iexplore.exe zwei mal in Taskmanager

#16 der malbytes log hängt als anhang dran, die gefundenen infektionen hab ich noch nicht gefixt.

hier der rsit log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-12-08 09:39:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (33%) free of 39 GB
Total RAM: 511 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:39:37, on 08.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org 2.1\program\soffice.exe
C:\Programme\OpenOffice.org 2.1\program\soffice.BIN
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Microsoft Office\Office\EXCEL.EXE
C:\Dokumente und Einstellungen\USER\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\USER.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.115.1:3128;http=192.168.115.1:3128;https=192.168.115.1:3128;socks=192.168.115.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;192.168.115.2*;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ASM] "C:\Programme\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programme\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run VNC Server.lnk = C:\Programme\RealVNC\VNC4\winvnc4.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124194577609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246437461671
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4CF88E7-822C-42C0-B18A-B1CA81A2120A}: NameServer = 192.168.2.254
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5472 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Corel Reminder"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2009-12-04 1727640]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2009-12-04 1731932]
"OpwareSE2"=C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2009-12-04 1759684]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2009-12-04 1757700]
"ASM"=C:\Programme\AOL\Active Security Monitor\ASMonitor.exe HIDEMAIN []
"Windows Defender"=C:\Programme\Windows Defender\MSASCui.exe [2009-12-04 1730912]
"F-PROT Antivirus Tray application"=C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2009-12-04 1758052]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-04 1734748]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-12-04 1758080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE
Run VNC Server.lnk - C:\Programme\RealVNC\VNC4\winvnc4.exe

C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE
OpenOffice.org 2.1.lnk - C:\Programme\OpenOffice.org 2.1\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe"="C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:*isabled:NAVBrowser"
"C:\Programme\Alcatel_PIMphony\aocWiz.exe"="C:\Programme\Alcatel_PIMphony\aocWiz.exe:*:EnabledIMphony configuration."
"C:\Programme\ALCATEL\PM5\R110_13.3\bin\pm5.exe"="C:\Programme\ALCATEL\PM5\R110_13.3\bin\pm5.exe:*:Enabled:Configuration program for Alcatel Alisé PBX systems"
"C:\Programme\RealVNC\VNC4\winvnc4.exe"="C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server for Win32"
"C:\Programme\Alcatel_PIMphony\aoconfig.exe"="C:\Programme\Alcatel_PIMphony\aoconfig.exe:*:EnabledIMphony configuration."
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\Programme\SlimBrowser\sbrowser.exe"="C:\Programme\SlimBrowser\sbrowser.exe:*isabled:FlashPeak SlimBrowser"
"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*isabled:Internet Explorer"
"C:\Programme\SoundControl\SoundControl.exe"="C:\Programme\SoundControl\SoundControl.exe:*isabled:SoundControl"
"C:\Programme\SoundControl\Jukebox.exe"="C:\Programme\SoundControl\Jukebox.exe:*isabled:Jukebox"
"C:\Programme\Network Print Monitor\KMNV.exe"="C:\Programme\Network Print Monitor\KMNV.exe:*:Enabled:Network Print Monitor"
"C:\Programme\Java\jre1.5.0_07\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_07\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\MAGIX\Music_Manager\MusicManager.exe"="C:\MAGIX\Music_Manager\MusicManager.exe:*:Enabled:MAGIX Music Manager 2005"
"C:\Programme\LINSS-Scan\SCAN.exe"="C:\Programme\LINSS-Scan\SCAN.exe:*:Enabled:Linss Scanmodul für Formula Barcode-Scanner"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Auerswald\JRE 1.4.2\bin\rmid.exe"="C:\Programme\Auerswald\JRE 1.4.2\bin\rmid.exe:*:Enabled:rmid"
"C:\Programme\JAlbum 6.5\JAlbumWin.exe"="C:\Programme\JAlbum 6.5\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\Programme\Active Network Monitor\ActiveNetworkMonitor.exe"="C:\Programme\Active Network Monitor\ActiveNetworkMonitor.exe:*:Enabled:Active Network Monitor"
"C:\WINDOWS\system32\wkgoco .exe"="C:\WINDOWS\system32\wkgoco .exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-07 07:51:12 ----D---- C:\Programme\ESET
2009-12-07 07:26:45 ----D---- C:\WINDOWS\ERDNT
2009-12-07 07:25:46 ----D---- C:\Programme\ERUNT
2009-12-07 07:06:22 ----D---- C:\Avenger
2009-12-07 07:06:22 ----A---- C:\avenger.txt
2009-12-07 07:04:36 ----A---- C:\zip.exe
2009-12-07 07:04:36 ----A---- C:\cleanup.exe
2009-12-07 07:04:36 ----A---- C:\cleanup.bat
2009-12-03 13:57:19 ----D---- C:\rsit
2009-12-02 06:53:51 ----D---- C:\Programme\WinBudget
2009-11-30 14:36:29 ----D---- C:\Programme\Panda Security
2009-11-30 07:04:33 ----D---- C:\Programme\TeaTimer (Spybot - Search & Destroy)
2009-11-30 07:04:25 ----D---- C:\Programme\Misc. Support Library (Spybot - Search & Destroy)
2009-11-30 07:04:08 ----D---- C:\Programme\SDHelper (Spybot - Search & Destroy)
2009-11-30 07:03:58 ----D---- C:\Programme\File Scanner Library (Spybot - Search & Destroy)
2009-11-27 13:35:19 ----D---- C:\Programme\CCleaner
2009-11-25 12:45:07 ----A---- C:\WINDOWS\aopr.ini
2009-11-25 12:44:58 ----D---- C:\Programme\ElcomSoft
2009-11-25 11:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 11:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-11 10:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-08 07:57:47 ----D---- C:\WINDOWS\Prefetch
2009-12-08 07:13:26 ----D---- C:\Programme\Mozilla Firefox
2009-12-08 06:58:54 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-08 06:58:51 ----D---- C:\WINDOWS\system32\drivers
2009-12-08 06:49:17 ----D---- C:\WINDOWS\Temp
2009-12-08 06:49:07 ----SD---- C:\WINDOWS\Tasks
2009-12-08 06:48:09 ----D---- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\OpenOffice.org2
2009-12-07 16:24:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-07 10:25:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-07 10:25:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-07 10:07:19 ----D---- C:\Programme\Winamp
2009-12-07 09:38:31 ----D---- C:\WINDOWS\system32
2009-12-07 08:53:47 ----D---- C:\WINDOWS
2009-12-07 07:51:12 ----RD---- C:\Programme
2009-12-04 14:50:13 ----D---- C:\Programme\Windows Defender
2009-12-04 14:17:30 ----A---- C:\WINDOWS\system32\nerocheck.exe
2009-12-04 11:36:12 ----D---- C:\Programme\Adobe
2009-12-04 11:05:49 ----SHD---- C:\WINDOWS\Installer
2009-12-04 11:05:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-12-04 11:03:18 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-12-04 11:03:06 ----D---- C:\WINDOWS\WinSxS
2009-12-04 10:47:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-04 07:23:47 ----D---- C:\Programme\Messenger
2009-12-03 16:58:30 ----A---- C:\WINDOWS\system32\nerocheck.exe.delme146
2009-12-03 11:42:46 ----D---- C:\Programme\Auerswald
2009-12-03 11:15:31 ----D---- C:\Programme\Java
2009-12-03 11:15:30 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-02 14:27:22 ----HD---- C:\WINDOWS\inf
2009-12-01 08:13:51 ----D---- C:\Programme\Gemeinsame Dateien\Softwin
2009-12-01 08:13:49 ----A---- C:\WINDOWS\win.ini
2009-12-01 07:48:33 ----D---- C:\Programme\Spybot - Search & Destroy
2009-11-30 14:13:36 ----HDC---- C:\WINDOWS\ie8
2009-11-30 14:13:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-30 13:59:20 ----D---- C:\Programme\Google
2009-11-30 13:54:41 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-30 09:32:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-11-27 14:04:18 ----D---- C:\Programme\eXPert PDF
2009-11-27 14:00:53 ----D---- C:\WINDOWS\Debug
2009-11-27 13:12:48 ----A---- C:\WINDOWS\system32\cfax_nt.exe
2009-11-25 12:43:18 ----D---- C:\netz
2009-11-25 11:05:50 ----D---- C:\Programme\DSLCOMP
2009-11-25 10:58:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-13 12:11:43 ----D---- C:\Programme\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2005-05-04 27648]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701952]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AEC671X;AEC671X; C:\WINDOWS\System32\drivers\AEC671X.SYS [1998-05-05 12128]
S1 DMX3191;DMX3191; C:\WINDOWS\System32\drivers\DMX3191.SYS [1999-02-22 17700]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 UDNT;UDNT; C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 76260]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 STIrUsb;SigmaTel USB-IrDA-Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FPAVServer;F-PROT Antivirus for Windows system; C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2009-08-27 75424]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:\Programme\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WinVNC4;VNC Server Version 4; C:\Programme\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


und hier rsit info.txt:

info.txt logfile of random's system information tool 1.06 2009-12-08 09:39:42

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Programme\7-Zip\Uninstall.exe"
AcronisTrueImage-->C:\Programme\Acronis\TrueImage\MediaBuilder.exe -uninstall
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Image Viewer Plugin 4.0-->C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\ImageViewer\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\ImageViewer\Install.log
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Alcatel PIMphony 4.0 (Build 151)-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Alcatel_PIMphony\Uninst.isu -c"C:\Programme\Alcatel_PIMphony\aocuinst.dll"
Alcatel PM5 R110 13.3-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\ALCATEL\PM5\R110_13.3\Uninst.isu -cC:\Programme\ALCATEL\PM5\R110_13.3\_UnInstall.dll ?C:\Programme\ALCATEL\PM5\R110_13.3?PM5 PMI110 13.3
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\setup.exe" -l0x7
Audiograbber 1.83 SE -->C:\WINDOWS\uninstall\Audiograbber\setup.exe
Auerswald UNI TSP Treiber-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\auertapi.inf,DefaultInstall,12
Avery Zweckform WinLabel 3.0-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\WinLabel 3.0\Uninst.isu" -c"C:\Programme\WinLabel 3.0\_UNODBC.DLL"
Canon CanoScan Toolbox 4.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\setup.exe" -l0x7 anything
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
COM1-Zugriff-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Projekt1\ST6UNST.LOG"
ConTEXT-->"C:\Programme\ConTEXT\unins000.exe"
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
CorelDRAW 10_TV-->C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10-->MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
DATANORM Datenverwaltung-->C:\WINDOWS\ST5UNST.EXE -n "C:\Programme\DATANV05\ST5UNST.LOG"
DSLCOMP EVN Tool-->MsiExec.exe /X{59AA0CBF-8B73-4FC7-A856-4746285A94A4}
EasyGen-->C:\WINDOWS\IsUninst.exe -fC:\Programme\Datalogic\EasyGen\UnInEGDV.isu
EDV-Lexikon Version 2005.0824-->C:\Programme\EDV-Lexikon\unins000.exe
ERUNT 1.1j-->C:\Programme\ERUNT\unins000.exe
Ethereal 0.99.0-->"C:\Programme\Ethereal\uninstall.exe"
Firefox Windows Media Player XPI-->C:\PROGRA~1\RadioXpi\UNWISE.EXE C:\PROGRA~1\RadioXpi\INSTALL.LOG
F-PROT Antivirus for Windows-->MsiExec.exe /I{E58B329B-FB28-4874-90DE-0D7CB2709267}
F-PROT Antivirus Updater Fix-->MsiExec.exe /I{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}
Free PDF to Word Doc Converter v1.1-->"C:\Programme\Free PDF to Word Doc Converter\unins000.exe"
GaebWriter-->C:\Programme\GaebWriter\uninstall.exe
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
JAlbum 6.5-->C:\Programme\JAlbum 6.5\Uninstall.exe
JAlbum-->"C:\Programme\JAlbum\Uninstall_JAlbum\Uninstall JAlbum.exe"
JRE 1.4.2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}\setup.exe" -l0x7
Klick Thumbnails Xpress 2.0-->C:\Programme\Klick-Thumbnails-Xpress\unins000.exe
LANconfig-->C:\Programme\LANCOM\setup.exe /remove:LANconfig
LANmonitor/WLANmonitor-->C:\Programme\LANCOM\setup.exe /remove:LANmonitor
LINSS Scanmodul 1.0-->"C:\Programme\LINSS-Scan\unins000.exe"
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
MAGIX Foto Manager-->C:\MAGIX\Foto_Manager\instslct.exe
MAGIX Fotos auf CD & DVD 4.5-->C:\MAGIX\Fotos_auf_CD_DVD_45\instslct.exe
MAGIX Media Manager 2004 silver-->C:\MAGIX\Media_Manager_2004\instslct.exe
MAGIX Music Manager-->C:\MAGIX\Music_Manager\instslct.exe
MAGIX Online Druck Service-->C:\PROGRA~1\MAGIXO~1\\\UNWISE.EXE C:\PROGRA~1\MAGIXO~1\\\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
map&guide 9 -->C:\WINDOWS\IsUn0407.exe -fC:\Programme\mg9\mg9.isu
map&guide 9 Karte Deutschland City-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\mg9\mg9d7.isu
map&guide 9 Karte Mitteleuropa City-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\mg9\mg9me7.isu
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Office 2000 SR-1 Small Business-->MsiExec.exe /I{00030407-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nemo's Aquarium 3D-->"C:\Programme\Nemo's Aquarium 3D\unins000.exe"
Nero OEM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroMIX-->C:\WINDOWS\UNNMIX.exe /UNINSTALL
Network Print Monitor-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2602CC0D-53DA-48BD-849D-E4C1E698AE83} /l1031
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenOffice.org 2.1-->MsiExec.exe /I{8FB1A5EA-7DA8-4D57-80FB-BD923CCCC852}
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
Paula für Windows-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\DataDesign\PaulaWin\Uninst.isu -c"C:\Programme\DataDesign\PaulaWin\_ISREG32.DLL"
PDFCreator-->C:\Programme\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Programme\PhotoFiltre\Uninst.exe"
PowerArchiver-->C:\Programme\PowerArchiver\UNINST.EXE
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SiSoftware Sandra 2002 Standard-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\SiSoftware\SiSoftware Sandra 2002 Standard\Uninst.isu"
SlimBrowser (remove only)-->"C:\Programme\SlimBrowser\uninst.exe"
SoundControl 2.5b-->MsiExec.exe /X{13063FAD-1E42-4C8C-A68E-079A1625CEDE}
Spybot - Search & Destroy 1.4-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins001.exe"
TerRender version 4.3-->C:\Programme\TerRender\unins000.exe
TextPad 4-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\TextPad 4\Uninst.isu"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uninstall WHFC-->C:\WINDOWS\IsUninst.exe -fC:\Programme\WHFC\WHFC\Uninst.isu
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VNC 4.0-->C:\Programme\RealVNC\VNC4\unins000.exe
WALTER LINSS Nachf. GmbH-->MsiExec.exe /I{D58AEE39-6F42-4285-9F29-AAC8B53827EF}
Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Sicherungsprogramm-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinPcap 4.0.2-->C:\Programme\WinPcap\uninstall.exe
Xerox DocuPrint C15-C11-->xcp2w2un.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XnView 1.82.4-->C:\Programme\XnView\unins000.exe

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-11-26]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-11-26]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-26]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-11-26]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-26]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-11-26]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-26]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Dokumente und Einstellungen\USER\ubf.exe \s [2009-11-26]
O4 - HKLM\..\Run: [KEWelcomeReBoot] D:\welcome_S500.exe [2009-11-26]
O4 - HKLM\..\Run: [wkgoco] C:\WINDOWS\system32\wkgoco.exe \u [2009-11-26]
O14 - IERESET.INF: START_PAGE_URL=http://192.168.115.1:3128/ken2000.html [2009-11-26]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ [2009-11-27]
O4 - HKLM\..\Run: [CapiFax Monitor] C:\WINDOWS\system32\CFAX_NT.EXE [2009-11-27]
O4 - HKLM\..\Run: [TrayCenter] "C:\Programme\IP Traffic Monitor\TrayCenter.exe" [2009-11-27]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: F-PROT Antivirus for Windows

======System event log======

Computer Name: MEIER
Event Code: 7023
Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


Record Number: 44082
Source Name: Service Control Manager
Time Written: 20091203082447.000000+060
Event Type: Fehler
User:

Computer Name: MEIER
Event Code: 7036
Message: Dienst "Anwendungsverwaltung" befindet sich jetzt im Status "Beendet".

Record Number: 44081
Source Name: Service Control Manager
Time Written: 20091203082447.000000+060
Event Type: Informationen
User:

Computer Name: MEIER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Anwendungsverwaltung" gesendet.

Record Number: 44080
Source Name: Service Control Manager
Time Written: 20091203082447.000000+060
Event Type: Informationen
User: MEIER\USER

Computer Name: MEIER
Event Code: 7023
Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


Record Number: 44079
Source Name: Service Control Manager
Time Written: 20091203082447.000000+060
Event Type: Fehler
User:

Computer Name: MEIER
Event Code: 7036
Message: Dienst "Anwendungsverwaltung" befindet sich jetzt im Status "Beendet".

Record Number: 44078
Source Name: Service Control Manager
Time Written: 20091203082447.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: MEIER
Event Code: 1
Message: Connections: accepted: 192.168.2.16::2668



Record Number: 8330
Source Name: WinVNC4
Time Written: 20091109124325.000000+060
Event Type: Informationen
User:

Computer Name: MEIER
Event Code: 1
Message: Connections: closed: 192.168.2.16::2334 (write: Connection reset by peer (10054))



Record Number: 8329
Source Name: WinVNC4
Time Written: 20091109123351.000000+060
Event Type: Informationen
User:

Computer Name: MEIER
Event Code: 1
Message: Connections: accepted: 192.168.2.16::2334



Record Number: 8328
Source Name: WinVNC4
Time Written: 20091109123308.000000+060
Event Type: Informationen
User:

Computer Name: MEIER
Event Code: 1
Message: Connections: closed: 192.168.2.16::1782 (write: Connection reset by peer (10054))



Record Number: 8327
Source Name: WinVNC4
Time Written: 20091109120656.000000+060
Event Type: Informationen
User:

Computer Name: MEIER
Event Code: 1
Message: Connections: accepted: 192.168.2.16::1782



Record Number: 8326
Source Name: WinVNC4
Time Written: 20091109120625.000000+060
Event Type: Informationen
User:

======Environment variables======

"AUER_JRE_HOME_1_4_2"=C:\Programme\Auerswald\JRE 1.4.2
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"laufwerke"=Devmgr_show_details=1
"laufwerke1"=Devmgr_show_nonpresent_devices=1
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\GIS\Tools
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0801
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

#17 Ist noch nicht alles raus!

>>>
Wo hast Du Dir
C:\Programme\Spybot - Search & Destroy
gedownloaded?

>>>
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.

#18 Spybot hab ich schon ewig drauf und bin der meinung, dass ichs von www.chip.de gedownloaded hab. bin mir aber nicht sicher.



hier die OTL.txt

Code

OTL logfile created on: 09.12.2009 07:15:56 - Run 1
OTL by OldTimer - Version 3.1.11.9     Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 95,13 Mb Available Physical Memory | 18,60% Memory free
1,22 Gb Paging File | 0,68 Gb Available in Paging File | 55,51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,21 Gb Total Space | 12,40 Gb Free Space | 32,46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 38,12 Gb Total Space | 37,96 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEIER
Current User Name: USER
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\CyberLink\PowerDVD\pdvdserv.exe (Microsoft Corporation)
PRC - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.1\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.1\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\RealVNC\VNC4\wm_hooks.dll (RealVNC Ltd.)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (FPAVServer) -- C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (FPAV_RTP) -- C:\WINDOWS\system32\drivers\FStopW.sys (FRISK Software International)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (PxHelp20) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cmuda) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.)
DRV - (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (asc) -- C:\WINDOWS\System32\drivers\ASC.SYS (Advanced System Products, Inc.)
DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc.              )
DRV - (DMX3191) -- C:\WINDOWS\System32\drivers\DMX3191.SYS (Microsoft Corporation)
DRV - (UDNT) -- C:\WINDOWS\system32\drivers\udnt.sys ()
DRV - (AEC671X) -- C:\WINDOWS\System32\drivers\AEC671X.SYS (Acard Technology Corp.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;192.168.115.2*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=192.168.115.1:3128;http=192.168.115.1:3128;https=192.168.115.1:3128;socks=192.168.115.1:1080
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..network.proxy.ftp: "192.168.115.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.115.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,192.168.115.2*,localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks: "192.168.115.1"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "192.168.115.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.04.28 06:32:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.12.04 11:03:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.08.27 07:40:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.04 11:03:20 | 00,000,000 | ---D | M]
 
[2009.04.28 14:33:41 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions
[2009.12.08 07:13:29 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions
[2006.11.14 08:45:27 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\{2069a8c8-fad1-424b-b76c-d7f33d77dc4c}
[2006.11.14 08:45:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\{e0c7b854-d5ce-4db6-9804-be1438603d89}
[2009.08.10 09:50:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2009.08.10 09:50:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2006.09.29 12:40:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\greenshift@shift.themes
[2009.12.08 07:13:30 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2005.12.05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npmozax.dll
[2006.02.02 12:16:38 | 00,628,256 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npzzatif.dll
[2008.03.15 14:56:14 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 12:19:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (358622 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 12309 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASM] C:\Programme\AOL\Active Security Monitor\ASMonitor.exe File not found
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\fprottray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\nerocheck.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\pdvdserv.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Run VNC Server.lnk = C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\OpenOffice.org 2.1.lnk = C:\Programme\OpenOffice.org 2.1\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124194577609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246437461671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.01.18 11:56:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009.12.09 07:13:57 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2009.12.09 06:52:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.12.08 12:10:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Adobe
[2009.12.07 14:50:27 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\Meine empfangenen Dateien
[2009.12.07 07:51:12 | 00,000,000 | ---D | C] -- C:\Programme\ESET
[2009.12.07 07:26:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.12.07 07:25:46 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.12.07 07:24:49 | 00,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\USER\Desktop\erunt-setup.exe
[2009.12.04 10:55:11 | 28,565,216 | ---- | C] (                                   ) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\AdbeRdr920_de_DE.exe
[2009.12.03 13:57:19 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.30 14:37:49 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009.11.30 14:36:29 | 00,000,000 | ---D | C] -- C:\Programme\Panda Security
[2009.11.30 07:04:33 | 00,000,000 | ---D | C] -- C:\Programme\TeaTimer (Spybot - Search & Destroy)
[2009.11.30 07:04:25 | 00,000,000 | ---D | C] -- C:\Programme\Misc. Support Library (Spybot - Search & Destroy)
[2009.11.30 07:04:08 | 00,000,000 | ---D | C] -- C:\Programme\SDHelper (Spybot - Search & Destroy)
[2009.11.30 07:03:58 | 00,000,000 | ---D | C] -- C:\Programme\File Scanner Library (Spybot - Search & Destroy)
[2009.11.27 13:58:20 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\USER\Recent
[2009.11.27 13:35:19 | 00,000,000 | ---D | C] -- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
[2009.11.27 13:33:49 | 03,326,576 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\ccsetup226.exe
[2009.11.27 08:31:18 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.11.27 08:29:19 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\.housecall6.6
[2009.11.25 12:44:58 | 00,000,000 | ---D | C] -- C:\Programme\ElcomSoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009.12.09 07:14:20 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2009.12.09 07:02:04 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009.12.09 06:50:29 | 00,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.12.09 06:47:33 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.09 06:47:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.09 06:47:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.09 06:47:06 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.08 16:24:26 | 10,223,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\USER\NTUSER.DAT
[2009.12.08 16:24:26 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\USER\ntuser.ini
[2009.12.08 16:21:24 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009.12.08 15:22:25 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009.12.08 14:42:45 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009.12.08 13:21:26 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009.12.08 12:09:59 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009.12.08 11:00:12 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009.12.08 10:02:31 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009.12.08 09:54:41 | 00,000,068 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2009.12.08 09:54:41 | 00,000,062 | ---- | M] () -- C:\WINDOWS\ptw.cfg
[2009.12.08 09:54:40 | 00,002,221 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2009.12.08 09:33:59 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009.12.08 08:10:24 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009.12.07 07:28:26 | 00,000,216 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\regfix.reg
[2009.12.07 07:24:56 | 00,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\USER\Desktop\erunt-setup.exe
[2009.12.07 07:04:36 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009.12.07 07:04:36 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009.12.07 07:04:36 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009.12.04 14:17:30 | 01,727,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nerocheck.exe
[2009.12.04 11:03:22 | 00,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2009.12.04 10:57:54 | 28,565,216 | ---- | M] (                                   ) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\AdbeRdr920_de_DE.exe
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.12.03 12:22:59 | 00,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\RSIT.exe
[2009.12.02 12:07:48 | 00,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Microsoft Word.lnk
[2009.12.02 07:50:11 | 00,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Microsoft Excel.lnk
[2009.12.01 11:41:21 | 00,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Verknüpfung mit HJT.exe.lnk
[2009.12.01 08:52:29 | 00,292,352 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\d7h2wl1k.exe
[2009.12.01 08:13:49 | 00,001,619 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.11.30 14:35:51 | 00,177,432 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\activescan2_de.exe
[2009.11.30 09:39:15 | 00,358,622 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.27 14:07:02 | 00,131,752 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\cc_20091127_140604.reg
[2009.11.27 13:34:23 | 03,326,576 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\ccsetup226.exe
[2009.11.27 13:12:48 | 00,226,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\cfax_nt.exe
[2009.11.27 08:29:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.11.25 17:18:06 | 00,001,859 | ---- | M] () -- C:\WINDOWS\aopr.ini
[2009.11.11 10:48:53 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2009.12.07 07:28:22 | 00,000,216 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\regfix.reg
[2009.12.07 07:04:36 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009.12.07 07:04:36 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009.12.07 07:04:36 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009.12.07 07:02:34 | 00,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\avenger.exe
[2009.12.04 11:03:22 | 00,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2009.12.03 12:22:48 | 00,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\RSIT.exe
[2009.12.01 11:41:21 | 00,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Verknüpfung mit HJT.exe.lnk
[2009.12.01 08:52:26 | 00,292,352 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\d7h2wl1k.exe
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2009.11.30 14:35:40 | 00,177,432 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\activescan2_de.exe
[2009.11.30 07:23:42 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009.11.27 14:06:46 | 00,131,752 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\cc_20091127_140604.reg
[2009.11.25 12:45:07 | 00,001,859 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2009.05.12 07:55:33 | 00,001,036 | ---- | C] () -- C:\WINDOWS\vde701.ini
[2009.04.28 15:08:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009.04.28 13:21:53 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008.12.19 10:02:21 | 00,000,262 | ---- | C] () -- C:\WINDOWS\linss.ini
[2007.11.06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.05.29 13:44:19 | 00,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.11.27 10:35:18 | 00,000,041 | ---- | C] () -- C:\WINDOWS\pos.ini
[2006.11.27 09:56:45 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2006.11.14 08:52:35 | 00,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006.11.14 08:50:34 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\HDKLNG32.dll
[2006.11.14 08:38:51 | 00,000,025 | ---- | C] () -- C:\WINDOWS\TempLang.ini
[2006.11.01 14:22:47 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.18 08:47:45 | 00,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2006.10.18 06:18:27 | 00,000,377 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5.INI
[2006.10.18 06:15:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.10.18 06:11:51 | 00,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.06.07 09:55:50 | 00,000,136 | ---- | C] () -- C:\WINDOWS\uni.ini
[2006.05.03 06:22:00 | 00,308,224 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006.05.03 06:22:00 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006.05.02 12:57:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\WinPaula.ini
[2006.05.02 12:57:47 | 00,000,049 | ---- | C] () -- C:\WINDOWS\paula.ini
[2006.03.20 11:27:10 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDELQ5902090E.ini
[2006.02.21 14:16:24 | 00,000,672 | ---- | C] () -- C:\WINDOWS\3dtrack.INI
[2006.02.21 11:53:14 | 00,002,819 | ---- | C] () -- C:\WINDOWS\track.INI
[2006.02.01 15:37:47 | 00,000,223 | ---- | C] () -- C:\WINDOWS\KcMV3DGD.ini
[2006.01.31 14:43:12 | 00,000,579 | ---- | C] () -- C:\WINDOWS\PCRAIL.INI
[2006.01.31 14:20:41 | 00,000,045 | ---- | C] () -- C:\WINDOWS\FLPlan.INI
[2006.01.05 07:24:11 | 00,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll
[2006.01.05 07:24:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll
[2006.01.05 07:24:11 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\AuerUsbJNINative.dll
[2005.11.17 20:15:22 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005.10.25 05:32:09 | 00,000,205 | ---- | C] () -- C:\WINDOWS\bustout.ini
[2005.09.06 05:36:18 | 00,000,047 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2005.08.30 10:18:47 | 00,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005.08.30 10:16:43 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2005.08.30 06:47:11 | 00,076,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2005.07.28 12:59:55 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\whfcmon.dll
[2005.07.27 12:05:35 | 00,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\AlbumCoverFinder Prefs.txt
[2005.07.22 06:08:57 | 00,047,910 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2005.07.14 09:31:35 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2005.07.12 14:37:16 | 00,000,271 | ---- | C] () -- C:\WINDOWS\GaebWriter.INI
[2005.07.05 09:01:52 | 00,000,193 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2005.06.30 13:47:16 | 00,000,291 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2005.05.19 13:05:27 | 00,000,033 | ---- | C] () -- C:\WINDOWS\eroart.ini
[2005.05.04 14:43:30 | 00,000,248 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2005.05.04 12:55:55 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.01.31 07:48:37 | 00,022,992 | ---- | C] () -- C:\WINDOWS\System32\CFAXMON.DLL
[2005.01.26 15:53:30 | 00,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2005.01.25 14:55:26 | 00,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2005.01.25 10:20:26 | 00,217,088 | R--- | C] () -- C:\WINDOWS\rdmwin32a.dll
[2005.01.25 10:00:03 | 00,018,597 | ---- | C] () -- C:\WINDOWS\Cstasp.ini
[2005.01.25 07:42:45 | 00,021,729 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Tabulatorgetrennte Werte (DOS).ADR
[2005.01.25 07:38:23 | 00,021,733 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR
[2005.01.25 07:00:58 | 00,037,206 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Microsoft Excel.ADR
[2005.01.24 10:32:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini
[2005.01.24 10:05:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MG.INI
[2005.01.24 09:29:20 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.01.20 11:50:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.01.20 11:28:31 | 00,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\sversion.ini
[2005.01.20 10:23:26 | 00,190,464 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.19 07:33:02 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005.01.19 07:28:13 | 00,001,296 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.01.19 07:14:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\capi2032.dll
[2005.01.19 06:52:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005.01.19 06:52:30 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005.01.19 06:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005.01.19 06:52:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005.01.19 06:52:25 | 00,116,930 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2005.01.19 06:52:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005.01.19 06:51:46 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005.01.19 06:51:46 | 00,002,598 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2002.02.27 08:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002.02.27 08:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002.02.27 08:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000.10.16 18:16:38 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 18:16:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 22:00:00 | 00,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.10.23 18:29:44 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999.08.11 15:28:02 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.05.21 21:10:00 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.04.11 21:54:20 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1999.01.26 22:00:00 | 00,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 00:06:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
< End of report >

und hier die extras.txt

Code

OTL Extras logfile created on: 09.12.2009 07:15:56 - Run 1
OTL by OldTimer - Version 3.1.11.9     Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 95,13 Mb Available Physical Memory | 18,60% Memory free
1,22 Gb Paging File | 0,68 Gb Available in Paging File | 55,51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,21 Gb Total Space | 12,40 Gb Free Space | 32,46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 38,12 Gb Total Space | 37,96 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEIER
Current User Name: USER
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\Programme\Alcatel_PIMphony\aocWiz.exe" = C:\Programme\Alcatel_PIMphony\aocWiz.exe:*:Enabled:PIMphony configuration. -- (Alcatel)
"C:\Programme\ALCATEL\PM5\R110_13.3\bin\pm5.exe" = C:\Programme\ALCATEL\PM5\R110_13.3\bin\pm5.exe:*:Enabled:Configuration program for Alcatel Alisé PBX systems -- ()
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server for Win32 -- (RealVNC Ltd.)
"C:\Programme\Alcatel_PIMphony\aoconfig.exe" = C:\Programme\Alcatel_PIMphony\aoconfig.exe:*:Enabled:PIMphony configuration. -- (Alcatel)
"C:\Programme\SlimBrowser\sbrowser.exe" = C:\Programme\SlimBrowser\sbrowser.exe:*:Disabled:FlashPeak SlimBrowser -- (FlashPeak, Inc.)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\SoundControl\SoundControl.exe" = C:\Programme\SoundControl\SoundControl.exe:*:Disabled:SoundControl -- ()
"C:\Programme\SoundControl\Jukebox.exe" = C:\Programme\SoundControl\Jukebox.exe:*:Disabled:Jukebox -- ()
"C:\Programme\Network Print Monitor\KMNV.exe" = C:\Programme\Network Print Monitor\KMNV.exe:*:Enabled:Network Print Monitor -- (KYOCERA MITA Corporation)
"C:\Programme\Java\jre1.5.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_07\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\MAGIX\Music_Manager\MusicManager.exe" = C:\MAGIX\Music_Manager\MusicManager.exe:*:Enabled:MAGIX Music Manager 2005 -- (MAGIX)
"C:\Programme\LINSS-Scan\SCAN.exe" = C:\Programme\LINSS-Scan\SCAN.exe:*:Enabled:Linss Scanmodul für Formula Barcode-Scanner -- (Walter Linss Nachf. GmbH)
"C:\Programme\Auerswald\JRE 1.4.2\bin\rmid.exe" = C:\Programme\Auerswald\JRE 1.4.2\bin\rmid.exe:*:Enabled:rmid -- File not found
"C:\Programme\JAlbum 6.5\JAlbumWin.exe" = C:\Programme\JAlbum 6.5\JAlbumWin.exe:*:Enabled:JAlbumWin -- ()
"C:\Programme\Active Network Monitor\ActiveNetworkMonitor.exe" = C:\Programme\Active Network Monitor\ActiveNetworkMonitor.exe:*:Enabled:Active Network Monitor -- File not found
"C:\WINDOWS\system32\wkgoco .exe" = C:\WINDOWS\system32\wkgoco .exe:*:Enabled:ENABLE -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00030407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{13063FAD-1E42-4C8C-A68E-079A1625CEDE}" = SoundControl 2.5b
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{2602CC0D-53DA-48BD-849D-E4C1E698AE83}" = Network Print Monitor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2
"{59AA0CBF-8B73-4FC7-A856-4746285A94A4}" = DSLCOMP EVN Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{8FB1A5EA-7DA8-4D57-80FB-BD923CCCC852}" = OpenOffice.org 2.1
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D58AEE39-6F42-4285-9F29-AAC8B53827EF}" = WALTER LINSS Nachf. GmbH
"{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}" = F-PROT Antivirus Updater Fix
"7-Zip" = 7-Zip 4.42
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Image Viewer Plugin" = Adobe Image Viewer Plugin 4.0
"Alcatel PIMphony" = Alcatel PIMphony 4.0 (Build 151)
"Audiograbber" = Audiograbber 1.83 SE 
"Auerswald UNI TSP Treiber" = Auerswald UNI TSP Treiber
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"C-Media Audio" = C-Media 3D Audio
"ConTEXTEditor_is1" = ConTEXT
"Corel Uninstaller" = Corel Uninstaller
"CorelDRAW 10_TV" = CorelDRAW 10_TV
"EasyGen" = EasyGen
"EDV-Lexikon_is1" = EDV-Lexikon Version 2005.0824
"ERUNT_is1" = ERUNT 1.1j
"Ethereal" = Ethereal 0.99.0
"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GaebWriter" = GaebWriter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{2602CC0D-53DA-48BD-849D-E4C1E698AE83}" = Network Print Monitor
"IrfanView" = IrfanView (remove only)
"JAlbum" = JAlbum
"JAlbum_0" = JAlbum 6.5
"Klick-Thumbnails Xpress_is1" = Klick Thumbnails Xpress 2.0
"LANconfig" = LANconfig
"LANmonitor" = LANmonitor/WLANmonitor
"LINSS Scanmodul_is1" = LINSS Scanmodul 1.0
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Fotos auf CD & DVD 4.5" = MAGIX Fotos auf CD & DVD 4.5
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX Music Manager" = MAGIX Music Manager
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"map&guide 9 " = map&guide 9 
"map&guide 9 Karte Deutschland City" = map&guide 9 Karte Deutschland City
"map&guide 9 Karte Mitteleuropa City" = map&guide 9 Karte Mitteleuropa City
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nemo's Aquarium 3D_is1" = Nemo's Aquarium 3D
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NMIX!UninstallKey" = NeroMIX
"Paula" = Paula für Windows
"PhotoFiltre" = PhotoFiltre
"PM5 R110 13.3" = Alcatel PM5 R110 13.3
"PowerArchiver" = PowerArchiver
"RealVNC_is1" = VNC 4.0
"san_std_2002" = SiSoftware Sandra 2002 Standard
"ShockwaveFlash" = Macromedia Flash Player 8
"SlimBrowser" = SlimBrowser (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST5UNST #1" = DATANORM Datenverwaltung
"ST6UNST #1" = COM1-Zugriff
"terrender_is1" = TerRender version 4.3
"TextPad 4" = TextPad 4
"TrueImage" = AcronisTrueImage
"Tweak UI 2.10" = Tweak UI
"WHFC" = Uninstall WHFC
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLabel" = Avery Zweckform WinLabel 3.0
"WinPcapInst" = WinPcap 4.0.2
"Xerox DocuPrint C15-C11" = Xerox DocuPrint C15-C11
"XnView_is1" = XnView 1.82.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:50 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x026c73de.
 
Error - 04.12.2009 05:40:51 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x025c73de.
 
Error - 04.12.2009 05:43:17 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 05:43:17 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\Programme\Adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 06:05:57 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000001.
 
Error - 04.12.2009 06:15:12 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x027273de.
 
[ System Events ]
Error - 09.12.2009 02:06:07 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:08:07 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:10:08 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:12:08 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:14:08 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:16:08 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:18:12 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:20:13 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:22:15 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 02:24:16 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

#19 Download Deljob zum Desktop
Doppelklick: Deljob.exe
Ein logfile wird sich oeffnen (logit.txt)
Kopiere den Inhalt des Berichts “ logit.txtin diesen Thread

>>>
Hosts reparieren

Lade Dir bitte HostsXpert herunter.
Entpacke die Zipdatei und starte das Tool.
Klicke nun auf Restore MS Hosts File--> Ok--> Exit Programm.
Solltest Du kein Zip-Programm haben kannst Du Dir die Testversion von Winzip herunterladen.

>>>
Fixen mit OTL
Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
[2009.12.04 14:50:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2009.12.01 07:09:47 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2009.12.01 07:09:46 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\wkgoco .exe" =-
:Commands
[purity]
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

#20 Guten Morgen Swiss,

hier die log datei von deljob

Code

-------------------------------------------------------- 
No LOP job-files found 
-------------------------------------------------------- 
Files in Windows Tasks folder 
 
At1.job
At10.job
At11.job
At12.job
At13.job
At14.job
At15.job
At16.job
At17.job
At18.job
At19.job
At2.job
At20.job
At21.job
At22.job
At23.job
At24.job
At3.job
At4.job
At5.job
At6.job
At7.job
At8.job
At9.job
MP Scheduled Scan.job
-------------------------------------------------------- 
Export App Data folders 
-------------------------------------------------------- 
 Datentr„ger in Laufwerk C: ist Laufwerk C
 Volumeseriennummer: 68FB-6D20

 Verzeichnis von C:\Dokumente und Einstellungen\USER\Anwendungsdaten

04.12.2009  10:48    <DIR>                       .
04.12.2009  10:48    <DIR>                       ..
14.05.2009  09:45    <DIR>                       Adobe
14.04.2005  07:51    <DIR>                       Ahead
27.10.2005  06:47    <DIR>          APPLEC~1     Apple Computer
30.08.2005  10:24    <DIR>                       ArcSoft
05.10.2005  13:12    <DIR>          ASCONI~1     ASCON Installer
30.08.2005  13:25    <DIR>                       Canon
19.01.2005  08:22    <DIR>                       Corel
26.01.2005  16:10    <DIR>          CYBERL~1     CyberLink
30.05.2006  11:54    <DIR>                       Ethereal
14.04.2009  14:40    <DIR>          EXPERT~1     eXPert PDF Editor
15.04.2009  14:22    <DIR>          FRISKS~1     FRISK Software
02.05.2005  07:09    <DIR>          GAEB-V~1     GAEB-Viewer
02.05.2005  07:09    <DIR>                       GKsrv
27.07.2005  08:53    <DIR>                       Google
18.05.2009  13:58    <DIR>                       Help
18.01.2005  12:08    <DIR>          IDENTI~1     Identities
11.07.2005  13:56    <DIR>          LEADER~1     Leadertech
19.05.2005  12:28    <DIR>          MACROM~1     Macromedia
18.10.2006  07:07    <DIR>                       MAGIX
27.03.2009  07:12    <DIR>          MALWAR~1     Malwarebytes
29.05.2007  13:58    <DIR>          MICROS~1     Microsoft
19.01.2005  07:26    <DIR>          MICROS~2     Microsoft Web Folders
27.11.2006  10:55    <DIR>          MOBILE~1     Mobile Master
28.04.2009  14:33    <DIR>                       Mozilla
13.02.2007  09:13    <DIR>                       MWM
13.02.2007  09:30    <DIR>          NIX&KE~1     Nix & Keitel
10.12.2009  06:49    <DIR>          OPENOF~1.ORG OpenOffice.org2
30.08.2005  10:18    <DIR>                       ScanSoft
15.08.2006  05:22    <DIR>                       Sereniti
29.09.2009  12:24    <DIR>          SKYWAR~1     Skyward Software
15.04.2009  13:36    <DIR>          SLIMBR~1     SlimBrowser
18.04.2005  08:08    <DIR>                       Sun
16.02.2005  15:48    <DIR>                       Talkback
19.01.2005  07:24    <DIR>                       TextPad
04.08.2005  13:41    <DIR>          THUMBS~1     ThumbsPlus
16.02.2005  15:48    <DIR>          THUNDE~1     Thunderbird
05.10.2005  12:54    <DIR>          WEBCOM~1     WebCompiler3
07.07.2005  13:44    <DIR>                       XnView
               0 Datei(en)              0 Bytes
              40 Verzeichnis(se), 13.590.728.704 Bytes frei
 Datentr„ger in Laufwerk C: ist Laufwerk C
 Volumeseriennummer: 68FB-6D20

 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

27.11.2009  14:04    <DIR>                       .
27.11.2009  14:04    <DIR>                       ..
04.12.2009  11:05    <DIR>                       Adobe
27.10.2005  06:46    <DIR>          APPLEC~1     Apple Computer
26.01.2005  16:07    <DIR>          CYBERL~1     CyberLink
15.04.2009  05:52    <DIR>          EXPERT~3     eXPert PDF 4
11.04.2007  13:36    <DIR>          FRISKS~1     FRISK Software
02.05.2005  07:09    <DIR>          GAEB-V~1     GAEB-Viewer
02.05.2005  07:09    <DIR>                       GKsrv
27.03.2009  07:11    <DIR>          MALWAR~1     Malwarebytes
17.11.2006  11:52    <DIR>          MICROS~1     Microsoft
13.02.2007  09:29    <DIR>          NIX&KE~1     Nix & Keitel
27.10.2005  06:46    <DIR>          QUICKT~1     QuickTime
13.10.2005  05:43    <DIR>                       RoboForm
27.11.2006  11:08    <DIR>                       RTE
30.08.2005  13:07    <DIR>                       ScanSoft
30.11.2009  09:32    <DIR>          SPYBOT~1     Spybot - Search & Destroy
30.08.2005  13:08    <DIR>          SSSCAN~1     SSScanAppDataDir
30.08.2005  10:18    <DIR>          SSSCAN~2     SSScanWizard
05.01.2007  14:34    <DIR>                       Trymedia
16.08.2005  13:24    <DIR>          WINDOW~1     Windows Genuine Advantage
               0 Datei(en)              0 Bytes
              21 Verzeichnis(se), 13.590.724.608 Bytes frei
-------------------------------------------------------- 
All User Accounts 
-------------------------------------------------------- 
All Users
Gast
USER
-------------------------------------------------------- 

bei hostsexpert gabs ne fehlermeldung beim restore ms hostfiles:

Error: cannot create file C:\windows\system32\drivers\etc\hosts


und hier die OTL logdatei:

Code

All processes killed
========== OTL ==========
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}
C:\WINDOWS\Downloaded Program Files\fscax.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}\ not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\wkgoco .exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 143 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 531230 bytes
->Temporary Internet Files folder emptied: 66358 bytes
 
User: USER
->Temp folder emptied: 5608991 bytes
->Temporary Internet Files folder emptied: 18115509 bytes
->Java cache emptied: 13689588 bytes
->FireFox cache emptied: 67781938 bytes
 
%systemdrive% .tmp files removed: 1048916 bytes
%systemroot% .tmp files removed: 2287147 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
Windows Temp folder emptied: 83032 bytes
RecycleBin emptied: 31100646 bytes
 
Total Files Cleaned = 133,91 mb
 
 
OTL by OldTimer - Version 3.1.11.9 log created on 12102009_070830

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#21 Scanne nochmals mit OTL und poste die beiden neuen Logs

Has du noch Probleme?

#22 also ein ding hatte ich bis eben noch, und zwar ist immer der windows manager aufgepoppt, obwohl ich diesen immer wieder beendet hab und geschlossen.

aber das ursprüngliche problem scheint gelöst zu sein *freu*

hier nochma die OTL.txt

Code

OTL logfile created on: 10.12.2009 10:37:37 - Run 2
OTL by OldTimer - Version 3.1.11.9     Folder = C:\Dokumente und Einstellungen\USER\Desktop\Antiviren-Programme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 102,16 Mb Available Physical Memory | 19,97% Memory free
1,22 Gb Paging File | 0,55 Gb Available in Paging File | 44,93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,21 Gb Total Space | 12,71 Gb Free Space | 33,28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 38,12 Gb Total Space | 37,96 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 460,84 Gb Total Space | 348,77 Gb Free Space | 75,68% Space Free | Partition Type: NTFS
 
Computer Name: MEIER
Current User Name: USER
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Programme\PDF Editor 2\PDFEdit.exe ()
PRC - C:\Dokumente und Einstellungen\USER\Desktop\Antiviren-Programme\OTL.exe (OldTimer Tools)
PRC - C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
PRC - M:\M-Net\Client.exe ( )
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.1\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.1\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\USER\Desktop\Antiviren-Programme\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (FPAVServer) -- C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (FPAV_RTP) -- C:\WINDOWS\system32\drivers\FStopW.sys (FRISK Software International)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (PxHelp20) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cmuda) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (STIrUsb) -- C:\WINDOWS\system32\drivers\irstusb.sys (SigmaTel, Inc.)
DRV - (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (asc) -- C:\WINDOWS\System32\drivers\ASC.SYS (Advanced System Products, Inc.)
DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc.              )
DRV - (DMX3191) -- C:\WINDOWS\System32\drivers\DMX3191.SYS (Microsoft Corporation)
DRV - (UDNT) -- C:\WINDOWS\system32\drivers\udnt.sys ()
DRV - (AEC671X) -- C:\WINDOWS\System32\drivers\AEC671X.SYS (Acard Technology Corp.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;192.168.115.2*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=192.168.115.1:3128;http=192.168.115.1:3128;https=192.168.115.1:3128;socks=192.168.115.1:1080
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..network.proxy.ftp: "192.168.115.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.115.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,192.168.115.2*,localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks: "192.168.115.1"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "192.168.115.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.04.28 06:32:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.12.04 11:03:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.08.27 07:40:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.04 11:03:20 | 00,000,000 | ---D | M]
 
[2009.04.28 14:33:41 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions
[2009.12.09 07:23:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions
[2006.11.14 08:45:27 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\{2069a8c8-fad1-424b-b76c-d7f33d77dc4c}
[2006.11.14 08:45:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\{e0c7b854-d5ce-4db6-9804-be1438603d89}
[2009.08.10 09:50:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2009.08.10 09:50:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2006.09.29 12:40:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\gwy2by4p.default\extensions\greenshift@shift.themes
[2009.12.09 07:23:09 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2005.12.05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npmozax.dll
[2006.02.02 12:16:38 | 00,628,256 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npzzatif.dll
[2008.03.15 14:56:14 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 12:19:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (358622 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 12309 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASM] C:\Programme\AOL\Active Security Monitor\ASMonitor.exe File not found
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Programme\FRISK Software\F-PROT Antivirus for Windows\fprottray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\nerocheck.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\pdvdserv.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Run VNC Server.lnk = C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\OpenOffice.org 2.1.lnk = C:\Programme\OpenOffice.org 2.1\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124194577609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246437461671 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.01.18 11:56:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009.12.10 08:59:05 | 00,000,000 | ---D | C] -- C:\Programme\PDF Editor 2
[2009.12.10 07:08:30 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.12.10 07:02:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\Antiviren-Programme
[2009.12.08 12:10:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Adobe
[2009.12.07 14:50:27 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\Meine empfangenen Dateien
[2009.12.07 07:51:12 | 00,000,000 | ---D | C] -- C:\Programme\ESET
[2009.12.07 07:26:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.12.07 07:25:46 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.12.04 10:55:11 | 28,565,216 | ---- | C] (                                   ) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\AdbeRdr920_de_DE.exe
[2009.12.03 13:57:19 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.30 14:37:49 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009.11.30 14:36:29 | 00,000,000 | ---D | C] -- C:\Programme\Panda Security
[2009.11.30 07:04:33 | 00,000,000 | ---D | C] -- C:\Programme\TeaTimer (Spybot - Search & Destroy)
[2009.11.30 07:04:25 | 00,000,000 | ---D | C] -- C:\Programme\Misc. Support Library (Spybot - Search & Destroy)
[2009.11.30 07:04:08 | 00,000,000 | ---D | C] -- C:\Programme\SDHelper (Spybot - Search & Destroy)
[2009.11.30 07:03:58 | 00,000,000 | ---D | C] -- C:\Programme\File Scanner Library (Spybot - Search & Destroy)
[2009.11.27 13:58:20 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\USER\Recent
[2009.11.27 13:35:19 | 00,000,000 | ---D | C] -- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
[2009.11.27 13:33:49 | 03,326,576 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\ccsetup226.exe
[2009.11.27 08:31:18 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.11.27 08:29:19 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\.housecall6.6
[2009.11.25 12:44:58 | 00,000,000 | ---D | C] -- C:\Programme\ElcomSoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009.12.10 08:59:05 | 00,073,216 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01.exe
[2009.12.10 08:42:47 | 02,073,734 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\pdfeditor_26.exe
[2009.12.10 07:27:20 | 00,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.12.10 07:24:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.10 07:24:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.10 07:24:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.10 07:24:01 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.10 07:23:19 | 10,223,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\USER\NTUSER.DAT
[2009.12.10 07:23:19 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\USER\ntuser.ini
[2009.12.09 15:23:20 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.09 15:23:20 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.09 15:23:19 | 00,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.12.09 15:23:19 | 00,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.12.09 15:23:17 | 01,070,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.12.09 15:18:40 | 00,002,222 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2009.12.09 15:18:40 | 00,000,069 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2009.12.09 15:18:40 | 00,000,062 | ---- | M] () -- C:\WINDOWS\ptw.cfg
[2009.12.09 15:18:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.12.07 07:04:36 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009.12.07 07:04:36 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009.12.07 07:04:36 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009.12.04 14:17:30 | 01,727,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nerocheck.exe
[2009.12.04 11:03:22 | 00,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2009.12.04 10:57:54 | 28,565,216 | ---- | M] (                                   ) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\AdbeRdr920_de_DE.exe
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.12.02 12:07:48 | 00,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Microsoft Word.lnk
[2009.12.02 07:50:11 | 00,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Microsoft Excel.lnk
[2009.12.01 11:41:21 | 00,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Verknüpfung mit HJT.exe.lnk
[2009.12.01 08:52:29 | 00,292,352 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\d7h2wl1k.exe
[2009.12.01 08:13:49 | 00,001,619 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.11.30 14:35:51 | 00,177,432 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\activescan2_de.exe
[2009.11.30 09:39:15 | 00,358,622 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.27 14:07:02 | 00,131,752 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\cc_20091127_140604.reg
[2009.11.27 13:34:23 | 03,326,576 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\ccsetup226.exe
[2009.11.27 13:12:48 | 00,226,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\cfax_nt.exe
[2009.11.27 08:29:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.11.25 17:18:06 | 00,001,859 | ---- | M] () -- C:\WINDOWS\aopr.ini
[2009.11.11 10:48:53 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2009.12.10 09:00:30 | 00,147,682 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Urlaubsschein2009.pdf
[2009.12.10 08:59:05 | 00,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2009.12.10 08:42:34 | 02,073,734 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\pdfeditor_26.exe
[2009.12.09 14:17:02 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009.12.07 07:04:36 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009.12.07 07:04:36 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009.12.07 07:04:36 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009.12.04 11:03:22 | 00,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2009.12.01 11:41:21 | 00,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Verknüpfung mit HJT.exe.lnk
[2009.12.01 08:52:26 | 00,292,352 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\d7h2wl1k.exe
[2009.11.30 14:35:40 | 00,177,432 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\activescan2_de.exe
[2009.11.27 14:06:46 | 00,131,752 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\cc_20091127_140604.reg
[2009.11.25 12:45:07 | 00,001,859 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2009.05.12 07:55:33 | 00,001,036 | ---- | C] () -- C:\WINDOWS\vde701.ini
[2009.04.28 15:08:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009.04.28 13:21:53 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008.12.19 10:02:21 | 00,000,262 | ---- | C] () -- C:\WINDOWS\linss.ini
[2007.11.06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.05.29 13:44:19 | 00,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.11.27 10:35:18 | 00,000,041 | ---- | C] () -- C:\WINDOWS\pos.ini
[2006.11.27 09:56:45 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2006.11.14 08:52:35 | 00,000,073 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006.11.14 08:50:34 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\HDKLNG32.dll
[2006.11.14 08:38:51 | 00,000,025 | ---- | C] () -- C:\WINDOWS\TempLang.ini
[2006.11.01 14:22:47 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.18 08:47:45 | 00,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2006.10.18 06:18:27 | 00,000,377 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5.INI
[2006.10.18 06:15:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.10.18 06:11:51 | 00,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.06.07 09:55:50 | 00,000,136 | ---- | C] () -- C:\WINDOWS\uni.ini
[2006.05.03 06:22:00 | 00,308,224 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006.05.03 06:22:00 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006.05.02 12:57:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\WinPaula.ini
[2006.05.02 12:57:47 | 00,000,049 | ---- | C] () -- C:\WINDOWS\paula.ini
[2006.03.20 11:27:10 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDELQ5902090E.ini
[2006.02.21 14:16:24 | 00,000,672 | ---- | C] () -- C:\WINDOWS\3dtrack.INI
[2006.02.21 11:53:14 | 00,002,819 | ---- | C] () -- C:\WINDOWS\track.INI
[2006.02.01 15:37:47 | 00,000,223 | ---- | C] () -- C:\WINDOWS\KcMV3DGD.ini
[2006.01.31 14:43:12 | 00,000,579 | ---- | C] () -- C:\WINDOWS\PCRAIL.INI
[2006.01.31 14:20:41 | 00,000,045 | ---- | C] () -- C:\WINDOWS\FLPlan.INI
[2006.01.05 07:24:11 | 00,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll
[2006.01.05 07:24:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll
[2006.01.05 07:24:11 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\AuerUsbJNINative.dll
[2005.11.17 20:15:22 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005.10.25 05:32:09 | 00,000,205 | ---- | C] () -- C:\WINDOWS\bustout.ini
[2005.09.06 05:36:18 | 00,000,047 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2005.08.30 10:18:47 | 00,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005.08.30 10:16:43 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2005.08.30 06:47:11 | 00,076,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2005.07.28 12:59:55 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\whfcmon.dll
[2005.07.27 12:05:35 | 00,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\AlbumCoverFinder Prefs.txt
[2005.07.22 06:08:57 | 00,047,910 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2005.07.14 09:31:35 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2005.07.12 14:37:16 | 00,000,271 | ---- | C] () -- C:\WINDOWS\GaebWriter.INI
[2005.07.05 09:01:52 | 00,000,193 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2005.06.30 13:47:16 | 00,000,291 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2005.05.19 13:05:27 | 00,000,033 | ---- | C] () -- C:\WINDOWS\eroart.ini
[2005.05.04 14:43:30 | 00,000,248 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2005.05.04 12:55:55 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.01.31 07:48:37 | 00,022,992 | ---- | C] () -- C:\WINDOWS\System32\CFAXMON.DLL
[2005.01.26 15:53:30 | 00,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2005.01.25 14:55:26 | 00,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2005.01.25 10:20:26 | 00,217,088 | R--- | C] () -- C:\WINDOWS\rdmwin32a.dll
[2005.01.25 10:00:03 | 00,018,597 | ---- | C] () -- C:\WINDOWS\Cstasp.ini
[2005.01.25 07:42:45 | 00,021,729 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Tabulatorgetrennte Werte (DOS).ADR
[2005.01.25 07:38:23 | 00,021,733 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR
[2005.01.25 07:00:58 | 00,037,206 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Microsoft Excel.ADR
[2005.01.24 10:32:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini
[2005.01.24 10:05:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MG.INI
[2005.01.24 09:29:20 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.01.20 11:50:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.01.20 11:28:31 | 00,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\sversion.ini
[2005.01.20 10:23:26 | 00,190,464 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.19 07:33:02 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005.01.19 07:28:13 | 00,001,296 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.01.19 07:14:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\capi2032.dll
[2005.01.19 06:52:31 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005.01.19 06:52:30 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005.01.19 06:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005.01.19 06:52:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005.01.19 06:52:25 | 00,116,930 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2005.01.19 06:52:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005.01.19 06:51:46 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005.01.19 06:51:46 | 00,002,598 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2002.02.27 08:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002.02.27 08:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002.02.27 08:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000.10.16 18:16:38 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 18:16:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000.03.29 22:00:00 | 00,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.10.23 18:29:44 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999.08.11 15:28:02 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.05.21 21:10:00 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999.04.11 21:54:20 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1999.01.26 22:00:00 | 00,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1998.01.28 00:06:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
< End of report >

und hier die Extras.txt

Code

OTL Extras logfile created on: 10.12.2009 10:37:37 - Run 2
OTL by OldTimer - Version 3.1.11.9     Folder = C:\Dokumente und Einstellungen\USER\Desktop\Antiviren-Programme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 102,16 Mb Available Physical Memory | 19,97% Memory free
1,22 Gb Paging File | 0,55 Gb Available in Paging File | 44,93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,21 Gb Total Space | 12,71 Gb Free Space | 33,28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 38,12 Gb Total Space | 37,96 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 460,84 Gb Total Space | 348,77 Gb Free Space | 75,68% Space Free | Partition Type: NTFS
 
Computer Name: MEIER
Current User Name: USER
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\Programme\Alcatel_PIMphony\aocWiz.exe" = C:\Programme\Alcatel_PIMphony\aocWiz.exe:*:Enabled:PIMphony configuration. -- (Alcatel)
"C:\Programme\ALCATEL\PM5\R110_13.3\bin\pm5.exe" = C:\Programme\ALCATEL\PM5\R110_13.3\bin\pm5.exe:*:Enabled:Configuration program for Alcatel Alisé PBX systems -- ()
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server for Win32 -- (RealVNC Ltd.)
"C:\Programme\Alcatel_PIMphony\aoconfig.exe" = C:\Programme\Alcatel_PIMphony\aoconfig.exe:*:Enabled:PIMphony configuration. -- (Alcatel)
"C:\Programme\SlimBrowser\sbrowser.exe" = C:\Programme\SlimBrowser\sbrowser.exe:*:Disabled:FlashPeak SlimBrowser -- (FlashPeak, Inc.)
"C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\SoundControl\SoundControl.exe" = C:\Programme\SoundControl\SoundControl.exe:*:Disabled:SoundControl -- ()
"C:\Programme\SoundControl\Jukebox.exe" = C:\Programme\SoundControl\Jukebox.exe:*:Disabled:Jukebox -- ()
"C:\Programme\Network Print Monitor\KMNV.exe" = C:\Programme\Network Print Monitor\KMNV.exe:*:Enabled:Network Print Monitor -- (KYOCERA MITA Corporation)
"C:\Programme\Java\jre1.5.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_07\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\MAGIX\Music_Manager\MusicManager.exe" = C:\MAGIX\Music_Manager\MusicManager.exe:*:Enabled:MAGIX Music Manager 2005 -- (MAGIX)
"C:\Programme\LINSS-Scan\SCAN.exe" = C:\Programme\LINSS-Scan\SCAN.exe:*:Enabled:Linss Scanmodul für Formula Barcode-Scanner -- (Walter Linss Nachf. GmbH)
"C:\Programme\Auerswald\JRE 1.4.2\bin\rmid.exe" = C:\Programme\Auerswald\JRE 1.4.2\bin\rmid.exe:*:Enabled:rmid -- File not found
"C:\Programme\JAlbum 6.5\JAlbumWin.exe" = C:\Programme\JAlbum 6.5\JAlbumWin.exe:*:Enabled:JAlbumWin -- ()
"C:\Programme\Active Network Monitor\ActiveNetworkMonitor.exe" = C:\Programme\Active Network Monitor\ActiveNetworkMonitor.exe:*:Enabled:Active Network Monitor -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00030407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{13063FAD-1E42-4C8C-A68E-079A1625CEDE}" = SoundControl 2.5b
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{2602CC0D-53DA-48BD-849D-E4C1E698AE83}" = Network Print Monitor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2
"{59AA0CBF-8B73-4FC7-A856-4746285A94A4}" = DSLCOMP EVN Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{8FB1A5EA-7DA8-4D57-80FB-BD923CCCC852}" = OpenOffice.org 2.1
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D58AEE39-6F42-4285-9F29-AAC8B53827EF}" = WALTER LINSS Nachf. GmbH
"{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}" = F-PROT Antivirus Updater Fix
"7-Zip" = 7-Zip 4.42
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Image Viewer Plugin" = Adobe Image Viewer Plugin 4.0
"Alcatel PIMphony" = Alcatel PIMphony 4.0 (Build 151)
"Audiograbber" = Audiograbber 1.83 SE 
"Auerswald UNI TSP Treiber" = Auerswald UNI TSP Treiber
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"C-Media Audio" = C-Media 3D Audio
"ConTEXTEditor_is1" = ConTEXT
"Corel Uninstaller" = Corel Uninstaller
"CorelDRAW 10_TV" = CorelDRAW 10_TV
"EasyGen" = EasyGen
"EDV-Lexikon_is1" = EDV-Lexikon Version 2005.0824
"ERUNT_is1" = ERUNT 1.1j
"Ethereal" = Ethereal 0.99.0
"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GaebWriter" = GaebWriter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{2602CC0D-53DA-48BD-849D-E4C1E698AE83}" = Network Print Monitor
"IrfanView" = IrfanView (remove only)
"JAlbum" = JAlbum
"JAlbum_0" = JAlbum 6.5
"Klick-Thumbnails Xpress_is1" = Klick Thumbnails Xpress 2.0
"LANconfig" = LANconfig
"LANmonitor" = LANmonitor/WLANmonitor
"LINSS Scanmodul_is1" = LINSS Scanmodul 1.0
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Fotos auf CD & DVD 4.5" = MAGIX Fotos auf CD & DVD 4.5
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX Music Manager" = MAGIX Music Manager
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"map&guide 9 " = map&guide 9 
"map&guide 9 Karte Deutschland City" = map&guide 9 Karte Deutschland City
"map&guide 9 Karte Mitteleuropa City" = map&guide 9 Karte Mitteleuropa City
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nemo's Aquarium 3D_is1" = Nemo's Aquarium 3D
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NMIX!UninstallKey" = NeroMIX
"Paula" = Paula für Windows
"PDF Editor 2" = PDF Editor 2
"PhotoFiltre" = PhotoFiltre
"PM5 R110 13.3" = Alcatel PM5 R110 13.3
"PowerArchiver" = PowerArchiver
"RealVNC_is1" = VNC 4.0
"san_std_2002" = SiSoftware Sandra 2002 Standard
"ShockwaveFlash" = Macromedia Flash Player 8
"SlimBrowser" = SlimBrowser (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST5UNST #1" = DATANORM Datenverwaltung
"ST6UNST #1" = COM1-Zugriff
"terrender_is1" = TerRender version 4.3
"TextPad 4" = TextPad 4
"TrueImage" = AcronisTrueImage
"Tweak UI 2.10" = Tweak UI
"WHFC" = Uninstall WHFC
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLabel" = Avery Zweckform WinLabel 3.0
"WinPcapInst" = WinPcap 4.0.2
"Xerox DocuPrint C15-C11" = Xerox DocuPrint C15-C11
"XnView_is1" = XnView 1.82.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:03 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 04:36:50 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x026c73de.
 
Error - 04.12.2009 05:40:51 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x025c73de.
 
Error - 04.12.2009 05:43:17 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\programme\adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 05:43:17 | Computer Name = MEIER | Source = F-PROT Antivirus | ID = 4096
Description = Failed to quarantine file C:\Programme\Adobe\acrotray.exe  For more 
information please visit http://www.f-prot.com/support/index.html
 
Error - 04.12.2009 06:05:57 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000001.
 
Error - 04.12.2009 06:15:12 | Computer Name = MEIER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x027273de.
 
[ System Events ]
Error - 09.12.2009 09:12:29 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 09:14:29 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 09:16:29 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 09:18:29 | Computer Name = MEIER | Source = DCOM | ID = 10010
Description = Der Server "{F3A614DC-ABE0-11D2-A441-00C04F795683}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 09.12.2009 10:21:13 | Computer Name = MEIER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UDNT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 10.12.2009 01:47:18 | Computer Name = MEIER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UDNT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 10.12.2009 02:08:33 | Computer Name = MEIER | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Defender" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 10.12.2009 02:08:33 | Computer Name = MEIER | Source = Service Control Manager | ID = 7031
Description = Der Dienst "F-PROT Antivirus for Windows system" wurde unerwartet 
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden 
in 3600 Millisekunden durchgeführt: Führen Sie das konfigurierte Wiederherstellungspr.
 
Error - 10.12.2009 02:08:33 | Computer Name = MEIER | Source = Service Control Manager | ID = 7034
Description = Dienst "VNC Server Version 4" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 10.12.2009 02:24:25 | Computer Name = MEIER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UDNT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
 
< End of report >

#23 Rootkitscan mit F-Secure Blacklight

Lade dir F-Secure Blacklight herunter
• Installiere es in C:\Programme\Blacklight
• Trenne dich von Netz(W-Lan nicht vergessen)
• Deaktiviere alle laufenden Virenscanner etc
• Schließe alle offenen Programme und starte es durch klick auf die fsbl.exe
• Klicke auf i accept the agreement-->Next-->Scan
• nach dem Scan klicke auf Close
• Die Logfile fsbl.xxx.log wird unter dem Blacklight Verzeichnis gespeichert
• Bitte posten
AntiVir Programme einschalten nicht vergessen bevor du ins Netz gehst

>>>
Grundreinigung mit SUPERAntiSpyware
• Bitte lade Dir SUPERAntiSpyware FREE Edition von SUPERAntiSpyware Website herunter.
• Eine bebilderte Anleitung findest Du hier.
• Installiere das Programm.
• Überzeuge Dich davon, dass alle Anwendungen und Dein Webbrowser geschlossen sind.
• Klicke auf den 'Check for Updates'-Button.
• Wenn das Update beendet ist, schließe SUPERAntiSpyware.
• Lasse den Scan noch NICHT laufen!
• Öffne SUPERAntiSpyware und klicke auf den 'Scan your Computer'-Button.
• Setze ein Häkchen bei 'Perform Complete Scan', klicke nun auf "Weiter".
• Achte unbedingt darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf "Weiter".
• Klicke auf 'Finish', das bringt Dich wieder ins Hauptfenster.
• Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
• Um das Logfile zu erhalten, musst du erst auf 'Preferences' und dann auf den 'Statistics/Logs'-Button klicken.
• Klicke auf das datierte Logfile, drücke auf 'View Log'. Nun erscheint ein Textfenster.
• Bitte kopiere diesen Bericht hier in den Thread.

#24 so hier der log von blacklight:

Code

12/10/09 12:31:55 [Info]: BlackLight Engine 1.0.67 initialized
12/10/09 12:31:55 [Info]: OS: 5.1 build 2600 (Service Pack 3)
12/10/09 12:31:56 [Note]: 7019 4
12/10/09 12:31:56 [Note]: 7005 0
12/10/09 12:31:59 [Note]: 7006 0
12/10/09 12:31:59 [Note]: 7011 1840
12/10/09 12:31:59 [Note]: 7026 0
12/10/09 12:32:00 [Note]: 7026 0
12/10/09 12:32:04 [Note]: FSRAW library version 1.7.1024
12/10/09 12:58:13 [Note]: 7007 0

und hier der log vom superantispyware scan:

Code

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2009 at 02:06 PM

Application Version : 4.31.1000

Core Rules Database Version : 4354
Trace Rules Database Version: 2201

Scan type       : Complete Scan
Total Scan Time : 00:59:15

Memory items scanned      : 510
Memory threats detected   : 0
Registry items scanned    : 6019
Registry threats detected : 0
File items scanned        : 22879
File threats detected     : 10

Adware.Tracking Cookie
    C:\Dokumente und Einstellungen\USER\Cookies\user@adtech[1].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@ad.yieldmanager[3].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@ad.wsod[2].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@msnportal.112.2o7[1].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@ad.yieldmanager[1].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@content.yieldmanager[3].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@apmebf[2].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@content.yieldmanager[2].txt
    C:\Dokumente und Einstellungen\USER\Cookies\user@serving-sys[2].txt

Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D3DAB44F-7C7C-461A-92AF-E40D0B725D1C}\RP856\A0093579.SCR

#25 >>>
Update Malwarebytes und scanne erneut.

>>>
Download OTM.exe zum Desktop
Oeffne:OTM.exe
(Vista benutzer, rechtsklick auf OTM.exe und waehle "Run as Administrator")

OTM auf dem Desktop speichern

OTM.exe klicken

1. klicken: CleanUp! button

2. cleanup.txt wird vom Internet geladen (von Firewall zulassen!)

3. Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes

so wird von OTM automatisch alles an Tools entfernt, die zur Virenreinigung geladen wurden

>>
Systemwiederherstellung deaktivieren (XP):
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann das Häkchen wieder rausnehmen. (also wieder aktivieren)

>>
Noch Fragen und Probleme?

#26 Also lieber Swissi (-:

Vielen vielen Dank, dass du mir so beigestanden hast. Ich denke, der PC ist bereinigt.

bisher keine Probleme.Der Taskmanager ist clean, viele Prozesse sind weg.

Auslastung ist minimal. Der PC läuft wieder normal schnell (-:

Ich würd dir gern ein Bier ausgeben für deine Mühen (-:


Vielen Vielen Dank.

Super Forum, Super Moderatoren, werde ich in jedem Fall weiter empfehlen (-:

MfG Christoph

#27 Ist doch gern geschehen

Noch ein kleiner Zustatz: Mach Dir einmal Gedanken über einen weiteren RAM Riegel Ist vielleicht ein wenig knapp.

Dir frohe Adventszeit und happy Surfing :O)

#28 ja, da haste recht, ich werde mal drüber nachdenken und mitm chef konferieren (-:

danke nochmal (-: