[2011.04.15 21:34:26 | 000,000,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\DVDVideoSoft Free Studio.lnk

[2011.04.15 21:34:09 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Free YouTube Download.lnk

[2011.04.10 14:53:58 | 000,000,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Guitar Pro 6.lnk

[2011.04.10 14:40:48 | 000,287,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SoftonicDownloader_fuer_guitar-pro.exe

[2010.09.16 20:15:44 | 000,071,256 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010.09.10 12:37:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2010.06.06 14:51:23 | 000,000,292 | ---- | C] () -- C:\Programme\mp4toavi.ini

[2010.05.03 21:22:57 | 000,000,405 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010.04.23 20:00:13 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini

[2009.11.25 19:01:57 | 000,000,228 | ---- | C] () -- C:\WINDOWS\winlemm.ini

[2009.04.30 12:54:14 | 000,026,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[2009.04.05 09:26:39 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2009.04.05 09:26:39 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2009.04.05 09:26:39 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009.04.05 09:26:39 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2009.03.29 22:24:56 | 000,003,621 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

[2009.02.15 12:20:46 | 000,002,985 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat

[2009.02.15 12:15:43 | 001,073,528 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2009.02.15 12:15:43 | 000,013,781 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat

[2009.02.12 07:08:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat

[2008.10.08 21:10:23 | 000,000,597 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini

[2008.10.08 21:10:21 | 002,129,971 | ---- | C] () -- C:\WINDOWS\Batman Hush.dat

[2008.10.08 21:10:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe

[2008.08.16 23:06:07 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2008.08.16 23:06:07 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2008.08.16 23:05:51 | 022,792,480 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008.08.16 23:05:51 | 001,313,568 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008.04.13 19:46:56 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Audio Ripper.INI

[2008.03.27 23:00:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008.03.22 18:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI

[2008.03.11 23:17:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll

[2008.03.10 21:11:26 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI

[2008.03.10 20:42:06 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

[2008.03.10 20:41:23 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2008.03.10 20:41:23 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2008.03.10 20:41:23 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2008.03.10 20:41:23 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2008.03.10 20:41:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2008.03.09 19:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008.03.09 18:52:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.03.02 21:14:49 | 000,006,292 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

[2008.01.22 21:45:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2008.01.22 21:45:51 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2008.01.22 21:45:50 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008.01.03 18:29:25 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2007.11.04 23:20:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2007.11.04 23:20:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2007.11.04 23:20:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2007.11.04 23:20:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2007.11.04 23:20:23 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2007.09.09 12:05:30 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2007.06.16 11:33:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007.04.06 13:58:25 | 000,000,176 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006.10.30 20:41:37 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2006.10.30 20:41:36 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2006.08.18 20:45:31 | 000,048,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\wklnhst.dat

[2006.08.18 20:43:43 | 000,095,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006.08.18 20:43:43 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2006.03.01 15:01:44 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2006.03.01 15:01:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini

[2006.02.28 15:52:15 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe

[2006.02.28 15:52:15 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2006.02.28 15:52:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll

[2006.02.28 15:52:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe

[2006.02.28 15:52:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2006.02.28 15:52:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll

[2006.02.28 15:52:15 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll

[2006.02.28 15:52:15 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini

[2006.02.28 15:51:08 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCREye.exe

[2006.02.28 13:18:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.02.28 13:18:15 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2006.02.28 13:18:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.02.28 13:18:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.02.28 13:18:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.02.28 13:18:14 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2006.02.28 13:18:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2006.02.28 13:18:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006.01.30 12:25:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2006.01.30 10:51:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2005.11.01 13:12:47 | 000,000,207 | ---- | C] () -- C:\WINDOWS\WISO.INI

[2005.10.18 15:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2005.10.16 16:35:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.10.16 14:47:59 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2005.10.12 11:48:49 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll

[2005.10.12 08:39:03 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005.10.09 14:55:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.10.09 14:27:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005.10.09 13:48:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005.10.09 12:27:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005.10.09 12:25:40 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2005.10.09 12:25:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\A3DA537E26.sys

[2005.10.09 12:11:51 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe

[2005.10.09 12:04:35 | 000,730,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys

[2005.10.09 12:04:35 | 000,041,243 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll

[2005.10.09 12:04:35 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys

[2005.10.09 12:04:35 | 000,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll

[2005.10.09 12:04:35 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\capitask.exe

[2005.10.09 11:53:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll

[2005.10.09 11:53:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll

[2005.10.09 11:53:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe

[2005.10.09 07:47:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.10.09 07:46:56 | 000,478,802 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2005.10.09 07:46:56 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2005.10.09 07:46:56 | 000,092,948 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2005.10.09 07:46:56 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2005.10.09 07:46:50 | 000,436,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005.10.09 07:46:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005.10.09 07:46:50 | 000,069,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005.10.09 07:46:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005.10.09 07:46:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005.10.09 07:46:50 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005.10.09 07:46:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005.10.09 07:46:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005.10.09 07:46:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005.10.09 07:46:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005.10.09 07:46:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005.10.09 07:46:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2005.10.08 23:52:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005.10.08 23:51:38 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005.10.08 22:59:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005.10.08 22:56:19 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005.10.08 15:40:15 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe

[2005.10.08 15:40:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll

[2005.10.08 15:40:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe

[2005.10.08 15:40:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI

[2005.10.08 15:30:55 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005.10.08 15:18:30 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2003.09.23 07:58:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBFIH.EXE

[2003.09.23 07:48:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL

[2002.11.13 21:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll

[2002.09.04 20:42:38 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini

[2001.10.10 09:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll

[2001.10.10 09:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll

[2001.03.07 09:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll

[2001.01.19 21:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

[1999.01.27 00:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL

[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 
 ========== LOP Check ==========

 

[2007.01.08 15:26:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2010.05.03 21:23:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2008.03.11 22:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D2dWizardTemp

[2008.01.03 18:52:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes

[2011.04.10 14:54:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Guitar Pro 6

[2007.01.08 15:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe

[2009.07.14 18:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.02.22 11:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2008.03.09 18:45:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe

[2005.10.09 14:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies

[2010.01.20 18:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Namco Networks

[2008.03.11 21:49:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2008.03.11 21:43:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio

[2010.11.14 19:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT

[2008.01.03 18:29:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft

[2006.08.18 20:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2007.08.07 13:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager

[2006.02.28 16:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint

[2006.02.28 16:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings

[2009.03.31 20:06:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010.04.02 11:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009.09.30 20:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009.04.10 21:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010.07.19 19:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Amazon

[2008.09.07 21:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Any Video Converter

[2011.04.10 15:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BabylonToolbar

[2011.05.01 11:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BitTorrent

[2009.01.08 18:33:06 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Chromeflower

[2010.12.23 12:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Cioz

[2009.01.08 18:32:50 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\CrystalSpace

[2011.05.01 19:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DNA

[2011.04.25 17:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DVDVideoSoft

[2011.04.15 21:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.11.14 12:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\GetRightToGo

[2011.04.29 20:19:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Guitar Pro 6

[2007.01.08 16:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Haufe

[2008.03.29 20:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\i Audiobook 1.0 Professional

[2007.01.14 11:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQ Toolbar

[2006.08.18 21:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQLite

[2009.04.05 22:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ImgBurn

[2010.09.26 12:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Imperium Romanum

[2009.02.22 11:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Lexware

[2007.08.15 20:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MAGIX

[2009.07.10 17:26:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Namco Networks

[2010.09.26 12:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Pingus

[2011.04.30 12:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PriceGong

[2011.04.16 11:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Red Kawa

[2011.04.16 11:08:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Regensoft

[2009.01.25 12:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Styler

[2006.08.18 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\T-Online

[2007.05.20 14:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Template

[2010.04.24 14:18:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Thunderbird

[2010.12.23 18:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Upymaz

[2009.01.25 12:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Windows Desktop Search

[2009.01.25 13:50:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Windows Search

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.02.15 12:15:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AccurateRip

[2010.10.06 11:06:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Adobe

[2006.08.21 19:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AdobeUM

[2008.03.09 16:30:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ahead

[2010.07.19 19:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Amazon

[2008.09.07 21:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Any Video Converter

[2009.01.02 14:03:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AOL

[2011.01.03 20:48:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Apple Computer

[2008.09.06 20:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\AVS4YOU

[2011.04.10 15:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BabylonToolbar

[2011.05.01 11:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BitTorrent

[2009.01.08 18:33:06 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Chromeflower

[2010.12.23 12:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Cioz

[2009.01.08 18:32:50 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\CrystalSpace

[2006.02.28 18:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\CyberLink

[2011.05.01 19:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DNA

[2009.08.25 00:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\dvdcss

[2011.04.25 17:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DVDVideoSoft

[2011.04.15 21:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.11.14 12:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\GetRightToGo

[2006.12.09 15:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Google

[2011.04.29 20:19:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Guitar Pro 6

[2007.01.08 16:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Haufe

[2007.04.06 16:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Help

[2008.03.29 20:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\i Audiobook 1.0 Professional

[2007.01.14 11:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQ Toolbar

[2006.08.18 21:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQLite

[2005.10.08 22:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Identities

[2009.04.05 22:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ImgBurn

[2010.09.26 12:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Imperium Romanum

[2007.01.08 15:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\InstallShield

[2009.02.22 11:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Lexware

[2006.02.28 18:33:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Macromedia

[2007.08.15 20:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MAGIX

[2011.04.29 20:32:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes

[2010.01.26 21:00:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft

[2006.12.19 18:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Web Folders

[2008.11.08 21:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla

[2009.07.10 17:26:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Namco Networks

[2010.09.26 12:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Pingus

[2011.04.30 12:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PriceGong

[2005.10.09 11:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Real

[2011.04.16 11:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Red Kawa

[2011.04.16 11:08:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Regensoft

[2009.01.25 12:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Styler

[2006.02.28 18:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Sun

[2006.08.18 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\T-Online

[2007.05.20 14:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Template

[2010.04.24 14:18:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Thunderbird

[2010.12.23 18:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Upymaz

[2010.11.14 22:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\vlc

[2009.01.25 12:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Windows Desktop Search

[2009.01.25 13:50:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Windows Search

[2006.02.28 16:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\You've Got Pictures Screensaver

 
 < %APPDATA%\*.exe /s >

[2006.02.28 18:34:31 | 000,839,680 | ---- | M] (Macromedia, Inc.) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Macromedia\Authorware Web Player\NP32ASW\webplr08\webplr.exe

[2008.05.23 20:54:29 | 001,526,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2008.05.17 21:21:50 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft\Installer\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}\ARPPRODUCTICON.exe

[2009.02.22 11:11:29 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft\Installer\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}\ARPPRODUCTICON.exe

[2009.02.22 11:12:02 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe

[2009.01.25 12:15:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft\Installer\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}\_294823.exe

[2011.05.01 14:24:57 | 000,425,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

[2011.05.01 14:24:57 | 000,546,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2008.07.17 16:55:38 | 004,624,384 | ---- | M] () -- C:\BUDNI Fotowelt.exe

[2008.04.22 17:05:18 | 002,648,768 | ---- | M] (Microsoft Corporation) -- C:\vcredist_x86.exe

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.11.21 16:35:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2008.11.21 16:35:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.11.21 16:35:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2008.11.21 16:35:33 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2005.10.09 00:51:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2005.10.09 00:51:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2005.10.09 00:51:04 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.04.14 04:22:10 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll

[2004.08.04 14:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll

[2008.04.14 04:22:18 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 85 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX

@Alternate Data Stream - 85 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Namco Networks:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A7364D37AEE5DAD1

@Alternate Data Stream - 24 bytes -> \WINDOWS:A7364D37AEE5DAD1
 

< End of report >

--- --- ---
Viele grüße,
Mike

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f84595040000000000000012bf63dc31&tlver=1.4.19.19&ss=1&affID=17395

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()

[2006.12.12 16:57:25 | 006,848,212 | ---- | C] (                                                            ) -- C:\Programme\Budni.exe

[2010.12.23 18:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Upymaz

@Alternate Data Stream - 85 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX

@Alternate Data Stream - 85 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Namco Networks:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A7364D37AEE5DAD1

@Alternate Data Stream - 24 bytes -> \WINDOWS:A7364D37AEE5DAD1

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hi Arne,

ist geschehen. Hier das Logfile:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully.
C:\Programme\AskSearch\bin\DefaultSearch.dll moved successfully.
C:\Programme\Budni.exe moved successfully.
C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Upymaz folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Desktop:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Namco Networks:$ES_DESCRIPTOR_PBVUV1VK9V89KMRVCL9YERB3CKNVYNK9DBGB4WKX8JVX6RVDBFNTBV3CHBPB2PY6VVV4VVVVVVFJVX deleted successfully.
ADS C:\WINDOWS:A7364D37AEE5DAD1 deleted successfully.
Unable to delete ADS \WINDOWS:A7364D37AEE5DAD1 .
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 922446747 bytes
->Temporary Internet Files folder emptied: 501833180 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55954387 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1532950 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 490713673 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19641 bytes
%systemroot%\System32 .tmp files removed: 3210631 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144574266 bytes
RecycleBin emptied: 141527669 bytes

Total Files Cleaned = 2.157,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05032011_200051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Der Desktop ist immer noch leer und es können auch keine Verknüpfungen hier erstellt werden.

Viele Grüße,
Mike

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hi Arne,

hier das Kaspersky log:

2011/05/04 18:48:34.0843 3848 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/04 18:48:35.0140 3848 ================================================================================
2011/05/04 18:48:35.0140 3848 SystemInfo:
2011/05/04 18:48:35.0140 3848
2011/05/04 18:48:35.0140 3848 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/04 18:48:35.0140 3848 Product type: Workstation
2011/05/04 18:48:35.0140 3848 ComputerName: NATHAN
2011/05/04 18:48:35.0140 3848 UserName: Michael
2011/05/04 18:48:35.0140 3848 Windows directory: C:\WINDOWS
2011/05/04 18:48:35.0140 3848 System windows directory: C:\WINDOWS
2011/05/04 18:48:35.0140 3848 Processor architecture: Intel x86
2011/05/04 18:48:35.0140 3848 Number of processors: 2
2011/05/04 18:48:35.0140 3848 Page size: 0x1000
2011/05/04 18:48:35.0140 3848 Boot type: Normal boot
2011/05/04 18:48:35.0140 3848 ================================================================================
2011/05/04 18:48:44.0609 3848 Initialize success
2011/05/04 18:48:47.0937 1648 ================================================================================
2011/05/04 18:48:47.0937 1648 Scan started
2011/05/04 18:48:47.0937 1648 Mode: Manual;
2011/05/04 18:48:47.0937 1648 ================================================================================
2011/05/04 18:48:53.0625 1648 3xHybrid (56f93517bb4125a154e2a50b71bff469) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
2011/05/04 18:48:53.0796 1648 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/05/04 18:48:53.0875 1648 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/04 18:48:53.0921 1648 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/04 18:48:53.0968 1648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/04 18:48:54.0015 1648 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/04 18:48:54.0062 1648 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/04 18:48:54.0125 1648 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/04 18:48:54.0312 1648 AnyDVD (c6a45fee274fb31daf3de1e12d53a191) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/05/04 18:48:54.0390 1648 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/04 18:48:54.0421 1648 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
2011/05/04 18:48:54.0593 1648 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
2011/05/04 18:48:54.0640 1648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/04 18:48:54.0671 1648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/04 18:48:54.0812 1648 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/05/04 18:48:54.0859 1648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/04 18:48:54.0906 1648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/04 18:48:54.0984 1648 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/05/04 18:48:55.0031 1648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/04 18:48:55.0078 1648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/04 18:48:55.0109 1648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/04 18:48:55.0171 1648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/04 18:48:55.0203 1648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/04 18:48:55.0250 1648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/04 18:48:55.0515 1648 CMISTOR (bbdd16b65f669f8d62d12fbc47289897) C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
2011/05/04 18:48:55.0765 1648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/04 18:48:55.0921 1648 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/04 18:48:55.0953 1648 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/04 18:48:55.0984 1648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/04 18:48:56.0109 1648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/04 18:48:56.0203 1648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/04 18:48:56.0234 1648 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/05/04 18:48:56.0312 1648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/04 18:48:56.0375 1648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/04 18:48:56.0406 1648 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/04 18:48:56.0421 1648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/04 18:48:56.0484 1648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/04 18:48:56.0546 1648 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys
2011/05/04 18:48:56.0718 1648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/04 18:48:56.0765 1648 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/04 18:48:56.0828 1648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/04 18:48:56.0875 1648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/04 18:48:56.0921 1648 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/04 18:48:56.0968 1648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/04 18:48:57.0046 1648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/04 18:48:57.0125 1648 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/04 18:48:57.0171 1648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/04 18:48:57.0359 1648 IntcAzAudAddService (6708cfa52d71374371f61435845f3c9b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/04 18:48:57.0437 1648 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/04 18:48:57.0468 1648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/04 18:48:57.0500 1648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/04 18:48:57.0531 1648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/04 18:48:57.0562 1648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/04 18:48:57.0593 1648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/04 18:48:57.0625 1648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/04 18:48:57.0656 1648 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/04 18:48:57.0703 1648 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/04 18:48:57.0734 1648 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/04 18:48:57.0781 1648 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\WINDOWS\system32\drivers\kl1.sys
2011/05/04 18:48:57.0796 1648 klbg (1fdd35aa7efaeb283198a3b14800f37e) C:\WINDOWS\system32\drivers\klbg.sys
2011/05/04 18:48:57.0828 1648 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2011/05/04 18:48:57.0875 1648 klif (204b4f4355097bab0c2de8b097d947dd) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/05/04 18:48:57.0937 1648 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/05/04 18:48:57.0984 1648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/04 18:48:58.0031 1648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/04 18:48:58.0140 1648 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/05/04 18:48:58.0203 1648 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/05/04 18:48:58.0296 1648 MIINPazX (c8907d722b398d002c227f08761b5687) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
2011/05/04 18:48:58.0437 1648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/04 18:48:58.0484 1648 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/04 18:48:58.0500 1648 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/04 18:48:58.0546 1648 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/04 18:48:58.0671 1648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/04 18:48:58.0750 1648 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/05/04 18:48:58.0812 1648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/04 18:48:58.0859 1648 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/04 18:48:59.0000 1648 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/05/04 18:48:59.0031 1648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/04 18:48:59.0171 1648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/04 18:48:59.0203 1648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/04 18:48:59.0250 1648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/04 18:48:59.0296 1648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/04 18:48:59.0343 1648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/04 18:48:59.0390 1648 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/04 18:48:59.0437 1648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/04 18:48:59.0484 1648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/04 18:48:59.0531 1648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/04 18:48:59.0546 1648 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/04 18:48:59.0609 1648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/04 18:48:59.0640 1648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/04 18:48:59.0671 1648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/04 18:48:59.0718 1648 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
2011/05/04 18:48:59.0750 1648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/04 18:48:59.0781 1648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/04 18:48:59.0843 1648 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/04 18:48:59.0890 1648 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/05/04 18:48:59.0937 1648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/04 18:48:59.0984 1648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/04 18:49:00.0062 1648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/04 18:49:00.0171 1648 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/04 18:49:00.0250 1648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/04 18:49:00.0343 1648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/04 18:49:00.0390 1648 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/04 18:49:00.0421 1648 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/04 18:49:00.0453 1648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/04 18:49:00.0484 1648 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/04 18:49:00.0546 1648 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/04 18:49:00.0593 1648 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/04 18:49:00.0640 1648 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/04 18:49:00.0734 1648 PDNMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\drivers\PDNMp50.sys
2011/05/04 18:49:00.0859 1648 PDNSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\drivers\PDNSp50.sys
2011/05/04 18:49:01.0171 1648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/04 18:49:01.0218 1648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/04 18:49:01.0281 1648 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/04 18:49:01.0515 1648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/04 18:49:01.0562 1648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/04 18:49:01.0625 1648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/04 18:49:01.0656 1648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/04 18:49:01.0718 1648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/04 18:49:01.0750 1648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/04 18:49:01.0812 1648 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/04 18:49:01.0859 1648 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/04 18:49:01.0968 1648 RT2500USB (b2a5e9d580a61b57ad91fa64a4789aba) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2011/05/04 18:49:02.0000 1648 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/04 18:49:02.0062 1648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/04 18:49:02.0125 1648 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/04 18:49:02.0156 1648 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/04 18:49:02.0296 1648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/04 18:49:02.0390 1648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/04 18:49:02.0453 1648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/04 18:49:02.0484 1648 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/04 18:49:02.0531 1648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/04 18:49:02.0671 1648 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\WINDOWS\system32\STEC3.sys
2011/05/04 18:49:02.0859 1648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/04 18:49:02.0890 1648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/04 18:49:02.0921 1648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/04 18:49:03.0062 1648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/04 18:49:03.0109 1648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/04 18:49:03.0140 1648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/04 18:49:03.0171 1648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/04 18:49:03.0203 1648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/04 18:49:03.0281 1648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/04 18:49:03.0375 1648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/04 18:49:03.0453 1648 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/04 18:49:03.0593 1648 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/04 18:49:03.0640 1648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/04 18:49:03.0687 1648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/04 18:49:03.0734 1648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/04 18:49:03.0796 1648 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/04 18:49:03.0859 1648 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/04 18:49:03.0921 1648 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/04 18:49:03.0968 1648 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/04 18:49:04.0000 1648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/04 18:49:04.0062 1648 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/04 18:49:04.0125 1648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/04 18:49:04.0203 1648 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/04 18:49:04.0281 1648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/04 18:49:04.0750 1648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/04 18:49:04.0843 1648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/04 18:49:04.0890 1648 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/04 18:49:04.0906 1648 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/04 18:49:05.0062 1648 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2011/05/04 18:49:05.0171 1648 ================================================================================
2011/05/04 18:49:05.0171 1648 Scan finished
2011/05/04 18:49:05.0171 1648 ================================================================================

Unhide habe ich durchgeführt: Ich kann meine Ordner und Dokumente wieder sehen.
Aber der Desktop bleibt leer und es lassen sich auch keine Verknüfungen mehr auf dem Desktop erstellen.
Auch einige Programme im Startmenü sind leer, obwohl ich sie vom Explorer aus starten kann. Und scheinbar sind einige Programme völlig abhanden gekommen, wie z.B. Nero!?

Viele Grüße,
Mike

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hi Arne,

hier die combofix.txt:
Combofix Logfile:

Code:

ComboFix 11-05-03.08 - Michael 04.05.2011  20:28:06.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1453 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Michael\Desktop\cofi.exe

AV: Kaspersky Security Suite CBE 09 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Security Suite CBE 09 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Default User\WINDOWS

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\1.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\a.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\b.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\c.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\d.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\e.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\f.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\g.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\h.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\i.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\J.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\k.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\l.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\m.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\mru.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\n.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\o.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\p.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\q.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\r.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\s.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\t.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\u.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\v.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\w.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\x.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\y.xml

c:\dokumente und einstellungen\Michael\Anwendungsdaten\PriceGong\Data\z.xml

c:\dokumente und einstellungen\Michael\Desktop\install_flash_player.exe

c:\dokumente und einstellungen\Michael\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\STEC3.sys

D:\install.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_STEC3

-------\Service_STEC3

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))

.

.

2011-05-03 18:00 . 2011-05-03 18:00        --------        d-----w-        C:\_OTL

2011-05-01 09:20 . 2011-04-14 16:40        142296        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll

2011-05-01 09:20 . 2011-04-14 16:40        781272        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll

2011-05-01 09:20 . 2011-04-14 16:40        1874904        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll

2011-05-01 09:20 . 2011-04-14 16:40        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll

2011-05-01 09:20 . 2011-04-14 16:40        89048        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll

2011-05-01 09:20 . 2011-04-14 16:40        465880        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll

2011-05-01 09:20 . 2010-01-01 08:00        1974616        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_42.dll

2011-05-01 09:20 . 2010-01-01 08:00        1892184        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_42.dll

2011-05-01 09:16 . 2011-05-01 09:16        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache

2011-05-01 09:13 . 2011-05-01 09:13        --------        d-sh--w-        c:\dokumente und einstellungen\Michael\IETldCache

2011-05-01 08:56 . 2011-05-01 09:00        --------        dc-h--w-        c:\windows\ie8

2011-05-01 08:41 . 2010-10-18 11:10        7680        -c----w-        c:\windows\system32\dllcache\iecompat.dll

2011-05-01 08:41 . 2011-02-22 23:05        743424        -c----w-        c:\windows\system32\dllcache\iedvtool.dll

2011-05-01 08:41 . 2011-02-22 23:05        247808        -c----w-        c:\windows\system32\dllcache\ieproxy.dll

2011-05-01 08:41 . 2011-02-22 23:05        12800        -c----w-        c:\windows\system32\dllcache\xpshims.dll

2011-04-30 10:54 . 2011-04-30 10:54        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-30 10:50 . 2011-05-04 18:17        --------        d-----w-        c:\programme\CCleaner

2011-04-30 10:49 . 2011-04-30 10:49        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-29 18:32 . 2011-04-29 18:32        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Malwarebytes

2011-04-29 18:32 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-29 18:32 . 2011-04-29 18:32        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-04-29 18:32 . 2011-04-29 18:32        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-04-29 18:32 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-27 17:29 . 2011-04-27 17:29        --------        d-----w-        c:\programme\iPod

2011-04-27 17:25 . 2011-04-27 17:25        --------        d-----w-        c:\programme\Bonjour

2011-04-25 15:11 . 2011-04-25 15:11        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\DVDVideoSoft

2011-04-21 08:33 . 2008-11-07 16:55        16928        ------w-        c:\windows\system32\spmsgXP_2k3.dll

2011-04-16 09:10 . 2011-04-16 09:10        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Red Kawa

2011-04-16 09:08 . 2011-04-16 09:08        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Regensoft

2011-04-16 09:07 . 2011-04-16 09:07        --------        d-----w-        c:\dokumente und einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Geckofx

2011-04-16 09:07 . 2011-04-16 09:07        --------        d-----w-        c:\programme\Regensoft

2011-04-16 09:07 . 2011-04-16 09:07        --------        d-----w-        c:\programme\AviSynth 2.5

2011-04-16 09:06 . 2011-04-16 09:06        --------        d-----w-        c:\programme\Red Kawa

2011-04-15 19:35 . 2011-04-15 19:35        --------        d-----w-        c:\programme\Conduit

2011-04-14 01:39 . 2011-04-14 01:39        103864        ----a-w-        c:\programme\Mozilla Firefox\plugins\nppdf32.dll

2011-04-14 01:39 . 2011-04-14 01:39        103864        ----a-w-        c:\programme\Internet Explorer\PLUGINS\nppdf32.dll

2011-04-10 13:03 . 2011-04-10 13:03        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\BabylonToolbar

2011-04-10 12:54 . 2011-04-29 18:19        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Guitar Pro 6

2011-04-10 12:54 . 2011-04-10 12:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Guitar Pro 6

2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2005-10-08 20:56        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2005-10-09 05:46        420864        ----a-w-        c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2005-10-09 05:46        1858048        ----a-w-        c:\windows\system32\win32k.sys

2011-02-22 23:05 . 2005-10-09 05:46        916480        ----a-w-        c:\windows\system32\wininet.dll

2011-02-22 23:05 . 2005-10-09 05:46        43520        ------w-        c:\windows\system32\licmgr10.dll

2011-02-22 23:05 . 2005-10-09 05:46        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2005-10-09 05:46        385024        ------w-        c:\windows\system32\html.iec

2011-02-18 15:36 . 2009-03-31 18:00        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll

2011-02-18 15:36 . 2008-03-27 13:35        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys

2011-02-17 13:18 . 2005-10-09 05:46        455936        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2005-10-09 05:46        357888        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2005-10-09 05:46        290432        ----a-w-        c:\windows\system32\atmfd.dll

2011-02-11 14:44 . 2005-10-08 13:30        236032        ----a-w-        c:\windows\system32\fxscover.exe

2011-02-09 13:53 . 2005-10-09 05:46        270848        ----a-w-        c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2005-10-09 05:46        186880        ----a-w-        c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2005-10-09 05:46        978944        ----a-w-        c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2005-10-09 05:46        974848        ----a-w-        c:\windows\system32\mfc42u.dll

2008-08-22 23:42 . 2010-06-06 12:34        386048        ----a-w-        c:\programme\mp4toavi.exe

2011-04-14 16:40 . 2011-05-01 09:20        142296        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 11:26        3908192        ----a-w-        c:\programme\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]

"AnyDVD"="c:\programme\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-07-27 4455360]

"LaunchList"="c:\programme\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

"BitTorrent DNA"="c:\programme\DNA\btdna.exe" [2009-10-07 323392]

"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2006-02-22 143360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]

"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2006-01-27 176128]

"CHotkey"="mHotkey.exe" [2004-12-08 550912]

"ledpointer"="CNYHKey.exe" [2005-11-10 5585408]

"Showwnd"="showwnd.exe" [2003-09-18 36864]

"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]

"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]

"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2008-03-27 73728]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"AVP"="c:\programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe" [2010-02-03 208616]

"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]

"Lexmark X6100 Series"="c:\programme\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%ProgramFiles%\\Messenger\\msmsgs.exe"=

"%ProgramFiles%\\AOL 9.0\\AOL.exe"=

"%WinDir%\\system32\\fxsclnt.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=

"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=

"c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"=

"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\DNA\\btdna.exe"=

"c:\\Programme\\BitTorrent\\bittorrent.exe"=

"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 18:29 32784]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.10.2005 15:01 826752]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [28.02.2006 15:51 72320]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 19:02 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.12.2007 15:28 24592]

S0 rseb;rseb; [x]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.05.2011 20:16 136176]

S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [26.08.2006 13:32 17152]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [13.03.2011 20:25 18432]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 22:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 22:46 27072]

S3 pfsvgae;pfsvgae;\??\c:\dokume~1\Michael\LOKALE~1\Temp\pfsvgae.sys --> c:\dokume~1\Michael\LOKALE~1\Temp\pfsvgae.sys [?]

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 12:23        452136        ----a-w-        c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

.

2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-04 18:15]

.

2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-04 18:15]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm

DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} - hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab

FF - ProfilePath - c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

HKLM-Run-NWEReboot - (no file)

AddRemove-{FAF88B432344413595BB2DED98385684} - c:\programme\DivX\DivXUserGuideUninstall

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-04 20:41

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(960)

c:\programme\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\programme\Windows Media Player\wmpband.dll

c:\programme\Windows Desktop Search\deskbar.dll

c:\programme\Windows Desktop Search\de-de\dbres.dll.mui

c:\programme\Windows Desktop Search\dbres.dll

c:\programme\Windows Desktop Search\wordwheel.dll

c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui

c:\programme\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\mHotkey.exe

c:\windows\CNYHKey.exe

c:\windows\system32\nvsvc32.exe

c:\programme\CyberLink\Shared Files\RichVideo.exe

c:\programme\UPHClean\uphclean.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\SearchIndexer.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\programme\Lexmark X6100 Series\lxbfbmon.exe

c:\programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

c:\programme\Windows Media Player\WMPNetwk.exe

c:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-05-04  20:43:29 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-05-04 18:43

.

Vor Suchlauf: 22 Verzeichnis(se), 18.926.886.912 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 18.878.050.304 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

.

- - End Of File - - DC277741B3A318C922DF6000242F41E5

--- --- ---
Auf dem Desktop sind jetzt alle Symbole wieder sichtbar!

Viele Grüße,
Mike

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

File::

c:\dokume~1\Michael\LOKALE~1\Temp\pfsvgae.sys
 

Driver::

rseb

pfsvgae

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hi Arne,

hier die Log Datei:
Combofix Logfile:

Code:

ComboFix 11-05-03.08 - Michael 05.05.2011  18:29:11.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1529 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Michael\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Michael\Desktop\CFScript.txt

AV: Kaspersky Security Suite CBE 09 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Security Suite CBE 09 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

FILE ::

"c:\dokume~1\Michael\LOKALE~1\Temp\pfsvgae.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_PFSVGAE

-------\Service_pfsvgae

-------\Service_rseb

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-05 bis 2011-05-05  ))))))))))))))))))))))))))))))

.

.

2011-05-04 19:59 . 2011-05-04 19:59        --------        d-----w-        c:\programme\Gemeinsame Dateien\Plasmoo

2011-05-04 19:24 . 2011-05-04 19:24        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Nero

2011-05-04 19:20 . 2011-05-04 19:20        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero

2011-05-04 19:14 . 2011-05-04 19:14        --------        d-----w-        c:\programme\Microsoft Silverlight

2011-05-04 19:13 . 2011-05-04 19:13        --------        d-----w-        c:\programme\Ask.com

2011-05-03 18:00 . 2011-05-03 18:00        --------        d-----w-        C:\_OTL

2011-05-01 09:20 . 2011-04-14 16:40        142296        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll

2011-05-01 09:20 . 2011-04-14 16:40        781272        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll

2011-05-01 09:20 . 2011-04-14 16:40        1874904        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll

2011-05-01 09:20 . 2011-04-14 16:40        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll

2011-05-01 09:20 . 2011-04-14 16:40        89048        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll

2011-05-01 09:20 . 2011-04-14 16:40        465880        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll

2011-05-01 09:20 . 2010-01-01 08:00        1974616        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_42.dll

2011-05-01 09:20 . 2010-01-01 08:00        1892184        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_42.dll

2011-05-01 09:16 . 2011-05-01 09:16        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache

2011-05-01 09:13 . 2011-05-01 09:13        --------        d-sh--w-        c:\dokumente und einstellungen\Michael\IETldCache

2011-05-01 08:56 . 2011-05-01 09:00        --------        dc-h--w-        c:\windows\ie8

2011-05-01 08:41 . 2010-10-18 11:10        7680        -c----w-        c:\windows\system32\dllcache\iecompat.dll

2011-05-01 08:41 . 2011-02-22 23:05        743424        -c----w-        c:\windows\system32\dllcache\iedvtool.dll

2011-05-01 08:41 . 2011-02-22 23:05        247808        -c----w-        c:\windows\system32\dllcache\ieproxy.dll

2011-05-01 08:41 . 2011-02-22 23:05        12800        -c----w-        c:\windows\system32\dllcache\xpshims.dll

2011-04-30 10:54 . 2011-04-30 10:54        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-30 10:50 . 2011-05-04 18:17        --------        d-----w-        c:\programme\CCleaner

2011-04-30 10:49 . 2011-04-30 10:49        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-29 18:32 . 2011-04-29 18:32        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Malwarebytes

2011-04-29 18:32 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-29 18:32 . 2011-04-29 18:32        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-04-29 18:32 . 2011-04-29 18:32        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-04-29 18:32 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-27 17:29 . 2011-04-27 17:29        --------        d-----w-        c:\programme\iPod

2011-04-27 17:25 . 2011-04-27 17:25        --------        d-----w-        c:\programme\Bonjour

2011-04-25 15:11 . 2011-04-25 15:11        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\DVDVideoSoft

2011-04-21 08:33 . 2008-11-07 16:55        16928        ------w-        c:\windows\system32\spmsgXP_2k3.dll

2011-04-16 09:10 . 2011-04-16 09:10        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Red Kawa

2011-04-16 09:08 . 2011-04-16 09:08        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Regensoft

2011-04-16 09:07 . 2011-04-16 09:07        --------        d-----w-        c:\dokumente und einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Geckofx

2011-04-16 09:07 . 2011-04-16 09:07        --------        d-----w-        c:\programme\Regensoft

2011-04-16 09:07 . 2011-04-16 09:07        --------        d-----w-        c:\programme\AviSynth 2.5

2011-04-16 09:06 . 2011-04-16 09:06        --------        d-----w-        c:\programme\Red Kawa

2011-04-15 19:35 . 2011-04-15 19:35        --------        d-----w-        c:\programme\Conduit

2011-04-14 01:39 . 2011-04-14 01:39        103864        ----a-w-        c:\programme\Mozilla Firefox\plugins\nppdf32.dll

2011-04-14 01:39 . 2011-04-14 01:39        103864        ----a-w-        c:\programme\Internet Explorer\PLUGINS\nppdf32.dll

2011-04-10 13:03 . 2011-04-10 13:03        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\BabylonToolbar

2011-04-10 12:54 . 2011-04-29 18:19        --------        d-----w-        c:\dokumente und einstellungen\Michael\Anwendungsdaten\Guitar Pro 6

2011-04-10 12:54 . 2011-04-10 12:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Guitar Pro 6

2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2005-10-08 20:56        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2005-10-09 05:46        420864        ----a-w-        c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2005-10-09 05:46        1858048        ----a-w-        c:\windows\system32\win32k.sys

2011-02-22 23:05 . 2005-10-09 05:46        916480        ----a-w-        c:\windows\system32\wininet.dll

2011-02-22 23:05 . 2005-10-09 05:46        43520        ------w-        c:\windows\system32\licmgr10.dll

2011-02-22 23:05 . 2005-10-09 05:46        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2005-10-09 05:46        385024        ------w-        c:\windows\system32\html.iec

2011-02-18 15:36 . 2009-03-31 18:00        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll

2011-02-18 15:36 . 2008-03-27 13:35        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys

2011-02-17 13:18 . 2005-10-09 05:46        455936        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2005-10-09 05:46        357888        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2005-10-09 05:46        290432        ----a-w-        c:\windows\system32\atmfd.dll

2011-02-11 14:44 . 2005-10-08 13:30        236032        ----a-w-        c:\windows\system32\fxscover.exe

2011-02-09 13:53 . 2005-10-09 05:46        270848        ----a-w-        c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2005-10-09 05:46        186880        ----a-w-        c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2005-10-09 05:46        978944        ----a-w-        c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2005-10-09 05:46        974848        ----a-w-        c:\windows\system32\mfc42u.dll

2008-08-22 23:42 . 2010-06-06 12:34        386048        ----a-w-        c:\programme\mp4toavi.exe

2011-04-14 16:40 . 2011-05-01 09:20        142296        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-05-04_18.37.44   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 18:54 . 2009-07-11 18:54        65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll

+ 2009-07-11 18:32 . 2009-07-11 18:32        40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll

+ 2009-07-11 23:07 . 2009-07-11 23:07        57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll

+ 2009-07-11 23:19 . 2009-07-11 23:19        69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll

+ 2009-07-11 17:41 . 2009-07-11 17:41        97280              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

+ 2011-05-05 16:38 . 2011-05-05 16:38        16384              c:\windows\Temp\Perflib_Perfdata_224.dat

+ 2011-05-04 19:14 . 2011-05-04 19:14        38400              c:\windows\Installer\2034c5.msi

+ 2011-05-04 19:14 . 2011-05-04 19:14        49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-05-04 19:22 . 2011-05-04 19:22        75048              c:\windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe

+ 2011-05-04 19:22 . 2011-05-04 19:22        606720              c:\windows\Installer\2b8e1.msi

+ 2011-05-04 19:10 . 2011-05-04 19:10        424960              c:\windows\Installer\2034b6.msi

+ 2011-05-04 19:20 . 2011-05-04 19:20        587048              c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe

+ 2011-05-04 19:20 . 2011-05-04 19:20        587048              c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe

+ 2011-05-04 19:20 . 2011-05-04 19:20        587048              c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ARPPRODUCTICON.exe

+ 2011-05-04 19:13 . 2011-05-04 19:13        102400              c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe

+ 2011-05-04 19:19 . 2011-05-04 19:19        300328              c:\windows\Installer\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}\ARPPRODUCTICON.exe

+ 2011-05-04 19:19 . 2011-05-04 19:19        587048              c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe

+ 2011-05-04 19:19 . 2011-05-04 19:19        587048              c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ARPPRODUCTICON.exe

+ 2009-07-11 18:46 . 2009-07-11 18:46        1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll

+ 2009-07-11 18:46 . 2009-07-11 18:46        1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll

+ 2008-08-16 21:05 . 2011-05-05 16:37        1313568              c:\windows\system32\drivers\fidbox2.dat

- 2008-08-16 21:05 . 2011-05-04 18:34        1313568              c:\windows\system32\drivers\fidbox2.dat

+ 2011-05-04 19:20 . 2011-05-04 19:20        1613312              c:\windows\Installer\2b890.msi

+ 2011-05-04 19:20 . 2011-05-04 19:20        2882048              c:\windows\Installer\2b887.msi

+ 2011-05-04 19:19 . 2011-05-04 19:19        8826368              c:\windows\Installer\2b87e.msi

+ 2011-05-04 19:19 . 2011-05-04 19:19        2030080              c:\windows\Installer\2b875.msi

+ 2011-05-04 19:13 . 2011-05-04 19:13        1885696              c:\windows\Installer\2034be.msi

- 2008-08-16 21:05 . 2011-05-04 18:34        22792480              c:\windows\system32\drivers\fidbox.dat

+ 2008-08-16 21:05 . 2011-05-05 16:37        22792480              c:\windows\system32\drivers\fidbox.dat

+ 2011-05-04 19:19 . 2011-05-04 19:19        11245568              c:\windows\Installer\2b86d.msi

+ 2011-05-04 19:14 . 2011-05-04 19:14        20314624              c:\windows\Installer\2034cd.msp

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 11:26        3908192        ----a-w-        c:\programme\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-21 10:17        1233288        ----a-w-        c:\programme\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]

"AnyDVD"="c:\programme\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-07-27 4455360]

"LaunchList"="c:\programme\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

"BitTorrent DNA"="c:\programme\DNA\btdna.exe" [2009-10-07 323392]

"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2006-02-22 143360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]

"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2006-01-27 176128]

"CHotkey"="mHotkey.exe" [2004-12-08 550912]

"ledpointer"="CNYHKey.exe" [2005-11-10 5585408]

"Showwnd"="showwnd.exe" [2003-09-18 36864]

"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]

"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]

"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2008-03-27 73728]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"AVP"="c:\programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe" [2010-02-03 208616]

"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]

"Lexmark X6100 Series"="c:\programme\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%ProgramFiles%\\Messenger\\msmsgs.exe"=

"%ProgramFiles%\\AOL 9.0\\AOL.exe"=

"%WinDir%\\system32\\fxsclnt.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=

"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=

"c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"=

"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\DNA\\btdna.exe"=

"c:\\Programme\\BitTorrent\\bittorrent.exe"=

"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

.

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 18:29 32784]

R2 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [29.03.2011 15:33 598312]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.10.2005 15:01 826752]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [28.02.2006 15:51 72320]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 19:02 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.12.2007 15:28 24592]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.05.2011 20:16 136176]

S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [26.08.2006 13:32 17152]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [13.03.2011 20:25 18432]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 22:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 22:46 27072]

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 12:23        452136        ----a-w-        c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

.

2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-04 18:15]

.

2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-04 18:15]

.

2011-05-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\programme\Ask.com\UpdateTask.exe [2010-05-21 10:17]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

IE: Free YouTube to iPod Converter - c:\dokumente und einstellungen\Michael\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm

IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm

DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} - hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab

FF - ProfilePath - c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\dotrf88p.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-05 18:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(3168)

c:\programme\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\programme\Windows Media Player\wmpband.dll

c:\programme\Windows Desktop Search\deskbar.dll

c:\programme\Windows Desktop Search\de-de\dbres.dll.mui

c:\programme\Windows Desktop Search\dbres.dll

c:\programme\Windows Desktop Search\wordwheel.dll

c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui

c:\programme\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\mHotkey.exe

c:\windows\CNYHKey.exe

c:\windows\system32\nvsvc32.exe

c:\programme\CyberLink\Shared Files\RichVideo.exe

c:\programme\UPHClean\uphclean.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\RTHDCPL.EXE

c:\programme\Lexmark X6100 Series\lxbfbmon.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

c:\programme\Windows Media Player\WMPNetwk.exe

c:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-05-05  18:45:30 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-05-05 16:45

ComboFix2.txt  2011-05-04 18:43

.

Vor Suchlauf: 22 Verzeichnis(se), 18.248.007.680 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 18.410.012.672 Bytes frei

.

- - End Of File - - 3DE3846C26BE59E749A1327969525F57

--- --- ---
Viele Grüße,
Mike

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hallo Arne,

so, hier die GMR Log-Datei:
GMER Logfile:

Code:

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-07 07:09:12

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3250824AS rev.3.AAE

Running: 759glerw.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwAdjustPrivilegesToken [0xB5C7F224]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwClose [0xB5C7F7F8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwConnectPort [0xB5C81234]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateFile [0xB5C80BE6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateKey [0xB5C7E99A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateSymbolicLinkObject [0xB5C82BC6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateThread [0xB5C7F5F8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeleteKey [0xB5C7EDDC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeleteValueKey [0xB5C7EFDC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeviceIoControlFile [0xB5C80EF6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDuplicateObject [0xB5C830CE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwEnumerateKey [0xB5C7F0F2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwEnumerateValueKey [0xB5C7F15A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwFsControlFile [0xB5C80DA8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwLoadDriver [0xB5C8266A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenFile [0xB5C80A42]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenKey [0xB5C7EAFC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenProcess [0xB5C7F3FC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenSection [0xB5C82BF0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenThread [0xB5C7F348]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryKey [0xB5C7F1C2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryMultipleValueKey [0xB5C7EEC6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryValueKey [0xB5C7ECA4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueueApcThread [0xB5C828D2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwReplaceKey [0xB5C7E61C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwRequestWaitReplyPort [0xB5C81ABE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwRestoreKey [0xB5C7E77E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwResumeThread [0xB5C82FA0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSaveKey [0xB5C7E41A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSecureConnectPort [0xB5C810D6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetContextThread [0xB5C7F6F6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetSecurityObject [0xB5C82764]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetSystemInformation [0xB5C82C1A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetValueKey [0xB5C7EB52]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSuspendProcess [0xB5C82CFE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSuspendThread [0xB5C82E2A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSystemDebugControl [0xB5C82596]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwTerminateProcess [0xB5C7F4C8]

SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                     ZwUnloadKey [0xB2FBB6D0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwWriteVirtualMemory [0xB5C7F53A]
 

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 FsRtlCheckLockForReadAccess

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 IoIsOperationSynchronous
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                            804EAF84 5 Bytes  JMP B5C96874 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                               804EF912 5 Bytes  JMP B5C96C2E \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C88                                                                                80504524 4 Bytes  [9A, E9, C7, B5]

.text           ntkrnlpa.exe!ZwCallbackReturn + 2DC0                                                                                8050465C 4 Bytes  [FC, EA, C7, B5]

.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                                                80504874 12 Bytes  [FE, 2C, C8, B5, 2A, 2E, C8, ...]

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB8711360, 0x20469D, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB406A300, 0x3ACC8, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xBA378300, 0x1B7E, 0xE8000020]

?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                         Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\SearchIndexer.exe[3976] kernel32.dll!WriteFile                                                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B992FDA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B992FDA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x7A 0x45 0x05 0xFD ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Und hier die OSAM Log-Datei:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 07:51:59 on 07.05.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 4.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe  (File found, but it contains no detailed information)
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)

"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl

"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AEGIS Protocol (IEEE 802.1x) v3.4.0.1" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys

"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys

"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"FreshIO" (FreshIO) - ? - C:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\System32\drivers\kl1.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"MIINPazX NDIS Protocol Driver" (MIINPazX) - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNMp50.sys

"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNSp50.sys

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"ugtdqpob" (ugtdqpob) - ? - C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys  (Hidden registry entry, rootkit activity | File not found)

"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - C:\Programme\Illustrate\dBpoweramp\dBShell.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - C:\Programme\Illustrate\dBpoweramp\dMCShell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll  (File not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll

{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 11\programs\BlueShellExt.dll  (File found, but it contains no detailed information)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"MedionShop" - ? - MEDIONshop Deutschland  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{3DF6983D-D415-4AE5-8106-43987731DAA5} "AldiActiveFormX Element" - ? - C:\WINDOWS\DOWNLO~1\ALDI_E~1.OCX  (File found, but it contains no detailed information) / hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab

{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} "IPSUploader Control" - "IP Labs GmbH - Germany." - C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx / hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)

{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll

{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll

<binary data> "Nero Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar3.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{D4027C7F-154A-4066-A1AD-4243D8127440} "Nero Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AnyDVD" - "SlySoft, Inc." - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe

"BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe"

"LaunchList" - "Pinnacle Systems" - C:\Programme\Pinnacle\Studio 11\LaunchList2.exe

"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AlcFDMonitor" - "Realtek Semiconductor Corp." - C:\WINDOWS\ALCFDRTM.EXE

"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe

"AVP" - "Kaspersky Lab" - "C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe"

"CHotkey" - ? - mHotkey.exe

"InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "  (File not found)

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"LanguageShortcut" - ? - C:\Programme\CyberLink\PowerDVD\Language\Language.exe

"ledpointer" - "Chicony" - CNYHKey.exe

"Lexmark X6100 Series" - "Lexmark International, Inc." - "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"

"LexwareInfoService" - ? - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart  (File found, but it contains no detailed information)

"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"

"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"

"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

"Showwnd" - ? - showwnd.exe  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"@C:\Programme\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Programme\Nero\Update\NASvc.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe

"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Kaspersky Security Suite CBE 09" (avp) - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

"NMIndexingService" (NMIndexingService) - ? - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe"  (File not found)

"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys

"User Profile Hive Cleanup" (UPHClean) - "Microsoft Corporation" - C:\Programme\UPHClean\uphclean.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Und nun noch MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F10000 fltmgr.sys
0xB9EFE000 sr.sys
0xBA0F8000 klbg.sys
0xBA108000 PxHelp20.sys
0xB9EE7000 KSecDD.sys
0xB9E5A000 Ntfs.sys
0xB9E2D000 NDIS.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9E13000 Mup.sys
0xB98F4000 kl1.sys
0xBA338000 \WINDOWS\system32\drivers\TDI.SYS
0xBA298000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8AEF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8711000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB86FD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB86D5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB86B1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8ADF000 \SystemRoot\system32\DRIVERS\klfltdev.sys
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB85E7000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xB85C4000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xB84B8000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA4A0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8A9F000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB847C000 \SystemRoot\system32\DRIVERS\parport.sys
0xB8A8F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8463000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA4B0000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xB8A7F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8A6F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA370000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA380000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA739000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB98C8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB844C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA438000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA616000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB83EE000 \SystemRoot\system32\DRIVERS\update.sys
0xB98BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB5D9F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB5D7B000 \SystemRoot\system32\drivers\portcls.sys
0xBA1A8000 \SystemRoot\system32\drivers\drmk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA62C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB5C70000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA640000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6C4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA642000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3E8000 \SystemRoot\System32\drivers\vga.sys
0xBA644000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA646000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6261000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5C3D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB5BBC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5B94000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5B6E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5B4C000 \SystemRoot\System32\drivers\afd.sys
0xB8ABF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8AAF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5B21000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB5A89000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA400000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB5D5F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB59D7000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
0xB5D37000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB5974000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
0xBA398000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xB8490000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB5950000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA168000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5938000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5C29000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3B0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6D6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3D0000 \SystemRoot\System32\ATMFD.DLL
0xBA480000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB50BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB44C2000 \SystemRoot\system32\drivers\wdmaud.sys
0xB45FF000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA658000 \SystemRoot\system32\drivers\splitter.sys
0xB4474000 \SystemRoot\system32\drivers\kmixer.sys
0xB419D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4292000 \SystemRoot\System32\drivers\aspi32.sys
0xB406A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB3F11000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3D79000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA378000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB31C5000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB2FBB000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xB1596000 \??\C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys
0xAF217000 \SystemRoot\System32\Drivers\Udfs.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
676 C:\WINDOWS\system32\smss.exe
892 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
960 C:\WINDOWS\system32\services.exe
972 C:\WINDOWS\system32\lsass.exe
1140 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1276 C:\WINDOWS\system32\svchost.exe
1516 svchost.exe
1780 C:\WINDOWS\system32\LEXBCES.EXE
1852 C:\WINDOWS\system32\LEXPPS.EXE
1876 C:\WINDOWS\system32\spoolsv.exe
184 C:\WINDOWS\explorer.exe
544 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
596 C:\WINDOWS\system32\CmUCREye.exe
744 C:\Programme\Medion Info Display\MdionLCM.exe
764 C:\WINDOWS\mHotkey.exe
780 C:\WINDOWS\CNYHKey.exe
832 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
880 C:\WINDOWS\RTHDCPL.exe
884 C:\WINDOWS\ALCFDRTM.EXE
1224 C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
1296 C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
1376 svchost.exe
1440 C:\Programme\iTunes\iTunesHelper.exe
1556 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1560 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1596 C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
1568 C:\Programme\DNA\btdna.exe
1916 C:\Programme\Bonjour\mDNSResponder.exe
1984 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
1488 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
1444 C:\Programme\Windows Media Player\wmpnscfg.exe
1868 C:\WINDOWS\system32\svchost.exe
1612 C:\Programme\Java\jre6\bin\jqs.exe
2064 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
2104 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2628 C:\Programme\Nero\Update\NASvc.exe
2680 C:\WINDOWS\system32\nvsvc32.exe
2840 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2932 C:\WINDOWS\system32\svchost.exe
3116 C:\Programme\UPHClean\uphclean.exe
3676 wmpnetwk.exe
3976 C:\WINDOWS\system32\searchindexer.exe
1792 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2188 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
2648 C:\Programme\iPod\bin\iPodService.exe
608 alg.exe
2904 C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
3864 C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
3564 C:\WINDOWS\system32\wuauclt.exe
3792 C:\WINDOWS\system32\searchprotocolhost.exe
1168 searchfilterhost.exe
724 C:\Dokumente und Einstellungen\Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1A88FB21AE7DE3F2E2BB0173F7E9ECB617047576

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Ich danke dir wirklich für Deine unglaubliche Mühe!

Viele Grüße,
Mike

Zitat:

232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1A88FB21AE7DE3F2E2BB0173F7E9ECB617047576

Hast Du noch andere Betriebssystem außer WinXP drauf?

Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus.
Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen)
Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus MBRcheck und GMER nochmals aus und poste das neue Log.

Moin Arne,

alle erledigt. Hier die Logs nach dem Fixing:

GMER:
GMER Logfile:

Code:

GMER 1.0.15.15627 - hxxp://www.gmer.net

Rootkit scan 2011-05-08 09:38:16

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3250824AS rev.3.AAE

Running: 759glerw.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdqpob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwAdjustPrivilegesToken [0xB5783224]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwClose [0xB57837F8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwConnectPort [0xB5785234]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateFile [0xB5784BE6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateKey [0xB578299A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateSymbolicLinkObject [0xB5786BC6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwCreateThread [0xB57835F8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeleteKey [0xB5782DDC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeleteValueKey [0xB5782FDC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDeviceIoControlFile [0xB5784EF6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwDuplicateObject [0xB57870CE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwEnumerateKey [0xB57830F2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwEnumerateValueKey [0xB578315A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwFsControlFile [0xB5784DA8]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwLoadDriver [0xB578666A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenFile [0xB5784A42]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenKey [0xB5782AFC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenProcess [0xB57833FC]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenSection [0xB5786BF0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwOpenThread [0xB5783348]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryKey [0xB57831C2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryMultipleValueKey [0xB5782EC6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueryValueKey [0xB5782CA4]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwQueueApcThread [0xB57868D2]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwReplaceKey [0xB578261C]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwRequestWaitReplyPort [0xB5785ABE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwRestoreKey [0xB578277E]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwResumeThread [0xB5786FA0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSaveKey [0xB578241A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSecureConnectPort [0xB57850D6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetContextThread [0xB57836F6]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetSecurityObject [0xB5786764]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetSystemInformation [0xB5786C1A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSetValueKey [0xB5782B52]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSuspendProcess [0xB5786CFE]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSuspendThread [0xB5786E2A]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwSystemDebugControl [0xB5786596]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwTerminateProcess [0xB57834C8]

SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                     ZwUnloadKey [0xB296B6D0]

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 ZwWriteVirtualMemory [0xB578353A]
 

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 FsRtlCheckLockForReadAccess

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                 IoIsOperationSynchronous
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                            804EAF84 5 Bytes  JMP B579A874 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                               804EF912 5 Bytes  JMP B579AC2E \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                                                80504874 12 Bytes  [FE, 6C, 78, B5, 2A, 6E, 78, ...]

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB8201360, 0x20469D, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB3BBE300, 0x3ACC8, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xBA418300, 0x1B7E, 0xE8000020]

?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                         Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\SearchIndexer.exe[3764] kernel32.dll!WriteFile                                                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B992FDA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B992FDA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x7A 0x45 0x05 0xFD ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

MBR Check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F10000 fltmgr.sys
0xB9EFE000 sr.sys
0xBA0F8000 klbg.sys
0xBA108000 PxHelp20.sys
0xB9EE7000 KSecDD.sys
0xB9E5A000 Ntfs.sys
0xB9E2D000 NDIS.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9E13000 Mup.sys
0xB98F4000 kl1.sys
0xBA338000 \WINDOWS\system32\drivers\TDI.SYS
0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB90CB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8201000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB81ED000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB81C5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB81A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB90BB000 \SystemRoot\system32\DRIVERS\klfltdev.sys
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB80D7000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xB80B4000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA558000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xB7FA8000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB90AB000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA564000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB7F94000 \SystemRoot\system32\DRIVERS\parport.sys
0xB909B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB7F7B000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA470000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xB908B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB907B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA478000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA480000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA7A6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB906B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA578000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7F64000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB905B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB904B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA490000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB903B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA498000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7F06000 \SystemRoot\system32\DRIVERS\update.sys
0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7ED8000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xB8BFB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB58B7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB5893000 \SystemRoot\system32\drivers\portcls.sys
0xB8BEB000 \SystemRoot\system32\drivers\drmk.sys
0xB8BDB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB5774000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA370000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA5FA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB582F000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5FC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA388000 \SystemRoot\System32\drivers\vga.sys
0xBA5FE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA390000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA398000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA544000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5741000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8B9B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB56C0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB569A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5672000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8B8B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5650000 \SystemRoot\System32\drivers\afd.sys
0xB8B7B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5625000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB558D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8B6B000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA3A0000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB586F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA248000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB5569000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5557000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
0xB5867000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB551C000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
0xBA3A8000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xB5863000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB54DC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB584B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3D0000 \SystemRoot\System32\ATMFD.DLL
0xBA3D0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB5518000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4156000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4AFB000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5CC000 \SystemRoot\system32\drivers\splitter.sys
0xB40E0000 \SystemRoot\system32\drivers\kmixer.sys
0xB3EA6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3C51000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3C96000 \SystemRoot\System32\drivers\aspi32.sys
0xB3BBE000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB3009000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2E99000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA418000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB4283000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB296B000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
672 C:\WINDOWS\system32\smss.exe
888 csrss.exe
912 C:\WINDOWS\system32\winlogon.exe
956 C:\WINDOWS\system32\services.exe
968 C:\WINDOWS\system32\lsass.exe
1132 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1268 C:\WINDOWS\system32\svchost.exe
1432 svchost.exe
1756 C:\WINDOWS\system32\LEXBCES.EXE
1776 C:\WINDOWS\system32\spoolsv.exe
1800 C:\WINDOWS\system32\LEXPPS.EXE
236 C:\WINDOWS\explorer.exe
552 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
580 C:\WINDOWS\system32\CmUCREye.exe
728 C:\Programme\Medion Info Display\MdionLCM.exe
736 C:\WINDOWS\mHotkey.exe
744 C:\WINDOWS\CNYHKey.exe
796 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
840 C:\WINDOWS\RTHDCPL.exe
852 C:\WINDOWS\ALCFDRTM.EXE
1164 C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
1244 C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
1336 C:\Programme\iTunes\iTunesHelper.exe
1344 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1372 C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
1488 C:\Programme\DNA\btdna.exe
1504 C:\Programme\Windows Media Player\wmpnscfg.exe
1700 svchost.exe
1636 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
568 C:\Programme\Bonjour\mDNSResponder.exe
1228 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
1216 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
2080 C:\WINDOWS\system32\svchost.exe
2132 C:\Programme\Java\jre6\bin\jqs.exe
2228 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
2292 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2740 C:\Programme\Nero\Update\NASvc.exe
2780 C:\WINDOWS\system32\nvsvc32.exe
2892 C:\Programme\CyberLink\Shared Files\RichVideo.exe
3000 C:\WINDOWS\system32\svchost.exe
3632 C:\Programme\UPHClean\uphclean.exe
3764 C:\WINDOWS\system32\searchindexer.exe
3892 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
3936 C:\WINDOWS\system32\wuauclt.exe
4072 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
596 wmpnetwk.exe
3616 C:\Programme\iPod\bin\iPodService.exe
3164 alg.exe
2200 wmiprvse.exe
4972 C:\WINDOWS\system32\msiexec.exe
5732 C:\WINDOWS\system32\wscntfy.exe
4120 C:\Dokumente und Einstellungen\Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1a8eb800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600 (FAT32)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Viele Grüße,
Mike