2 Teil
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.05.02 14:36:24 | 00,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.08.16 20:33:31 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2009.12.11 21:22:45 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009.12.08 20:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2009.12.08 20:33:44 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Microsoft Games
[2009.12.05 15:07:17 | 00,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Google
[2009.10.03 10:54:35 | 00,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe12CD.dll
========== Files - Modified Within 14 Days ==========
[2009.12.12 23:01:19 | 02,097,152 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat
[2009.12.12 22:51:04 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A19E2154-D2C3-45F8-92FB-A0D12EACFAB5}.job
[2009.12.12 22:03:38 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.12 22:03:38 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.12 20:15:35 | 09,418,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.12.12 19:55:07 | 00,076,760 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009.12.12 19:38:49 | 01,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.12 19:38:49 | 00,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.12 19:38:49 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.12 19:38:49 | 00,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.12 19:38:49 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.12 19:26:15 | 00,328,564 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.12.12 19:26:14 | 00,328,564 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.12.12 18:03:39 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.11 23:56:33 | 00,720,928 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009.12.11 23:34:11 | 00,004,592 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2009.12.11 20:52:07 | 00,001,886 | ---- | M] () -- C:\Windows\System32\%LocalXml%
[2009.12.10 21:39:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.10 21:39:21 | 34,868,22400 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.09 21:17:55 | 00,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000002.regtrans-ms
[2009.12.09 21:17:55 | 00,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000001.regtrans-ms
[2009.12.09 21:17:55 | 00,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TM.blf
[2009.12.09 21:17:48 | 03,140,818 | -H-- | M] () -- C:\Users\Sebastian\AppData\Local\IconCache.db
[2009.12.09 21:12:54 | 00,062,976 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.08 20:38:57 | 00,001,036 | ---- | M] () -- C:\Users\Sebastian\Desktop\age3y.exe - Verknüpfung.lnk
[2009.12.08 20:26:47 | 00,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2009.11.29 12:55:00 | 00,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{d5fd0768-a077-11de-860d-001cc02084c7}.TMContainer00000000000000000001.regtrans-ms
[2009.11.29 12:55:00 | 00,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{d5fd0768-a077-11de-860d-001cc02084c7}.TM.blf
========== Files Created - No Company Name ==========
[2009.12.11 20:52:07 | 00,001,886 | ---- | C] () -- C:\Windows\System32\%LocalXml%
[2009.12.08 20:38:57 | 00,001,036 | ---- | C] () -- C:\Users\Sebastian\Desktop\age3y.exe - Verknüpfung.lnk
[2009.12.08 20:26:47 | 00,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2009.12.04 18:45:37 | 00,524,288 | -HS- | C] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000002.regtrans-ms
[2009.12.04 18:45:37 | 00,524,288 | -HS- | C] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000001.regtrans-ms
[2009.12.04 18:45:37 | 00,065,536 | -HS- | C] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TM.blf
[2009.10.11 11:58:26 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.10 17:05:23 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.19 17:59:36 | 00,001,669 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.08.19 17:41:32 | 00,062,976 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.18 20:41:51 | 00,328,564 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.18 20:24:52 | 00,328,564 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.17 19:11:42 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.16 14:39:25 | 00,001,356 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996.04.03 20:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2009.11.15 17:17:02 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Image Zone Express
[2009.10.03 10:58:56 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MyPhoneExplorer
[2009.11.15 16:06:07 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Printer Info Cache
[2009.08.21 18:36:07 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SPORE
[2009.08.19 17:08:57 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2009.12.09 21:18:07 | 00,023,666 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.12.12 22:51:04 | 00,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A19E2154-D2C3-45F8-92FB-A0D12EACFAB5}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008.01.19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll