PC fährt nicht immer ganz hoch, googlelinks sind falsch

#1 wer kann mir helfen?

mein rechner fährt nicht mehr hoch. muss manchmal 10 mal hochfahren bis ich einmal normal reinkomme.
hab malware, spybot, antivir und adware drüber laufen lassen. hat zwar was gefunden, aber das problem besteht immer noch.

ich bitte um hilfe. was soll ich tun?

besten dank

#2 Schau, was du aus den Punkten 2-5 aus http://board.protecus.de/t23188.htm abarbeiten kannst und poste die Ergebnisse, bzw sag, wa nicht funktioniert hat!

Wichtig ist hier, wie auch bei allen anderen Usern mit Problemen, man sollte immer ein Backup anlegen!
__________
MfG Ralf
SEO-Spam Hunter

#3 hallo,

also punkt 2 erfolgreich erledigt.

bei punkt 3 erhalte ich folgende logfile:


Malwarebytes' Anti-Malware 1.31
Datenbank Version: 1543
Windows 5.1.2600 Service Pack 3

25.12.2008 12:18:14
mbam-log-2008-12-25 (12-18-14).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 56445
Laufzeit: 3 minute(s), 23 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 12
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
E:\Programme\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04fe6b74-cbf2-411e-9de6-1b53cd2264f1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04fe6b74-cbf2-411e-9de6-1b53cd2264f1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ac2030ef-d9ed-4322-a493-0b100acce51c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{04fe6b74-cbf2-411e-9de6-1b53cd2264f1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{04fe6b74-cbf2-411e-9de6-1b53cd2264f1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ac2030ef-d9ed-4322-a493-0b100acce51c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{04fe6b74-cbf2-411e-9de6-1b53cd2264f1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{04fe6b74-cbf2-411e-9de6-1b53cd2264f1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ac2030ef-d9ed-4322-a493-0b100acce51c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.98;85.255.112.80 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\Programme\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\msqpdxwhcvkrtj.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\msqpdxqaxikecj.sys (Trojan.Agent) -> Quarantined and deleted successfully.






bei punknt 4 kam dieses logfile heraus:

ComboFix 08-12-24.01 - DOM 2008-12-25 12:28:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.2046.1667 [GMT 1:00]
ausgeführt von:: D:\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\drivers\msqpdxqaxikecj.sys
c:\windows\system32\msqpdxwhcvkrtj.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
F:\Autorun.inf
F:\resycled
f:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Legacy_MSQPDXSERV.SYS


((((((((((((((((((((((( Dateien erstellt von 2008-11-25 bis 2008-12-25 ))))))))))))))))))))))))))))))
.

2008-12-25 01:30 . 2008-12-25 01:30 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-12-24 23:11 . 2008-12-24 23:11 <DIR> d-------- e:\programme\Avira
2008-12-24 23:11 . 2008-12-24 23:11 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2008-12-24 01:38 . 2005-06-08 14:31 856,064 --a------ c:\windows\system32\Ltwvc12n.dll
2008-12-18 15:58 . 2008-12-18 15:58 <DIR> d-------- e:\programme\Bunkspeed
2008-12-18 15:33 . 2008-12-18 15:33 0 --a------ c:\windows\system32\4ever
2008-12-18 15:25 . 2008-12-18 15:25 <DIR> d-------- c:\dokumente und einstellungen\All Users\Bunkspeed
2008-12-18 00:16 . 2008-12-18 15:40 <DIR> d-------- e:\programme\Bunkspeed.HyperShot__1.7.1
2008-12-15 19:50 . 2008-04-13 20:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-15 19:50 . 2008-04-13 20:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-15 19:21 . 2008-07-09 02:43 23,048 --a------ c:\windows\system32\drivers\madfump.sys
2008-12-15 19:21 . 2008-07-09 02:42 6,010 --a------ c:\windows\system32\drivers\ma004103.bin
2008-12-14 03:24 . 2008-12-14 03:24 <DIR> d-------- c:\dokumente und einstellungen\DOM\Anwendungsdaten\Propellerhead Software
2008-12-14 03:24 . 2008-12-14 03:24 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Propellerhead Software
2008-12-14 03:24 . 2008-12-14 03:24 368,640 --a------ c:\windows\system32\ReWire.dll
2008-12-14 03:24 . 2008-12-14 03:24 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-12-14 03:12 . 2008-12-14 03:13 <DIR> d-------- e:\programme\Native Instruments
2008-12-14 03:12 . 2008-12-14 03:12 <DIR> d-------- e:\programme\gemeinsame dateien\Digidesign
2008-12-13 20:22 . 2008-12-14 20:43 13,824 --a------ C:\dvb.GRF
2008-12-11 19:37 . 2008-12-18 14:39 <DIR> d-------- e:\programme\MIDIOX
2008-12-11 16:19 . 2008-12-11 16:19 57,632 --a------ C:\PA7311.DAT
2008-12-10 20:31 . 2008-12-10 20:31 <DIR> d-------- C:\avs
2008-12-10 20:29 . 2008-12-10 20:32 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\IVS
2008-12-10 20:15 . 2008-12-10 20:25 <DIR> d-------- e:\programme\TronMe
2008-12-05 23:00 . 2006-11-26 21:33 3,331,072 --a------ e:\programme\AudioVideo_To_Exe(Deutsch).exe
2008-12-05 22:18 . 2008-12-05 22:25 <DIR> d-------- c:\dokumente und einstellungen\DOM\dwhelper
2008-12-03 12:33 . 2008-12-16 12:01 <DIR> d-------- e:\programme\piano
2008-12-02 00:06 . 2008-12-02 00:06 268 --ah----- C:\sqmdata01.sqm
2008-12-02 00:06 . 2008-12-02 00:06 244 --ah----- C:\sqmnoopt01.sqm
2008-11-27 01:01 . 2008-11-27 01:01 268 --ah----- C:\sqmdata00.sqm
2008-11-27 01:01 . 2008-11-27 01:01 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 11:12 --------- d-----w e:\programme\Malwarebytes' Anti-Malware
2008-12-25 03:21 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\Skype
2008-12-25 00:26 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2008-12-24 21:58 --------- d-----w e:\programme\Lavasoft
2008-12-24 21:58 --------- d-----w e:\programme\Gemeinsame Dateien\Wise Installation Wizard
2008-12-24 09:25 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-12-24 00:39 --------- d-----w e:\programme\Gemeinsame Dateien\Logitech
2008-12-24 00:38 --------- d--h--w e:\programme\InstallShield Installation Information
2008-12-24 00:38 --------- d-----w e:\programme\Logitech
2008-12-23 21:57 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\skypePM
2008-12-13 11:29 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-12-11 18:13 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2008-12-10 15:43 --------- d-----w e:\programme\ScreenShooter
2008-12-04 16:30 --------- d-----w e:\programme\EPSON
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-02 22:18 --------- d-----w e:\programme\Mozilla Sunbird
2008-12-02 22:10 --------- d-----w e:\programme\Java
2008-12-01 11:59 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\SolidWorks
2008-11-25 14:14 --------- d-----w e:\programme\Windows Desktop Search
2008-11-22 02:42 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\Azureus
2008-11-20 14:38 --------- d-----w e:\programme\ABBYY FineReader 6.0 Sprint
2008-11-15 18:15 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\Canon
2008-11-15 18:07 --------- d-----w e:\programme\Canon
2008-11-15 17:42 --------- d-----w e:\programme\Gemeinsame Dateien\ScanSoft Shared
2008-11-13 13:45 --------- d-----w e:\programme\Rhinoceros 4.0
2008-11-13 00:46 --------- d-----w e:\programme\Google
2008-11-10 10:39 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-08 14:57 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-11-08 14:57 --------- d-----w e:\programme\Veetle
2008-11-07 19:26 --------- d-----w e:\programme\DivX
2008-11-06 12:58 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\ePaperPress
2008-11-06 12:52 --------- d-----w e:\programme\ePaperPress
2008-11-06 08:20 --------- d-----w e:\programme\eBay
2008-11-06 08:20 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\eBay
2008-11-06 08:20 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\eBay
2008-11-03 14:53 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\WholeSecurity
2008-10-30 14:45 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\HDRsoft
2008-10-29 21:30 --------- d-----w e:\programme\Franzis
2008-10-23 18:02 366,952 ----a-w c:\dokumente und einstellungen\DOM\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-10-08 18:45 0 -c-h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLea.DAT
2008-10-08 18:44 20 -c-h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLdy.DAT
2008-08-08 14:49 0 -c-h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLbz.DAT
2005-06-26 23:32 616,448 --sha-r e:\programme\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r e:\programme\cygz.dll
2005-06-22 06:37 45,568 --sha-r e:\programme\cygz.bin
2007-03-09 08:12 27,648 -csha-w c:\windows\system32\AVSredirect.dll
2008-08-15 15:40 32,768 -csha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008081520080816\index.dat
2008-03-31 10:03 13,672,480 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-19_19.34.41,76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-15 16:26:12 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:34 18,808 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:34 234,872 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:34 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:35 765,304 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:35 388,984 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-04-14 02:22:19 337,408 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:34 234,872 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:35 388,984 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-12-17 23:19:09 121,781 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut1.38B0AF43_BE78_4FE1_81BE_06292B1C2BBF.exe
+ 2008-12-17 23:19:09 121,781 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut4_F376348958A14610A977C033A469E11C.exe
+ 2008-12-17 23:19:09 121,781 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut5_A6D4EE0F77AA4A4181954ECF65F6F2AC.exe
+ 2008-11-13 00:46:20 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-11-13 00:46:20 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-11-13 00:46:20 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-11-13 00:46:20 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-11-13 00:46:20 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-11-13 00:46:20 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2008-11-06 15:38:20 2,734 ----a-r c:\windows\Installer\{23773C74-EBEE-41FB-86ED-58B599A2B586}\_0F24B7B9C49FC51A1FA7B4.exe
+ 2008-11-06 15:38:20 2,734 ----a-r c:\windows\Installer\{23773C74-EBEE-41FB-86ED-58B599A2B586}\_6FEFF9B68218417F98F549.exe
+ 2008-11-06 15:38:20 2,734 ----a-r c:\windows\Installer\{23773C74-EBEE-41FB-86ED-58B599A2B586}\_7D716C54B95A767877FCEA.exe
+ 2008-10-22 15:15:53 300,318 ----a-r c:\windows\Installer\{4FC52DD7-F8FF-4F27-8728-62EDB7D44CC1}\controlPanelIcon.exe
- 2008-05-03 16:45:32 49,152 ----a-r c:\windows\Installer\{6249C22D-E6A8-407B-BA8B-40298848ED94}\_930B60E06C87_4A1C_97E3_3FFA19B82012.exe
+ 2008-11-15 17:42:22 49,152 ----a-r c:\windows\Installer\{6249C22D-E6A8-407B-BA8B-40298848ED94}\_930B60E06C87_4A1C_97E3_3FFA19B82012.exe
- 2008-05-03 16:45:32 3,822 ----a-r c:\windows\Installer\{6249C22D-E6A8-407B-BA8B-40298848ED94}\Op.exe
+ 2008-11-15 17:42:22 3,822 ----a-r c:\windows\Installer\{6249C22D-E6A8-407B-BA8B-40298848ED94}\Op.exe
+ 1998-10-29 14:45:06 306,688 ----a-w c:\windows\IsUninst.exe
- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2003-03-18 20:05:50 89,088 -c--a-r c:\windows\system32\atl71.dll
+ 2003-03-18 19:05:50 89,088 ----a-w c:\windows\system32\atl71.dll
- 2008-04-11 17:47:41 9,728 -c--a-w c:\windows\system32\BASSMOD.dll
+ 2008-11-13 00:23:23 9,728 -c--a-w c:\windows\system32\BASSMOD.dll
+ 2003-05-02 13:14:44 466,944 ----a-w c:\windows\system32\capicom.dll
+ 2003-07-11 08:49:52 217,088 ----a-w c:\windows\system32\CNQL1208.dll
+ 2002-07-16 00:06:00 36,864 ----a-w c:\windows\system32\CNQU71.DLL
- 2008-08-15 15:40:19 16,384 -c----w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-19 08:18:58 16,384 -c----w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-15 15:40:19 32,768 -c----w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-19 08:18:58 32,768 -c----w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 15:40:19 32,768 -c----w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2008-12-19 08:18:58 32,768 -c----w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2008-04-14 02:22:07 24,064 -c--a-w c:\windows\system32\dllcache\agentpsh.dll
+ 2008-04-13 19:45:14 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
+ 2008-04-13 20:16:36 141,056 -c--a-w c:\windows\system32\dllcache\ks.sys
+ 2008-10-15 16:35:02 337,408 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-04-14 02:22:20 212,992 -c--a-w c:\windows\system32\dllcache\ntevt.dll
+ 2008-04-13 20:19:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-14 02:22:23 237,056 -c--a-w c:\windows\system32\dllcache\provthrd.dll
+ 2008-04-13 19:45:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2006-02-23 17:17:20 32,768 ------w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2005-07-04 11:58:47 14,848 ------w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-07-19 12:36:59 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2008-04-13 18:45:14 60,160 ------w c:\windows\system32\drivers\drmk.sys
+ 2008-04-13 19:45:14 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
- 2008-04-13 19:16:36 141,056 ----a-w c:\windows\system32\drivers\ks.sys
+ 2008-04-13 20:16:36 141,056 ----a-w c:\windows\system32\drivers\ks.sys
+ 2005-01-31 10:13:24 163,328 ----a-w c:\windows\system32\drivers\LV532AV.SYS
+ 2005-05-27 08:31:28 22,016 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
- 2008-04-13 19:19:41 146,048 ------w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 20:19:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
- 2007-04-25 14:05:29 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-04-13 18:45:15 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2008-04-13 19:45:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
- 2007-10-31 13:09:14 30,464 ----a-w c:\windows\system32\drivers\usbaapl.sys
+ 2008-10-01 11:01:28 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
+ 2005-07-19 16:31:02 53,248 ----a-r c:\windows\system32\InstMed.exe
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-10 04:43:37 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-10 04:43:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-10 04:43:39 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2005-06-08 14:12:12 458,752 ----a-w c:\windows\system32\LCamCpl.dll
+ 2005-06-08 13:31:48 30,720 ----a-w c:\windows\system32\lfbmp12n.dll
+ 2005-06-08 13:31:48 328,704 ----a-w c:\windows\system32\LFCMP12n.DLL
+ 2005-06-08 13:31:48 78,336 ----a-w c:\windows\system32\lffax12n.dll
+ 2005-06-08 13:31:50 141,312 ----a-w c:\windows\system32\lftif12n.dll
- 2008-07-23 16:48:40 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2008-09-19 21:55:58 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2005-06-08 13:38:24 90,112 ----a-w c:\windows\system32\LQCUI2.dll
+ 2005-06-08 13:31:52 259,072 ----a-w c:\windows\system32\LTDIS12n.dll
+ 2005-06-08 13:31:52 207,872 ----a-w c:\windows\system32\ltefx12n.dll
+ 2005-06-08 13:31:52 131,072 ----a-w c:\windows\system32\ltfil12n.DLL
+ 2005-06-08 13:31:52 164,864 ----a-w c:\windows\system32\ltimg12n.dll
+ 2005-06-08 13:31:52 406,016 ----a-w c:\windows\system32\ltkrn12n.dll
+ 2005-05-27 08:26:36 204,800 ----a-w c:\windows\system32\LVCodec2.dll
+ 2005-01-31 10:00:10 106,496 ----a-w c:\windows\system32\lvcoinst.dll
+ 2005-07-19 16:32:18 77,824 ----a-w c:\windows\system32\LVCOMCX.dll
+ 2005-07-19 16:32:18 221,184 ----a-w c:\windows\system32\LVCOMSX.EXE
+ 2005-06-08 13:31:58 215,552 ----a-w c:\windows\system32\Lvkrn12n.dll
+ 2005-07-19 16:32:18 258,048 ----a-w c:\windows\system32\LVMAENUM.dll
+ 2005-05-27 08:29:30 204,800 ----a-w c:\windows\system32\LVUI2.dll
+ 2005-05-27 08:36:42 372,736 ----a-w c:\windows\system32\LVUI2RC.dll
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 -c--a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-07-05 12:58:24 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-12-24 09:12:45 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2003-03-19 12:20:00 1,060,864 ----a-w c:\windows\system32\MFC71.dll
+ 2003-03-18 21:20:00 1,060,864 ----a-w c:\windows\system32\MFC71.dll
- 2003-03-18 19:44:36 40,960 -c--a-r c:\windows\system32\MFC71CHS.DLL
+ 2003-03-18 20:44:36 40,960 ----a-w c:\windows\system32\MFC71CHS.DLL
- 2003-03-18 19:44:36 45,056 -c--a-r c:\windows\system32\MFC71CHT.DLL
+ 2003-03-18 20:44:36 45,056 ----a-w c:\windows\system32\MFC71CHT.DLL
- 2003-03-18 19:44:34 65,536 ----a-r c:\windows\system32\MFC71DEU.DLL
+ 2003-03-18 20:44:34 65,536 ----a-w c:\windows\system32\MFC71DEU.DLL
- 2003-03-18 21:44:38 57,344 -c--a-r c:\windows\system32\MFC71ENU.DLL
+ 2003-03-18 20:44:38 57,344 ----a-w c:\windows\system32\MFC71ENU.DLL
- 2003-03-18 19:44:36 61,440 -c--a-r c:\windows\system32\MFC71ESP.DLL
+ 2003-03-18 20:44:36 61,440 ----a-w c:\windows\system32\MFC71ESP.DLL
- 2003-03-18 19:44:36 61,440 -c--a-r c:\windows\system32\MFC71ITA.DLL
+ 2003-03-18 20:44:36 61,440 ----a-w c:\windows\system32\MFC71ITA.DLL
- 2003-03-18 19:44:34 49,152 -c--a-r c:\windows\system32\MFC71JPN.DLL
+ 2003-03-18 20:44:34 49,152 ----a-w c:\windows\system32\MFC71JPN.DLL
- 2003-03-18 19:44:38 49,152 -c--a-r c:\windows\system32\MFC71KOR.DLL
+ 2003-03-18 20:44:38 49,152 ----a-w c:\windows\system32\MFC71KOR.DLL
- 2003-03-18 20:12:12 1,047,552 -c--a-r c:\windows\system32\mfc71u.dll
+ 2003-03-18 21:12:12 1,047,552 ----a-w c:\windows\system32\MFC71u.dll
- 2003-03-19 11:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll
+ 2003-03-18 20:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll
- 2003-02-21 19:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll
+ 2003-02-21 04:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll
- 2008-04-14 02:22:19 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:35:02 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-10-03 23:35:29 196,831 ----a-w c:\windows\system32\nvModes.dat
+ 2008-11-19 01:00:34 209,495 ----a-w c:\windows\system32\nvModes.dat
- 2008-10-19 05:29:09 86,610 ----a-w c:\windows\system32\perfc007.dat
+ 2008-12-09 11:04:19 86,214 ----a-w c:\windows\system32\perfc007.dat
- 2008-10-19 05:29:09 71,668 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-09 11:04:19 71,334 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-19 05:29:09 443,086 ----a-w c:\windows\system32\perfh007.dat
+ 2008-12-09 11:04:19 442,512 ----a-w c:\windows\system32\perfh007.dat
- 2008-10-19 05:29:09 423,920 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-09 11:04:19 423,586 ----a-w c:\windows\system32\perfh009.dat
+ 2005-06-08 13:41:24 466,944 ----a-w c:\windows\system32\QCUI2.dll
+ 2008-04-13 18:45:14 60,160 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\drmk.sys
+ 2008-04-13 19:16:36 141,056 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\ks.sys
+ 2008-04-14 02:22:13 4,096 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\ksuser.dll
+ 2008-04-13 19:19:41 146,048 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\portcls.sys
+ 2008-04-13 18:45:15 49,408 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\stream.sys
+ 2008-04-13 19:45:12 60,032 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\USBAUDIO.sys
+ 2008-04-14 02:23:08 23,552 ----a-w c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\wdmaud.drv
- 2005-04-05 04:00:00 446,464 ------w c:\windows\system32\spool\drivers\w32x86\3\E_FASRACE.DLL
+ 2005-04-05 04:00:00 442,368 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FASRACE.DLL
- 2005-04-04 01:00:00 81,920 -c----w c:\windows\system32\spool\drivers\w32x86\3\E_FHSRACE.DLL
+ 2005-04-04 01:00:00 76,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHSRACE.DLL
- 2005-04-01 03:05:00 939,520 ------w c:\windows\system32\spool\drivers\w32x86\3\E_FUIRACE.DLL
+ 2005-04-01 03:07:00 1,032,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FUIRACE.DLL
- 2004-04-21 00:00:00 7,019 -c----w c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
+ 2004-04-21 00:00:00 6,334 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
- 2004-11-30 21:35:24 1,236,992 -c--a-w c:\windows\system32\spool\drivers\w32x86\3\HPBCFGRE.DLL
+ 2008-05-08 16:55:40 3,044,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPBCFGRE.DLL
- 2004-06-29 02:36:06 659,456 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPCDMC32.DLL
+ 2008-02-05 13:26:36 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPCDMC32.DLL
- 2005-04-05 04:00:00 446,464 -c----w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FASRACE.DLL
+ 2005-04-05 04:00:00 442,368 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FASRACE.DLL
- 2005-04-04 01:00:00 81,920 -c----w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FHSRACE.DLL
+ 2005-04-04 01:00:00 76,288 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FHSRACE.DLL
- 2005-04-01 03:05:00 939,520 -c----w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FUIRACE.DLL
+ 2005-04-01 03:07:00 1,032,704 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FUIRACE.DLL
- 2004-04-21 00:00:00 7,019 -c----w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\EPUPDATE.DAT
+ 2004-04-21 00:00:00 6,334 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_dx380035be\EPUPDATE.DAT
- 2008-07-23 16:48:40 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2008-09-19 21:55:58 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2002-05-24 02:04:20 389,180 ----a-r c:\windows\system32\UCS32P.DLL
+ 2008-12-25 11:27:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_584.dat
+ 1998-06-17 00:14:00 45,056 ----a-w c:\windows\twain_32\CNQL50\CANOIT32.EXE
+ 2002-09-20 14:08:00 531,840 ----a-w c:\windows\twain_32\CNQL50\CNQL50.DAT
+ 2002-08-04 11:29:38 1,048,800 ----a-w c:\windows\twain_32\CNQL50\CNQL50R.DAT
+ 2003-01-29 01:45:56 1,159,168 ----a-w c:\windows\twain_32\CNQL50\CSUI.DLL
+ 2003-01-19 17:00:20 581,632 ----a-w c:\windows\twain_32\CNQL50\CSUI_RES.DLL
+ 2003-01-29 01:45:56 94,208 ----a-w c:\windows\twain_32\CNQL50\DEV.DLL
+ 2003-01-29 01:45:56 135,168 ----a-w c:\windows\twain_32\CNQL50\IMGENH.DLL
+ 2003-01-29 01:45:56 1,597,440 ----a-w c:\windows\twain_32\CNQL50\IOP.DLL
+ 1998-06-17 00:14:00 119,808 ----a-w c:\windows\twain_32\CNQL50\ITLIB32.DLL
+ 2002-06-12 13:27:14 24,576 ----a-w c:\windows\twain_32\CNQL50\JDA_CIMG.DLL
+ 2001-09-10 15:44:58 36,864 ----a-w c:\windows\twain_32\CNQL50\NBS4MB.DLL
+ 2001-09-10 15:44:58 479,232 ----a-w c:\windows\twain_32\CNQL50\NBSCOR4M.DLL
+ 2001-09-10 15:44:58 98,304 ----a-w c:\windows\twain_32\CNQL50\RMSLANTC.DLL
+ 2003-01-29 01:45:56 827,392 ----a-w c:\windows\twain_32\CNQL50\SCANINTF.DLL
+ 2002-07-24 09:45:12 86,016 ----a-w c:\windows\twain_32\CNQL50\SCRPRMV.DLL
+ 2003-01-29 01:45:56 315,392 ----a-w c:\windows\twain_32\CNQL50\SGUI.DLL
+ 2003-01-29 01:45:56 552,960 ----a-w c:\windows\twain_32\CNQL50\TPM.DLL
+ 2005-05-13 11:47:52 315,392 ----a-w c:\windows\twain_32\LogiVid\HPortal2.dll
+ 2005-05-13 11:47:06 212,992 ----a-w c:\windows\twain_32\LogiVid\HVideoS2.exe
+ 2005-05-13 11:47:10 6,656 ----a-w c:\windows\twain_32\LogiVid\HVidSp2.dll
+ 2005-05-27 09:03:38 49,152 ----a-r c:\windows\twain_32\LogiVid\InstVid.exe
+ 2005-05-13 11:47:14 696,320 ----a-w c:\windows\twain_32\LogiVid\LHPorta2.dll
+ 2005-05-13 11:18:48 14,848 ----a-w c:\windows\twain_32\LogiVid\LQCT32_2.dll
+ 2003-03-18 20:14:52 499,712 ----a-w c:\windows\twain_32\LogiVid\msvcp71.dll
+ 2003-02-21 04:42:22 348,160 ----a-w c:\windows\twain_32\LogiVid\msvcr71.dll
+ 2005-05-13 11:46:40 221,184 ----a-w c:\windows\twain_32\LogiVid\PCSmart2.dll
+ 2005-05-27 08:29:48 159,744 ----a-w c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2008-12-10 19:15:25 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\programme\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="e:\programme\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LogitechSoftwareUpdate"="e:\programme\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"SynTPEnh"="e:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="e:\progra~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"CanonSolutionMenu"="e:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="e:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Omnipage"="e:\programme\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"QuickTime Task"="e:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="e:\programme\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="e:\programme\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="e:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="e:\programme\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"nwiz"="nwiz.exe" [2006-03-21 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"NvMediaCenter"="NvMCTray.dll" [2006-03-21 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"="e:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2008-12-03 1265296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
Logitech SetPoint.lnk - e:\programme\Logitech\SetPoint\SetPoint.exe [2008-08-31 805392]
Microsoft Office.lnk - e:\programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 e:\programme\gemeinsame dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 e:\progra~1\GEMEIN~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= e:\progra~1\iac25_32.ax
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= L3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Autodesk\\backburner\\manager.exe"=
"e:\\Programme\\Autodesk\\backburner\\monitor.exe"=
"e:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Programme\\Bonjour\\mDNSResponder.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"e:\\Programme\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"e:\\Programme\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"e:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"e:\\Programme\\SopCast\\SopCast.exe"=
"e:\\Programme\\TVAnts\\Tvants.exe"=
"e:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"e:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-12-06 3712]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-04-14 13352]
S3 MAMOBILEPREDFU;M-Audio MobilePre DFU Driver;c:\windows\system32\Drivers\madfump.sys [2008-12-15 23048]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys []
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-06-27 140800]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2008-12-24 163328]
S3 utqwndez;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utqwndez.sys []
S3 WDM_Capture_225;Digital-TV Receiver.;c:\windows\system32\Drivers\WDM_Capture_225.sys [2006-12-24 19328]
S3 WDM_Loader_225;DVB-T TV;c:\windows\system32\Drivers\WDM_Loader_225.sys [2006-12-24 17024]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
\Shell\Open\command - resycled\boot.com i:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05af2c38-9259-11dd-bb8a-0015c5551068}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cfab0e6-9450-11dd-bb8d-0015c5551068}]
\Shell\AutoRun\command - H:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c89491e8-9759-11db-900f-0015c5551068}]
\Shell\AutoRun\command - h:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebec7709-7fb8-11dc-9a1d-0015c5551068}]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe
.
Inhalt des "geplante Tasks" Ordners

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-c:\windows\system32\kdnqt.exe - c:\windows\system32\kdnqt.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Suche - e:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

c:\windows\Downloaded Program Files\UnicoWS.dll - c:\windows\Downloaded Program Files\MatProgressCP.ocx
c:\windows\Downloaded Program Files\StandardDialogs.ocx
c:\windows\Downloaded Program Files\EposActiveX.ocx
O16 -: {86AECD83-EF3C-40FD-84B1-692848C9F378}
hxxps://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab
c:\windows\Downloaded Program Files\EposActiveX.inf
FF - ProfilePath - c:\dokumente und einstellungen\DOM\Anwendungsdaten\Mozilla\Firefox\Profiles\xm29wz38.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - gmx.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\DOM\Anwendungsdaten\Mozilla\Firefox\Profiles\xm29wz38.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: e:\programme\Mozilla Firefox\components\iamfamous.dll
FF - component: e:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: e:\programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: e:\programme\Veetle\plugins\npVeetle.dll
FF - plugin: e:\programme\Veetle\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 12:32:05
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxqaxikecj.sys"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(908)
e:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
e:\progra~1\GEMEIN~1\Stardock\mcpstub.dll
e:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2008-12-25 12:33:22
ComboFix-quarantined-files.txt 2008-12-25 11:32:44
ComboFix2.txt 2008-10-19 04:40:21

Vor Suchlauf: 2,609,397,760 Bytes frei
Nach Suchlauf: 2,595,946,496 Bytes frei

473 --- E O F --- 2008-10-25 18:50:38




hier das hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:59, on 25.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programme\Lavasoft\Ad-Aware\aawservice.exe
E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
E:\Programme\Bonjour\mDNSResponder.exe
E:\Programme\DCPFLICS\DCPFLICS.exe
E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Programme\Canon\IJPLM\IJPLMSVC.EXE
E:\Programme\Java\jre6\bin\jqs.exe
E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Dokumente und Einstellungen\DOM\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Omnipage] E:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "E:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = E:\Programme\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: RC.exe.lnk = E:\Programme\DTV\Yakumo QuickStick Basic DVB-T\RC.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suche - res://E:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (Materialise Stl File Analyzer Viewer) - https://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - E:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - E:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DCPFLICS - Unknown owner - E:\Programme\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Programme\gemeinsame dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/DOM/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10400 bytes

besten dank

#4 Suche mit Hilfe von Regedit den Eintrag
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I

und loesche ihn. Danach bitte neu starten und ein neues Combofix Log posten
__________
MfG Ralf
SEO-Spam Hunter

#5 was genau soll ich denn da löschen den ordner I oder den ordner mountpoints2?

#6 Wie es da oben steht, den Ordner/schluessel "i"
__________
MfG Ralf
SEO-Spam Hunter

#7 ComboFix 08-12-24.01 - DOM 2008-12-25 17:37:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.2046.1502 [GMT 1:00]
ausgeführt von:: D:\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-11-25 bis 2008-12-25 ))))))))))))))))))))))))))))))
.

2008-12-25 16:41 . 2008-12-25 16:41 142 --a------ c:\windows\system32\spupdsvc.inf
2008-12-25 16:40 . 2008-12-25 16:40 <DIR> d-------- e:\programme\Microsoft CAPICOM 2.1.0.2
2008-12-25 16:40 . 2008-12-25 16:43 1,393 --a------ c:\windows\imsins.BAK
2008-12-25 14:53 . 2008-10-16 21:04 6,066,176 --a------ c:\windows\system32\SETCB.tmp
2008-12-25 14:53 . 2008-10-16 21:04 1,160,192 --a------ c:\windows\system32\SETBB.tmp
2008-12-25 14:53 . 2008-10-16 21:04 826,368 --a------ c:\windows\system32\SETB9.tmp
2008-12-25 14:53 . 2008-10-16 21:04 459,264 --a------ c:\windows\system32\SETC3.tmp
2008-12-25 14:53 . 2008-10-16 21:04 383,488 --a------ c:\windows\system32\SETCD.tmp
2008-12-25 14:53 . 2008-10-16 21:04 267,776 --a------ c:\windows\system32\SETC9.tmp
2008-12-25 14:53 . 2008-10-16 21:04 233,472 --a------ c:\windows\system32\SETBA.tmp
2008-12-25 14:53 . 2008-10-16 21:04 124,928 --a------ c:\windows\system32\SETD5.tmp
2008-12-25 14:53 . 2008-10-16 21:04 105,984 --a------ c:\windows\system32\SETBC.tmp
2008-12-25 14:53 . 2008-10-16 21:04 63,488 --a------ c:\windows\system32\SETD2.tmp
2008-12-25 14:53 . 2008-10-16 21:04 52,224 --a------ c:\windows\system32\SETC2.tmp
2008-12-25 14:43 . 2008-12-13 07:36 3,593,216 --a------ c:\windows\system32\SETB5.tmp
2008-12-25 14:37 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-25 14:36 . 2008-09-04 18:15 1,106,944 --a------ c:\windows\system32\SET8D.tmp
2008-12-25 14:36 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-25 14:30 . 2008-12-25 14:36 <DIR> d-------- c:\windows\LastGood
2008-12-25 01:30 . 2008-12-25 01:30 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-12-24 23:11 . 2008-12-24 23:11 <DIR> d-------- e:\programme\Avira
2008-12-24 23:11 . 2008-12-24 23:11 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2008-12-24 01:38 . 2005-06-08 14:31 856,064 --a------ c:\windows\system32\Ltwvc12n.dll
2008-12-18 15:58 . 2008-12-18 15:58 <DIR> d-------- e:\programme\Bunkspeed
2008-12-18 15:33 . 2008-12-18 15:33 0 --a------ c:\windows\system32\4ever
2008-12-18 15:25 . 2008-12-18 15:25 <DIR> d-------- c:\dokumente und einstellungen\All Users\Bunkspeed
2008-12-18 00:16 . 2008-12-18 15:40 <DIR> d-------- e:\programme\Bunkspeed.HyperShot__1.7.1
2008-12-15 19:50 . 2008-04-13 20:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-15 19:50 . 2008-04-13 20:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-15 19:21 . 2008-07-09 02:43 23,048 --a------ c:\windows\system32\drivers\madfump.sys
2008-12-15 19:21 . 2008-07-09 02:42 6,010 --a------ c:\windows\system32\drivers\ma004103.bin
2008-12-14 03:24 . 2008-12-14 03:24 <DIR> d-------- c:\dokumente und einstellungen\DOM\Anwendungsdaten\Propellerhead Software
2008-12-14 03:24 . 2008-12-14 03:24 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Propellerhead Software
2008-12-14 03:24 . 2008-12-14 03:24 368,640 --a------ c:\windows\system32\ReWire.dll
2008-12-14 03:24 . 2008-12-14 03:24 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-12-14 03:12 . 2008-12-14 03:13 <DIR> d-------- e:\programme\Native Instruments
2008-12-14 03:12 . 2008-12-14 03:12 <DIR> d-------- e:\programme\gemeinsame dateien\Digidesign
2008-12-13 20:22 . 2008-12-14 20:43 13,824 --a------ C:\dvb.GRF
2008-12-11 19:37 . 2008-12-18 14:39 <DIR> d-------- e:\programme\MIDIOX
2008-12-11 16:19 . 2008-12-11 16:19 57,632 --a------ C:\PA7311.DAT
2008-12-10 20:31 . 2008-12-10 20:31 <DIR> d-------- C:\avs
2008-12-10 20:29 . 2008-12-10 20:32 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\IVS
2008-12-10 20:15 . 2008-12-10 20:25 <DIR> d-------- e:\programme\TronMe
2008-12-05 23:00 . 2006-11-26 21:33 3,331,072 --a------ e:\programme\AudioVideo_To_Exe(Deutsch).exe
2008-12-05 22:18 . 2008-12-05 22:25 <DIR> d-------- c:\dokumente und einstellungen\DOM\dwhelper
2008-12-03 12:33 . 2008-12-16 12:01 <DIR> d-------- e:\programme\piano
2008-12-02 00:06 . 2008-12-02 00:06 268 --ah----- C:\sqmdata01.sqm
2008-12-02 00:06 . 2008-12-02 00:06 244 --ah----- C:\sqmnoopt01.sqm
2008-11-27 01:01 . 2008-11-27 01:01 268 --ah----- C:\sqmdata00.sqm
2008-11-27 01:01 . 2008-11-27 01:01 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 11:12 --------- d-----w e:\programme\Malwarebytes' Anti-Malware
2008-12-25 03:21 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\Skype
2008-12-25 00:26 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2008-12-24 21:58 --------- d-----w e:\programme\Lavasoft
2008-12-24 21:58 --------- d-----w e:\programme\Gemeinsame Dateien\Wise Installation Wizard
2008-12-24 09:25 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-12-24 00:39 --------- d-----w e:\programme\Gemeinsame Dateien\Logitech
2008-12-24 00:38 --------- d--h--w e:\programme\InstallShield Installation Information
2008-12-24 00:38 --------- d-----w e:\programme\Logitech
2008-12-23 21:57 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\skypePM
2008-12-13 11:29 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-12-11 18:13 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2008-12-10 15:43 --------- d-----w e:\programme\ScreenShooter
2008-12-04 16:30 --------- d-----w e:\programme\EPSON
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-02 22:18 --------- d-----w e:\programme\Mozilla Sunbird
2008-12-02 22:10 --------- d-----w e:\programme\Java
2008-12-01 11:59 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\SolidWorks
2008-11-25 14:14 --------- d-----w e:\programme\Windows Desktop Search
2008-11-22 02:42 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\Azureus
2008-11-20 14:38 --------- d-----w e:\programme\ABBYY FineReader 6.0 Sprint
2008-11-15 18:15 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\Canon
2008-11-15 18:07 --------- d-----w e:\programme\Canon
2008-11-15 17:42 --------- d-----w e:\programme\Gemeinsame Dateien\ScanSoft Shared
2008-11-13 13:45 --------- d-----w e:\programme\Rhinoceros 4.0
2008-11-13 00:46 --------- d-----w e:\programme\Google
2008-11-10 10:39 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-08 14:57 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-11-08 14:57 --------- d-----w e:\programme\Veetle
2008-11-07 19:26 --------- d-----w e:\programme\DivX
2008-11-06 12:58 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\ePaperPress
2008-11-06 12:52 --------- d-----w e:\programme\ePaperPress
2008-11-06 08:20 --------- d-----w e:\programme\eBay
2008-11-06 08:20 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\eBay
2008-11-06 08:20 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\eBay
2008-11-03 14:53 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\WholeSecurity
2008-10-30 14:45 --------- d-----w c:\dokumente und einstellungen\DOM\Anwendungsdaten\HDRsoft
2008-10-29 21:30 --------- d-----w e:\programme\Franzis
2008-10-23 18:02 366,952 ----a-w c:\dokumente und einstellungen\DOM\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\SET89.tmp
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-08 18:45 0 -c-h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLea.DAT
2008-10-08 18:44 20 -c-h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLdy.DAT
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-08-08 14:49 0 -c-h--w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLbz.DAT
2005-06-26 23:32 616,448 --sha-r e:\programme\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r e:\programme\cygz.dll
2005-06-22 06:37 45,568 --sha-r e:\programme\cygz.bin
2007-03-09 08:12 27,648 -csha-w c:\windows\system32\AVSredirect.dll
2008-08-15 15:40 32,768 -csha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008081520080816\index.dat
2008-03-31 10:03 13,672,480 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-25_12.32.29.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:57:15 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:57:15 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:57:15 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:57:15 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:31 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:57:15 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:57:15 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:57:15 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 16:58:14 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:57:18 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:57:18 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:57:18 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:57:19 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:57:19 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:57:21 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:57:21 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:57:21 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:57:21 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:57:21 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:14:13 217,312 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:57:21 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:57:22 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:57:22 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:57:22 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:14:13 217,312 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:22 377,568 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-25 15:39:49 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-07-18 20:10:48 94,920 ----a-w c:\windows\LastGood\system32\cdm.dll
+ 2008-07-18 20:07:34 270,880 ----a-w c:\windows\LastGood\system32\mucltui.dll
+ 2008-07-18 20:07:32 210,976 ----a-w c:\windows\LastGood\system32\muweb.dll
+ 2008-07-18 20:09:44 563,912 ----a-w c:\windows\LastGood\system32\wuapi.dll
+ 2008-07-18 20:10:42 53,448 ----a-w c:\windows\LastGood\system32\wuauclt.exe
+ 2008-07-18 20:09:42 1,811,656 ----a-w c:\windows\LastGood\system32\wuaueng.dll
+ 2008-07-18 20:09:46 325,832 ----a-w c:\windows\LastGood\system32\wucltui.dll
+ 2008-07-18 20:10:20 36,552 ----a-w c:\windows\LastGood\system32\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w c:\windows\LastGood\system32\wups2.dll
+ 2008-07-18 20:09:44 205,000 ----a-w c:\windows\LastGood\system32\wuweb.dll
- 2008-08-26 07:57:14 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:04:07 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-26 07:57:15 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:04:07 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:57:15 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:04:07 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:57:15 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:04:08 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:55 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:57:15 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:04:08 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:31 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:10:46 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:57:15 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:04:08 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:57:15 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:04:08 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:57:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:04:09 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:57:15 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:04:09 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 16:58:14 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:04:12 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:57:18 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:04:12 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:57:18 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:04:12 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:57:18 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:04:13 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:57:19 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:04:14 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:57:19 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:04:14 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:57:22 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:36:44 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:57:21 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:04:17 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:57:21 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:04:17 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:57:21 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:04:18 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 02:22:18 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:13:38 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-08-26 07:57:21 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:04:18 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:57:21 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:04:18 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 02:22:30 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:03:04 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:57:21 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:04:18 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:04:19 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:57:22 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:04:19 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2007-02-15 17:00:22 236,928 -c----w c:\windows\system32\dllcache\WgaLogon.dll
+ 2008-09-05 22:31:06 267,304 -c----w c:\windows\system32\dllcache\wgaLogon.dll
- 2007-02-15 17:01:30 337,280 -c----w c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-05 22:30:04 952,360 -c----w c:\windows\system32\dllcache\WgaTray.exe
- 2008-08-26 07:57:22 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:04:20 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 20:47:20 937,984 -c----w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-04-13 19:17:01 456,576 ------w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
- 2008-08-26 07:57:15 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:04:07 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:57:15 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:04:07 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:57:15 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:04:08 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-25 08:37:31 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:10:46 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:57:15 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:04:08 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:57:15 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:04:08 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:57:15 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:04:09 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-08-26 07:57:18 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:04:12 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:57:18 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:04:13 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2007-02-15 17:01:04 1,476,992 ------w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-05 22:30:06 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll
- 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 14:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:57:21 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:04:17 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:57:21 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:04:17 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:57:21 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:04:18 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 02:22:18 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:13:38 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-08-26 07:57:21 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:04:18 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:57:21 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:04:18 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:34 18,808 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:14 18,808 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 02:23:03 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2007-02-15 17:01:30 337,280 ------w c:\windows\system32\WgaTray.exe
+ 2008-09-05 22:30:04 952,360 ------w c:\windows\system32\WgaTray.exe
- 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\programme\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="e:\programme\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LogitechSoftwareUpdate"="e:\programme\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"SynTPEnh"="e:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="e:\progra~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"CanonSolutionMenu"="e:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="e:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Omnipage"="e:\programme\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"QuickTime Task"="e:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="e:\programme\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="e:\programme\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="e:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="e:\programme\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"nwiz"="nwiz.exe" [2006-03-21 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"NvMediaCenter"="NvMCTray.dll" [2006-03-21 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
Logitech SetPoint.lnk - e:\programme\Logitech\SetPoint\SetPoint.exe [2008-08-31 805392]
Microsoft Office.lnk - e:\programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 e:\programme\gemeinsame dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 e:\progra~1\GEMEIN~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= e:\progra~1\iac25_32.ax
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= L3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Autodesk\\backburner\\manager.exe"=
"e:\\Programme\\Autodesk\\backburner\\monitor.exe"=
"e:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Programme\\Bonjour\\mDNSResponder.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"e:\\Programme\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"e:\\Programme\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"e:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"e:\\Programme\\SopCast\\SopCast.exe"=
"e:\\Programme\\TVAnts\\Tvants.exe"=
"e:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"e:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-12-06 3712]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-11-10 26488]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-04-14 13352]
S3 MAMOBILEPREDFU;M-Audio MobilePre DFU Driver;c:\windows\system32\Drivers\madfump.sys [2008-12-15 23048]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys []
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-06-27 140800]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2008-12-24 163328]
S3 utqwndez;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utqwndez.sys []
S3 WDM_Capture_225;Digital-TV Receiver.;c:\windows\system32\Drivers\WDM_Capture_225.sys [2006-12-24 19328]
S3 WDM_Loader_225;DVB-T TV;c:\windows\system32\Drivers\WDM_Loader_225.sys [2006-12-24 17024]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05af2c38-9259-11dd-bb8a-0015c5551068}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cfab0e6-9450-11dd-bb8d-0015c5551068}]
\Shell\AutoRun\command - H:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c89491e8-9759-11db-900f-0015c5551068}]
\Shell\AutoRun\command - h:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebec7709-7fb8-11dc-9a1d-0015c5551068}]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Suche - e:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

c:\windows\Downloaded Program Files\UnicoWS.dll - c:\windows\Downloaded Program Files\MatProgressCP.ocx
c:\windows\Downloaded Program Files\StandardDialogs.ocx
c:\windows\Downloaded Program Files\EposActiveX.ocx
O16 -: {86AECD83-EF3C-40FD-84B1-692848C9F378}
hxxps://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab
c:\windows\Downloaded Program Files\EposActiveX.inf
FF - ProfilePath - c:\dokumente und einstellungen\DOM\Anwendungsdaten\Mozilla\Firefox\Profiles\xm29wz38.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - gmx.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\DOM\Anwendungsdaten\Mozilla\Firefox\Profiles\xm29wz38.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: e:\programme\Mozilla Firefox\components\iamfamous.dll
FF - component: e:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: e:\programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: e:\programme\Veetle\plugins\npVeetle.dll
FF - plugin: e:\programme\Veetle\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 17:38:20
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(908)
e:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
e:\progra~1\GEMEIN~1\Stardock\mcpstub.dll
e:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2008-12-25 17:39:34
ComboFix-quarantined-files.txt 2008-12-25 16:38:57
ComboFix2.txt 2008-12-25 11:33:22
ComboFix3.txt 2008-10-19 04:40:21

Vor Suchlauf: 2.264.178.688 Bytes frei
Nach Suchlauf: 2,247,593,984 Bytes frei

460 --- E O F --- 2008-12-25 15:43:53