Avira-Fund und seltsame Symptome

#0
02.04.2012, 10:14
Member

Beiträge: 16
#1 Hallo verehrtes Protecus-Forum!

Mein Notebook macht Probleme. Seit gestern funktioniert auf einmal meine Bluetooth-Maus nicht mehr, er findet sie zwar, mehr aber auch nicht. Außerdem brauch mein System plötzlich länger zum booten, bevor das WinXP-Logo kommt bleibt der Bildschirm für eine Weile schwarz, dann sieht man am unteren Bildschirmrand kurz einen Statusbalken. Meine USB-Anschlüsse funktionieren schon eine ganze Weile nicht mehr richtig, unbeständig und seltsamerweise nur auf USB1.
Hinzu kam außerdem ein Avira-Fund, worauf ich im abgesicherten Modus Antivir und Spybot habe einmal komplett scannen lassen. Seitdem startet Antivir nicht mehr (Fehlermeldung: "Die Anwendung konnte nicht gestartet werden, weil MSVCR100.dll nicht gefunden wurde. Neuinstallation der Anwendung könnte das Problem beheben.") und lässt sich weder de- noch reinstallieren. Ich habe nach den Logfiles manuell gesucht, sie aber nicht gefunden. Der Fund war so etwas wie "java vedenbi gen".

Da mein System, obwohl ich es denke ich einigermaßen pfleglich behandle, so wie so nicht gut läuft steht für mich ohnehin an, es neu aufzusetzen. Aufgrund der seltsamen Vorkommnisse bin ich nun schon arg verunsichert, was woran liegt oder liegen kann.

Vielen Dank für die Hilfe, ich würde sehr gerne erfahren was hier bei mir los ist.
Beste Grüße,
M



Hier die benötigten Logfiles:

Code


OTL logfile created on: 02.04.2012 00:06:07 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop\virenkram
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1022,92 Mb Total Physical Memory | 664,26 Mb Available Physical Memory | 64,94% Memory free
2,40 Gb Paging File | 2,15 Gb Available in Paging File | 89,33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30,00 Gb Total Space | 1,99 Gb Free Space | 6,62% Space Free | Partition Type: NTFS
Drive D: | 119,05 Gb Total Space | 0,86 Gb Free Space | 0,72% Space Free | Partition Type: NTFS
Drive G: | 298,02 Gb Total Space | 19,62 Gb Free Space | 6,58% Space Free | Partition Type: FAT32

Computer Name: KUNI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.04.01 23:31:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\virenkram\OTL.exe
PRC - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.05.19 21:06:18 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.14 14:48:52 | 000,193,896 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2011.04.14 14:48:42 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2011.04.14 14:48:40 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.21 15:45:36 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2006.06.29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005.11.22 16:20:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.02.15 18:24:44 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012.02.15 18:24:34 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012.02.15 18:20:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012.02.15 18:18:08 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012.01.03 15:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.12 10:05:16 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.08.18 13:34:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2011.05.19 21:05:48 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011.04.14 12:39:46 | 000,086,016 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll
MOD - [2011.02.03 14:54:14 | 000,048,128 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll
MOD - [2011.02.03 14:54:06 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.11.05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007.09.21 15:45:36 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
MOD - [2006.06.29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2006.06.29 21:57:48 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapHk.dll
MOD - [2005.11.22 16:20:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.14 14:48:42 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 14:48:40 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.06.29 21:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005.11.22 16:20:28 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.15 18:00:12 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 16:55:30 | 000,169,056 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Saffire.sys -- (Saffire)
DRV - [2011.08.19 16:55:30 | 000,040,672 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaffireMidi.sys -- (SaffireMidi)
DRV - [2011.08.19 16:55:30 | 000,032,992 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaffireAudio.sys -- (SaffireAudio)
DRV - [2011.08.18 16:48:50 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.04 08:40:42 | 000,087,552 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnnio.sys -- (nvnnio)
DRV - [2011.04.08 17:24:24 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2011.04.08 17:23:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2011.03.29 19:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.03.29 19:12:16 | 000,020,592 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.21 10:56:28 | 000,076,304 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yusbaud32.sys -- (yusbaud32)
DRV - [2009.12.23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.05.02 09:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.02.06 23:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005.04.20 01:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003.06.27 08:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.tagesschau.de/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.18 11:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.12.09 04:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2011.08.18 12:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Extensions
[2012.01.05 16:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\jrbyr29x.default\extensions
[2012.01.07 11:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEBASTIAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRBYR29X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.18 11:12:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.12 11:49:03 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 11:49:03 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.12 11:49:03 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 11:49:03 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 11:49:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 11:49:03 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Programme\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0915A717-3BFE-444C-89B9-645471940FEA}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Eigene Bilder\Wiese.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Eigene Bilder\Wiese.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.31 15:53:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.04.01 23:35:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\virenkram
[2012.04.01 17:41:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.04.01 17:41:45 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2012.04.01 11:36:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Fabian Simon & Matt Eliott
[2012.03.26 19:05:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Media
[2012.03.26 18:50:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavalys
[2012.03.26 18:50:22 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys
[2012.03.25 14:20:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.03.23 14:53:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Fynn Alster _ It Tastes Like Salt Tape
[2012.03.12 10:39:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Fabian Simon
[2012.03.07 17:19:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Tonstudio
[2012.03.07 17:03:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Dokumente
[2012.03.07 15:44:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Lauschangriff Snippets
[2012.03.06 15:24:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Focusrite
[2012.03.06 15:07:40 | 000,169,056 | ---- | C] (Focusrite A.E.) -- C:\WINDOWS\System32\drivers\Saffire.sys
[2012.03.06 15:07:40 | 000,098,816 | ---- | C] (Focusrite A.E.) -- C:\WINDOWS\System32\SaffireAsio.dll
[2012.03.06 15:07:40 | 000,040,672 | ---- | C] (Focusrite A.E.) -- C:\WINDOWS\System32\drivers\SaffireMidi.sys
[2012.03.06 15:07:40 | 000,032,992 | ---- | C] (Focusrite A.E.) -- C:\WINDOWS\System32\drivers\SaffireAudio.sys
[2012.03.06 15:07:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Focusrite
[2012.03.06 15:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Focusrite
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.04.01 23:59:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.01 23:58:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.01 23:58:53 | 1072,680,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 17:41:51 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Spybot - Search & Destroy.lnk
[2012.04.01 17:36:56 | 000,516,304 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.01 17:36:56 | 000,492,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.01 17:36:56 | 000,100,516 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.01 17:36:56 | 000,083,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.30 00:44:40 | 000,010,970 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\faden.odt
[2012.03.29 23:57:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.28 08:30:32 | 000,002,231 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\ringmod.pd
[2012.03.18 12:11:20 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.14 19:41:04 | 000,216,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.14 19:30:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.07 17:21:20 | 000,006,116 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2012.03.06 18:58:44 | 000,018,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\.recently-used.xbel
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.04.01 18:35:40 | 1072,680,960 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.01 17:41:51 | 000,000,911 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\Spybot - Search & Destroy.lnk
[2012.03.28 13:50:37 | 000,010,970 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\faden.odt
[2012.03.26 23:30:47 | 000,048,188 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\5010B.pdf
[2012.03.25 14:29:30 | 1460,934,444 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\12-03-23 Frank Apunkt Schneider über Sakropop.wav
[2012.03.06 18:58:44 | 000,018,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\.recently-used.xbel
[2012.03.06 15:07:31 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.dll
[2012.02.15 09:24:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 13:53:49 | 000,006,116 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011.11.30 11:13:53 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.09.08 17:30:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2011.08.26 02:30:44 | 000,490,496 | ---- | C] () -- C:\Programme\ShutdownTimer.exe
[2011.08.23 14:02:38 | 000,074,256 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.08.21 00:26:42 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 00:23:43 | 000,186,640 | ---- | C] () -- C:\WINDOWS\hpoins39.dat
[2011.08.21 00:23:43 | 000,000,629 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat
[2011.08.18 16:56:24 | 001,153,159 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2011.08.18 16:56:24 | 000,434,914 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2011.08.18 16:56:24 | 000,177,273 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2011.08.18 16:56:24 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\libgnurx-0.dll
[2011.08.18 16:56:24 | 000,047,490 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2011.08.18 16:56:24 | 000,027,071 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2011.08.18 16:56:23 | 001,138,027 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2011.08.18 16:56:23 | 001,086,487 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2011.08.18 16:56:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\libdl.dll
[2011.08.18 16:54:34 | 000,029,803 | ---- | C] () -- C:\WINDOWS\System32\cyclist.exe
[2011.08.18 16:54:34 | 000,014,322 | ---- | C] () -- C:\WINDOWS\System32\pdreceive.exe
[2011.08.18 16:54:34 | 000,009,579 | ---- | C] () -- C:\WINDOWS\System32\pdsend.exe
[2011.08.18 16:41:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.08.18 16:32:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011.08.18 15:13:50 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2011.08.18 14:18:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.08.18 14:10:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011.08.18 14:07:03 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011.08.18 14:04:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2011.08.18 14:03:16 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.08.18 12:56:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.08.18 12:52:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2011.08.18 12:52:21 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011.08.18 12:52:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011.08.18 12:51:45 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011.07.31 16:44:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.07.31 16:43:42 | 000,216,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.31 15:56:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.07.31 15:50:51 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.03.29 19:12:16 | 000,020,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\ApsHM86.sys

[color=#E56717]========== LOP Check ==========[/color]

[2011.08.19 17:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2011.11.30 11:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.08.18 16:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.08.18 17:59:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg
[2011.08.18 18:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VST3 Presets
[2011.08.19 17:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Ableton
[2012.03.30 10:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Audacity
[2011.11.30 11:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Canneverbe Limited
[2011.08.18 17:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\DAEMON Tools Lite
[2012.04.02 00:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox
[2011.12.20 17:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\DVDVideoSoft
[2011.12.20 17:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.11.01 11:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\freac
[2012.03.06 18:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\gtk-2.0
[2011.08.18 16:41:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\InfraRecorder
[2011.08.23 15:31:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Korg
[2011.08.22 12:44:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\LibreOffice
[2011.10.05 15:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Notepad++
[2011.08.31 01:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Novation
[2011.08.20 14:44:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Opera
[2011.08.18 12:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\PCDr
[2012.02.13 16:21:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Scribus
[2011.08.18 18:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Steinberg
[2011.08.18 16:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Thunderbird
[2011.09.25 04:56:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\VST3 Presets
[2011.08.18 15:13:54 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.08.18 15:26:08 | 000,000,000 | ---D | M] -- C:\a9bffee1d047c4a09196
[2011.08.18 12:16:17 | 000,000,000 | RH-D | M] -- C:\AHCache
[2012.02.15 18:17:43 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.07.31 16:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.08.18 12:39:59 | 000,000,000 | ---D | M] -- C:\DRIVERS
[2011.08.18 14:08:41 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.04.01 17:41:45 | 000,000,000 | R--D | M] -- C:\Programme
[2011.07.31 16:02:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.07.31 15:57:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.01 12:57:02 | 000,000,000 | ---D | M] -- C:\WINDOWS

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[2007.08.20 13:29:22 | 000,490,496 | ---- | M] () -- C:\Programme\ShutdownTimer.exe
Invalid Environment Variable: LOCALAPPDATA

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011.05.11 16:02:08 | 005,945,944 | ---- | M] (Safer-Networking Ltd.) MD5=B302653D473E85E3FFCF100F12062EF9 -- C:\Programme\Spybot - Search & Destroy 2\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-14 17:35:47

< End of report >



Code


OTL Extras logfile created on: 02.04.2012 00:06:07 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop\virenkram
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1022,92 Mb Total Physical Memory | 664,26 Mb Available Physical Memory | 64,94% Memory free
2,40 Gb Paging File | 2,15 Gb Available in Paging File | 89,33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30,00 Gb Total Space | 1,99 Gb Free Space | 6,62% Space Free | Partition Type: NTFS
Drive D: | 119,05 Gb Total Space | 0,86 Gb Free Space | 0,72% Space Free | Partition Type: NTFS
Drive G: | 298,02 Gb Total Space | 19,62 Gb Free Space | 6,58% Space Free | Partition Type: FAT32

Computer Name: KUNI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\7zS44C5\setup\hpznui01.exe" = C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\7zS44C5\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\7zS44C5\setup\hpznui01.exe" = C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\7zS44C5\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programme\pd\bin\pd.exe" = C:\Programme\pd\bin\pd.exe:*:Enabled:Pure Data Application -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{155B57B6-FCD8-4852-A02B-5D0F5CAF63B5}_is1" = Novation nio VST Plug-In 1.3
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{261FDE14-0B8C-4B7A-8E37-A6F70FE5CEEA}" = Max 5.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{601F2C04-4E0A-464F-B9FE-4FD140098E21}" = PS_AIO_06_B109n-z_SW_Min
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{7824A7EF-4EE7-43CC-B98D-BD4CDB08E042}" = KORG KONTROL Editor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A72AAD-7ED4-49D8-872D-D1465061F9DB}" = HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D76C1581-C2B5-4851-A768-1FCC98F9E392}" = Yamaha USB Audio Driver
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo" = Diablo
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Live 8.2.1" = Live 8.2.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"Novation nio_is1" = Novation nio 1.3
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.1
"OnScreenDisplay" = Anzeige am Bildschirm
"Opera 11.61.1250" = Opera 11.61
"pd_is1" = Pd-0.42.5-extended
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Saffire PRO 40_is1" = Saffire MixControl 2.4
"Scribus 1.4.0" = Scribus 1.4.0.rc6
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Dropbox" = Dropbox

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ System Events ]
Error - 01.04.2012 18:07:33 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:07:34 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:09:03 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:09:04 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:09:05 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:09:06 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:10:02 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:10:03 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:10:04 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 01.04.2012 18:10:05 | Computer Name = KUNI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.


< End of report >



Code


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-02 09:21:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HC rev.LQ100-10
Running: eu72zcbm.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\pgtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            F7E9CEB4                                                                                         ZwClose
SSDT            F7E9CE6E                                                                                         ZwCreateKey
SSDT            F7E9CEBE                                                                                         ZwCreateSection
SSDT            F7E9CE64                                                                                         ZwCreateThread
SSDT            F7E9CE73                                                                                         ZwDeleteKey
SSDT            F7E9CE7D                                                                                         ZwDeleteValueKey
SSDT            F7E9CEAF                                                                                         ZwDuplicateObject
SSDT            F7E9CE82                                                                                         ZwLoadKey
SSDT            F7E9CE50                                                                                         ZwOpenProcess
SSDT            F7E9CE55                                                                                         ZwOpenThread
SSDT            F7E9CED7                                                                                         ZwQueryValueKey
SSDT            F7E9CE8C                                                                                         ZwReplaceKey
SSDT            F7E9CEC8                                                                                         ZwRequestWaitReplyPort
SSDT            F7E9CE87                                                                                         ZwRestoreKey
SSDT            F7E9CEC3                                                                                         ZwSetContextThread
SSDT            F7E9CECD                                                                                         ZwSetSecurityObject
SSDT            F7E9CE78                                                                                         ZwSetValueKey
SSDT            F7E9CED2                                                                                         ZwSystemDebugControl
SSDT            F7E9CE5F                                                                                         ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                          wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                          wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device          \FileSystem\Fastfat \Fat                                                                         B7246D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                         fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07a57fe                      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e07a57fe (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

Seitenanfang Seitenende
02.04.2012, 11:09
Member

Themenstarter

Beiträge: 16
#2 Ich habe mich nun entschlossen, meine Daten zu sichern und mein System neu aufzusetzen. Dennoch wäre ich sehr dankbar, wenn jemand von Ihnen mal über die Logfiles schaut und mir berichtet was dort Sache ist und worauf ich beim Migrieren meiner Daten achten sollte. Wie kann ich sicherstellen dass sich mein neues System nicht durch meine Daten infiziert? Welche der seltsamen Vorkommnisse sind auf eine Infizierung zurückzuführen?

Lieben Dank!
Seitenanfang Seitenende
03.04.2012, 07:44
Moderator

Beiträge: 5694
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: