Radix ---> IRP hooks-Prüfung ---> Fund(?) ----> Bluescreen

#0
08.03.2010, 00:38
...neu hier

Beiträge: 9
#1 Hallo,
eben habe ich Radix Anti-Rootkit (v 1.0.0.9), von meinem USB-Stick aus, ausgeführt. Bis zum Punkt ISP-Hook alles ohne Ergebnis. Dort wird dann allerdings etwas angezeigt (siehe Screenshots). Kurz darauf erscheint der Bluescreen und das Notebook rebootet. Der Bluescreen und die Zeilen "was hooked by" und "is hidden" machen mir Sorgen ^^, allerdings weiß ich nicht wirklich wie die Situation zu bewerten ist und hoffe Eure Hilfe. Die Datei nach "was hooked by" scheint bei jedem Scan eine andere zu sein, deswegen lade ich 2 Screenshots hoch.

Nutze Windows XP 32 Bit (SP 3), Avira Antivir Premium (findet beim Systemscan Nichts, bei Heuristik auf "hoch"). Ich habe normalerweise keine Bluescreens und auch keine offensichtlichen "Malware-Probleme".

freundliche Grüße

Yann

[URL=http://img502.imageshack.us/i/snap0037.jpg/][/URL]

Anhang: snap0040.jpg
Seitenanfang Seitenende
08.03.2010, 00:56
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.


Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.


Schritt 3

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
08.03.2010, 21:49
...neu hier

Themenstarter

Beiträge: 9
#3 Danke für den Hinweis! Hier also schonmal das Logfile von Gmer. Ich bin übrigens vor ca einem Monat von KIS auf Antivir Premium gewechselt (falls das eine Rolle spielt).


Code

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 21:42:01
Windows 5.1.2600 Service Pack 3
Running: ihe9vnt9.exe; Driver: C:\DOKUME~1\Yann\LOKALE~1\Temp\uxtdrpob.sys


---- System - GMER 1.0.15 ----

SSDT            F222B21E                                                                                                             ZwCreateKey
SSDT            F222B214                                                                                                             ZwCreateThread
SSDT            F222B223                                                                                                             ZwDeleteKey
SSDT            F222B22D                                                                                                             ZwDeleteValueKey
SSDT            spqb.sys                                                                                                             ZwEnumerateKey [0xF72BBCA2]
SSDT            spqb.sys                                                                                                             ZwEnumerateValueKey [0xF72BC030]
SSDT            F222B232                                                                                                             ZwLoadKey
SSDT            spqb.sys                                                                                                             ZwOpenKey [0xF729E0C0]
SSDT            F222B200                                                                                                             ZwOpenProcess
SSDT            F222B205                                                                                                             ZwOpenThread
SSDT            spqb.sys                                                                                                             ZwQueryKey [0xF72BC108]
SSDT            spqb.sys                                                                                                             ZwQueryValueKey [0xF72BBF88]
SSDT            F222B23C                                                                                                             ZwReplaceKey
SSDT            F222B237                                                                                                             ZwRestoreKey
SSDT            F222B228                                                                                                             ZwSetValueKey
SSDT            F222B20F                                                                                                             ZwTerminateProcess

INT 0x62        ?                                                                                                                    86F69BF8
INT 0x63        ?                                                                                                                    86FD6BF8
INT 0x82        ?                                                                                                                    86F69BF8
INT 0x83        ?                                                                                                                    86F6CBF8
INT 0x83        ?                                                                                                                    86FD6BF8
INT 0x83        ?                                                                                                                    86F6CBF8
INT 0xB4        ?                                                                                                                    86FD6BF8

Code            85837BAC                                                                                                             ZwRequestPort
Code            85837C4C                                                                                                             ZwRequestWaitReplyPort
Code            85837B0C                                                                                                             ZwTraceEvent
Code            85837BAB                                                                                                             NtRequestPort
Code            85837C4B                                                                                                             NtRequestWaitReplyPort
Code            85837B0B                                                                                                             NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!NtTraceEvent                                                                                            80531840 5 Bytes  JMP 85837B10
PAGE            ntkrnlpa.exe!NtRequestPort                                                                                           80597DE2 5 Bytes  JMP 85837BB0
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort                                                                                  8059810E 5 Bytes  JMP 85837C50
?               spqb.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                F64228AC 5 Bytes  JMP 86FD61D8
.text           ahn8hb8w.SYS                                                                                                         F602D384 1 Byte  [20]
.text           ahn8hb8w.SYS                                                                                                         F602D384 37 Bytes  [20, 00, 00, 68, 00, 00, 00, ...]
.text           ahn8hb8w.SYS                                                                                                         F602D3AA 24 Bytes  [00, 00, 20, 00, 00, E0, 00, ...]
.text           ahn8hb8w.SYS                                                                                                         F602D3C4 3 Bytes  [00, 00, 00]
.text           ahn8hb8w.SYS                                                                                                         F602D3C9 1 Byte  [00]
.text           ...                                                                                                                  
.text           win32k.sys!EngAcquireSemaphore + 20E2                                                                                BF8082E1 5 Bytes  JMP 858374D0
.text           win32k.sys!EngFreeUserMem + 5BD2                                                                                     BF80EE68 5 Bytes  JMP 85837430
.text           win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E                                                                             BF81E77A 5 Bytes  JMP 858379D0
.text           win32k.sys!EngSetLastError + 768F                                                                                    BF8286CB 5 Bytes  JMP 85837610
.text           win32k.sys!EngCreateBitmap + DDB2                                                                                    BF845CCB 5 Bytes  JMP 858376B0
.text           win32k.sys!EngMultiByteToWideChar + 2F32                                                                             BF852C47 5 Bytes  JMP 85837890
.text           win32k.sys!XLATEOBJ_iXlate + 3A50                                                                                    BF86368D 5 Bytes  JMP 85837570
.text           win32k.sys!FONTOBJ_pxoGetXform + CC3E                                                                                BF8C31D6 5 Bytes  JMP 85837750
.text           win32k.sys!PATHOBJ_vGetBounds + 74EE                                                                                 BF8F00FB 5 Bytes  JMP 85837930
.text           win32k.sys!EngCreateClip + 19C1                                                                                      BF91313E 5 Bytes  JMP 85837A70
.text           win32k.sys!EngCreateClip + 2597                                                                                      BF913D14 5 Bytes  JMP 858377F0

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\a-squared Free\a2service.exe[904] kernel32.dll!CreateThread + 1A                                        7C8106F1 4 Bytes  CALL 0045495D C:\Programme\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F729F040] spqb.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F729F13C] spqb.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F729F0BE] spqb.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F729F7FC] spqb.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F729F6D2] spqb.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F72AED92] spqb.sys
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!KfAcquireSpinLock]                                                 000000AD
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!READ_PORT_UCHAR]                                                   000000D4
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!KeGetCurrentIrql]                                                  000000A2
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!KfRaiseIrql]                                                       000000AF
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!KfLowerIrql]                                                       0000009C
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!HalGetInterruptVector]                                             000000A4
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!HalTranslateBusAddress]                                            00000072
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!KeStallExecutionProcessor]                                         000000C0
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!KfReleaseSpinLock]                                                 000000B7
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                           000000FD
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!READ_PORT_USHORT]                                                  00000093
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          00000026
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  00000036
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[WMILIB.SYS!WmiSystemControl]                                               000000F7
IAT             \SystemRoot\System32\Drivers\ahn8hb8w.SYS[WMILIB.SYS!WmiCompleteRequest]                                             000000CC
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                              [B1B9F820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                              [B1B9F820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\tcpip6.sys[TDI.SYS!TdiRegisterDeviceObject]                                             [B1B9F820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject]                                           [B1B9F820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject]                                            [B1B9F820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject]                                           [B1B9F820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               86FD51F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     86F671F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            86FD91F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              86FD91F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                 86FD91F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                86FD91F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     86F671F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     86F671F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                     86FD71F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     86F671F8
Device          \Driver\sptd \Device\3071533650                                                                                      spqb.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               86F6A1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                         86FD81F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                         86FD81F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F71F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [F71F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   [F71F1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\PCI_PNP3650 \Device\00000066                                                                                 spqb.sys
Device          \Driver\NetBT \Device\NetBT_Tcpip_{22BC2BCD-6706-4035-B2A4-F1F3353A99FC}                                             86914500
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86914500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     86914500

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     86F671F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     86F671F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    868F3500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                     86F671F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          868F3500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     86F671F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                     86FD71F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                     86F6A1F8
Device          \Driver\ahn8hb8w \Device\Scsi\ahn8hb8w1                                                                              86C6A1F8
Device          \Driver\ahn8hb8w \Device\Scsi\ahn8hb8w1                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\viamraid \Device\Scsi\viamraid1                                                                              86F681F8
Device          \Driver\viamraid \Device\Scsi\viamraid1                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\ahn8hb8w \Device\Scsi\ahn8hb8w1Port3Path0Target0Lun0                                                         86C6A1F8
Device          \Driver\ahn8hb8w \Device\Scsi\ahn8hb8w1Port3Path0Target0Lun0                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0                                                         86F681F8
Device          \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\Cdfs \Cdfs                                                                                               86933500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x2F 0x23 0x44 0x47 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x2A 0x3E 0x33 0x24 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x5D 0x61 0x8D 0xE9 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x2F 0x23 0x44 0x47 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x2A 0x3E 0x33 0x24 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x5D 0x61 0x8D 0xE9 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION                                 A306CFCD8163FE7823A40C8381D445EF0B878EF991E9FEBC9E127BE..

---- EOF - GMER 1.0.15 ----



Und hier die beiden Logfiles von OTL


Code

 OTL Extras logfile created on: 08.03.2010 22:00:57 - Run 1
OTL by OldTimer - Version 3.1.35.0     Folder = C:\Dokumente und Einstellungen\Yann\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 538,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 1,47 Gb Free Space | 1,58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMILO
Current User Name: Yann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Programme\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- File not found
"C:\Programme\EA Games\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA Games\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde -- File not found
"C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\KartRider\NMService.exe" = C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"C:\Dokumente und Einstellungen\Yann\Desktop\pes2009.exe" = C:\Dokumente und Einstellungen\Yann\Desktop\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"C:\Programme\PPMate\ppmate.exe" = C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"C:\Programme\PPMate\ppmnet.exe" = C:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
"C:\Programme\PPMate\ppamnet.exe" = C:\Programme\PPMate\ppamnet.exe:*:Enabled:PPMate -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Sports Interactive\Football Manager 2009\fm.exe" = C:\Programme\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- File not found
"C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{489C4FA2-F9C9-4FD4-BC9D-945218FFC6CD}" = ATI Catalyst Control Center
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{877B1935-A6D0-4D80-AB26-652ABDC9DA7D}" = Steganos Live Encryption Engine 13
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48346D4-3903-4949-9939-3FE60E47F48C}" = iAUDIO LDB Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"{F6C4EE06-DA6D-45DC-A129-04166F5FF238}" = PC VGA Camera
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"All ATI Software" = ATI - Software Uninstall Utility
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EncSpot Basic_is1" = EncSpot Basic 2.0
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Firebird SQL Server D" = Firebird SQL Server (D)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallShield_{F6C4EE06-DA6D-45DC-A129-04166F5FF238}" = PC VGA Camera
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS)
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"MediaInfo" = MediaInfo 0.7.8
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.2)" = Mozilla Thunderbird (3.0.2)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"OpenAL" = OpenAL
"Sandboxie" = Sandboxie 3.42
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Soldat_is1" = Soldat 1.3.1
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TrueCrypt" = TrueCrypt
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.8.2
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 27.12.2009 12:29:40 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 15:16:27 | Computer Name = AMILO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung.  .

Error - 02.01.2010 15:16:28 | Computer Name = AMILO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung.  .

Error - 02.01.2010 22:10:46 | Computer Name = AMILO | Source = O&O Defrag | ID = 131083
Description = Waehrend der STEALTH-Defragmentierung von Laufwerk E: (NTFS) ist ein
Fehler aufgetreten: 0xC000000E

Error - 18.01.2010 17:02:04 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung javaw.exe, Version 6.0.170.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 01.02.2010 11:32:41 | Computer Name = AMILO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 03.02.2010 18:05:38 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.3.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.02.2010 18:09:12 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.3.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.02.2010 18:11:05 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.3.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 11.02.2010 14:02:07 | Computer Name = AMILO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x046b5152.

[ System Events ]
Error - 07.03.2010 19:21:03 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2

Error - 08.03.2010 12:46:20 | Computer Name = AMILO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet:   %%3

Error - 08.03.2010 12:46:22 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2

Error - 08.03.2010 12:48:36 | Computer Name = AMILO | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter f6fcc97e,
3. Parameter aae3aa04, 4. Parameter 00000000.

Error - 08.03.2010 12:49:17 | Computer Name = AMILO | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter f6fcc97e,
3. Parameter a8dd0a04, 4. Parameter 00000000.

Error - 08.03.2010 12:49:21 | Computer Name = AMILO | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter f6fcc97e,
3. Parameter ac6fea04, 4. Parameter 00000000.

Error - 08.03.2010 12:49:28 | Computer Name = AMILO | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter f6fcc97e,
3. Parameter aa05ea04, 4. Parameter 00000000.

Error - 08.03.2010 12:50:10 | Computer Name = AMILO | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter f6fcc97e,
3. Parameter f55aca04, 4. Parameter 00000000.

Error - 08.03.2010 16:54:40 | Computer Name = AMILO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet:   %%3

Error - 08.03.2010 16:54:47 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2


< End of report >




Code

 OTL logfile created on: 08.03.2010 22:00:57 - Run 1
OTL by OldTimer - Version 3.1.35.0     Folder = C:\Dokumente und Einstellungen\Yann\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 538,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 1,47 Gb Free Space | 1,58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMILO
Current User Name: Yann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (gusvc) --  File not found
SRV - (Automatisches LiveUpdate - Scheduler) --  File not found
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
SRV - (a2free) -- C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (PAC7311) -- C:\WINDOWS\system32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (SLEE_13_DRIVER) -- C:\WINDOWS\system32\drivers\slee13.sys ()
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.13 19:33:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.23 18:32:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.02.28 14:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.01.22 23:34:54 | 000,000,000 | ---D | M]

[2010.01.17 20:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Extensions
[2010.01.17 20:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.07 19:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions
[2010.02.11 13:48:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009.06.25 20:49:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.02 20:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\firefox@tvunetworks.com
[2010.03.07 19:36:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.05.31 17:28:48 | 000,249,856 | ---- | M] (Icenet LLC) -- C:\Programme\Mozilla Firefox\plugins\npalnn.dll
[2010.01.23 18:31:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.23 18:31:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.23 18:31:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.23 18:31:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.23 18:31:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.02.07 12:37:59 | 000,293,764 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 127.0.0.1    163ns.com
O1 - Hosts: 10112 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher 2.lnk = C:\Programme\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161818853750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab (DeskUpdate - Activex Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Eigene Bilder\3d shapes.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Eigene Bilder\3d shapes.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.26 17:54:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0847d35c-8d02-11db-9630-0013cef1ea2c}\Shell\AutoRun\command - "" = E:\starter.exe -- File not found
O33 - MountPoints2\{8b01280e-9bcb-11de-9c33-0013cef1ea2c}\Shell\AutoRun\command - "" = Fotos\nach riga\P1010169.JPG
O33 - MountPoints2\{a0385160-e81b-11de-9cc2-0013cef1ea2c}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.08 21:57:05 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe
[2010.03.05 15:56:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.21 20:03:08 | 000,000,000 | ---D | C] -- C:\Programme\gs
[2010.02.20 19:57:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.02.18 22:35:17 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL
[2010.02.18 22:35:16 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.02.18 22:35:16 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.02.18 22:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Futuremark Shared
[2010.02.18 22:30:37 | 000,000,000 | ---D | C] -- C:\Programme\Futuremark
[2010.02.16 20:51:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\TVU Networks
[2010.02.13 21:50:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Desktop\gouranga
[2010.02.12 22:58:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\JoWooD
[2010.02.12 22:57:23 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD
[2010.02.12 20:09:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Avira
[2010.02.12 19:51:28 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.02.12 19:51:28 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.02.12 19:51:28 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.02.12 19:51:28 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.02.12 19:51:23 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.02.12 19:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.02.11 17:43:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2010.02.10 19:46:01 | 000,677,632 | ---- | C] (ATI Technologies Inc.) -- C:\Dokumente und Einstellungen\Yann\Desktop\atimcatw.exe
[2009.05.05 19:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.05.05 19:57:24 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2006.06.26 17:57:46 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2006.06.26 17:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[56 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.08 21:57:53 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.08 21:57:06 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe
[2010.03.08 21:54:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.08 21:54:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.08 21:54:05 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.08 21:53:58 | 000,726,237 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010.03.08 21:52:39 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Yann\ntuser.ini
[2010.03.08 21:52:38 | 012,582,912 | -H-- | M] () -- C:\Dokumente und Einstellungen\Yann\NTUSER.DAT
[2010.03.08 17:56:23 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\ihe9vnt9.exe
[2010.03.07 18:15:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.05 11:03:50 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010.03.02 01:27:03 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.28 17:14:47 | 000,303,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\2008_0104Eintracht-Training0113.JPG
[2010.02.28 17:09:18 | 000,067,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\berryyann.jpg
[2010.02.25 16:08:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.18 22:54:06 | 000,029,149 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\3dmark06.3dr
[2010.02.18 22:35:17 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.02.18 22:35:16 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.02.14 04:28:22 | 001,576,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.02.12 19:57:16 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.02.12 11:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.11 22:40:42 | 000,001,610 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010.02.10 19:46:03 | 000,677,632 | ---- | M] (ATI Technologies Inc.) -- C:\Dokumente und Einstellungen\Yann\Desktop\atimcatw.exe
[56 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.08 17:56:23 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\ihe9vnt9.exe
[2010.02.28 17:13:53 | 000,303,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\2008_0104Eintracht-Training0113.JPG
[2010.02.28 17:09:18 | 000,067,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\berryyann.jpg
[2010.02.18 22:54:05 | 000,029,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\3dmark06.3dr
[2010.01.23 18:58:17 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2009.12.12 23:28:59 | 000,001,610 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009.12.03 22:09:11 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.05.23 21:54:57 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\$_hpcst$.hpc
[2009.01.26 22:46:43 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.01.12 21:48:30 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.01.12 21:48:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.01.12 21:48:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.01.12 21:48:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008.07.17 21:55:58 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.04.03 22:27:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.01.06 01:10:32 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.08.09 10:03:57 | 000,000,052 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2007.05.15 19:02:38 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.03.30 14:59:48 | 000,042,771 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007.03.26 12:06:02 | 000,000,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\wklnhst.dat
[2007.02.20 22:21:36 | 000,000,350 | ---- | C] () -- C:\WINDOWS\snapsaver-Yann.ini
[2007.01.27 15:38:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.04 00:20:19 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2006.10.29 14:39:48 | 000,030,720 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.26 00:18:43 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.25 14:21:44 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.06.26 19:05:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.06.26 18:51:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.26 18:48:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.06.26 18:48:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.06.26 18:48:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.06.26 18:48:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.06.26 18:48:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.06.26 18:48:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.06.26 18:48:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.06.26 18:48:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.06.26 18:48:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.06.26 18:47:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.06.26 18:44:42 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.06.26 18:44:01 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.06.26 17:58:48 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.06.26 17:50:25 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.06.26 09:35:22 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.06.26 09:30:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006.01.31 10:18:32 | 000,068,832 | ---- | C] () -- C:\WINDOWS\Slee13x64.sys
[2005.10.04 17:42:36 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\slee13.sys
[2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >



Würde mich über Einschätzungen freuen.
Dieser Beitrag wurde am 08.03.2010 um 22:20 Uhr von CottonEyejoe editiert.
Seitenanfang Seitenende
08.03.2010, 23:04
Moderator

Beiträge: 5694
#4 Schritt 1

Das hier wird ein grosses Problem sein:

Zitat

1,47 Gb Free Space | 1,58% Space Free
Schau dass Du möglichst viel Platz freischaufeln kannst auf dr Partition C:/ Du hast eine sehr kleine Festplatte. Aufrüsten ein Thema?
Also deinstalliere die Programme welche nicht wirklich benötigt werden.

Z.b. das hier. Benötigst Du es noch?? Gehe nicht davon aus. Also weg damit unter Start --> Systemsteuerung --> Software.

Zitat

Steganos Live Encryption Engine 13
Schritt 2

Entferne Kaspersky mit diesem Removaltool vollständig vom System.

Schritt 3

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 4

Zitat

E:\starter.exe
Fotos\nach riga\P1010169.JPG
E:\Toshiba\more4you.exe
Was war hier bei E: angeschlossen?

Schritt 5

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

Schritt 6

Nun kontrollieren wir den Master Boot Record,ob alles in Ordnung ist:
• Downloade die MBR.exe von Gmer und
• speichere das Programm auf Deinem Desktop.
• Mache einen Doppelklick auf das Programm, um es zu starten.
• Wenn Dein Antiviren-Programm anschlägt, bitte ignorieren bzw. die Aktion zulassen.
• Nun wirst Du ein Logfile auf Deinem Desktop namens mbr.log finden.
• Poste mir den Inhalt dieser Logdatei hier in den Thread.
Seitenanfang Seitenende
09.03.2010, 01:44
...neu hier

Themenstarter

Beiträge: 9
#5 Sooo bin jetzt durch ;). Hier die Ergebnisse.

Schritt 1


Habe gut aufgeräumt. Einige Programme deinstalliert und Dateien gelöscht/auf externe Festplatte verschoben. Habe jetzt 30,4 Gb frei.
Denke dadurch kann ich mir ein aufrüsten sparen, oder ? Das System läuft seitdem auch schon (subjektiv) schneller. ;)

Schritt 2

Das Tool meldet "Kaspersky Anti-Virus was not detected"

Hinweis:
Hatte erst KIS 2009 drauf. Habe dann auf KIS 2010 geupgradet, ohne zuvor KIS 2009 zu deinstallieren. Als ich mich entschlossen habe, auf Antivir umzusteigen,
habe ich das KIS 2010 Removaltool aus dem Kaspersky-Forum benutzt.

Schritt 3

Code


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2620 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 499 bytes

User: All Users

User: Anne
->Temp folder emptied: 244283054 bytes
->Temporary Internet Files folder emptied: 20927741 bytes
->Java cache emptied: 12831936 bytes
->FireFox cache emptied: 27885213 bytes
->Flash cache emptied: 2731 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 499 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Yann
->Temp folder emptied: 43654822 bytes
->Temporary Internet Files folder emptied: 747487 bytes
->Java cache emptied: 27320209 bytes
->FireFox cache emptied: 81817419 bytes
->Flash cache emptied: 1955394 bytes

%systemdrive% .tmp files removed: 123408480 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 45811079 bytes
%systemroot%\System32\dllcache .tmp files removed: 983040 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 497931 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 603,00 mb

Error: Unable to interpret <Quelle: http://board.protecus.de/t39220.htm#ixzz0hdEKAVpv> in the current context!

OTL by OldTimer - Version 3.1.35.0 log created on 03092010_004517

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Schritt 4

Das müsste die externe Festplatte von einem Kumpel sein die vor 1-2 Monaten einmal angeschlossen war.

Schritt 5

Code


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3838
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.03.2010 01:09:40
mbam-log-2010-03-09 (01-09-40).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 138150
Laufzeit: 10 minute(s), 32 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.


Schritt 6

Code


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK



Danke für deine tolle Anleitung! Eine Frage am Rande: Ist es ratsam bei Avira-Antivir Premium den sicheren Startmodus zu wählen. (siehe http://www.avira.com/de/support/faqdetails.php?id=506 Habe bei der Installation den normalen Startmodus gewählt der ja auch empfohlen wird.
Dieser Beitrag wurde am 09.03.2010 um 01:50 Uhr von CottonEyejoe editiert.
Seitenanfang Seitenende
09.03.2010, 08:35
Moderator

Beiträge: 5694
#6 Also das mit dem sicheren Startmodus ist natürlich Dir überlassen. Aber ich denke das dies nicht nötig ist. Zumal es jedesmal den Start verlangsamt und dies markant.

Ich will sicher gehen, dass die atapi sicher nicht verändert wurde. Deshalb mache noch folgendes:

Schritt 1

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in
das System eindringen, deinstalliere zunächst alle
vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte
den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6
Update 18)
von SUN.
Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem
auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den
Button "Continue" klicken. Dort die jre-6u18-windows-i586.exe downloaden und
anschließend installieren, eventuell angebotene Toolbars nicht mitinstallieren.


Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:filefind
atapi.sys
• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


Schritt 3

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren. • Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole und zur Anwendung
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.



Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Schritt 4

Eset Online Scanner (NOD32)
• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Voraussetzung: Internet Explorer (IE) 5.0 oder höher
• Haken bei "YES, I accept the Terms of Use" machen
• Start
• ActiveX-Steuerelement installieren
• Start
• Signaturen werden heruntergeladen
• Haken machen bei "Remove found threads"
• Haken machen bei "Remove found threads" und "Scan unwanted applications"
• Scan
• Scanende
• Browser schließen
• Explorer öffnen
• C:\Programme\EsetOnlineScanner\log.txt
• Log hier posten
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner entfernen.
Seitenanfang Seitenende
09.03.2010, 18:47
...neu hier

Themenstarter

Beiträge: 9
#7 Schritt 1
Erldedigt. Was mich gewundert hat, ist dass in der Liste (Systemsteuerung => Software => deinstallieren) nur "JRE 6 Update 17" stand, im darauf folgenden Deinstallationsprozess jedoch von "JRE 6 Update 12" die Rede war. Jedenfalls warb danach kein Java-Eintrag mehr vorhanden.


Schritt 2

Code

 SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:45 on 09/03/2010 by Yann (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\recover\WINDOWS\system32\dllcache\atapi.sys    --a--- 95360 bytes    [20:25 26/06/2006]    [20:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\recover\WINDOWS\system32\drivers\atapi.sys    --a--- 95360 bytes    [20:25 26/06/2006]    [20:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\recover\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys    --a--- 95360 bytes    [20:25 26/06/2006]    [12:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys    -----c 95360 bytes    [17:01 17/05/2008]    [20:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys    ------ 96512 bytes    [16:22 17/05/2008]    [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys    --a--- 96512 bytes    [22:59 03/08/2004]    [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys    --a--- 95360 bytes    [17:40 26/06/2006]    [12:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-



Schritt 3

Combofix.txt

Code



ComboFix 10-03-08.02 - Yann 09.03.2010  16:07:39.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.620 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Yann\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-899066889-991984400-934610218-500
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-02-09 bis 2010-03-09  ))))))))))))))))))))))))))))))
.

2010-03-09 14:37 . 2010-03-09 14:37    --------    d-----w-    c:\programme\Gemeinsame Dateien\Java
2010-03-08 23:54 . 2010-03-08 23:54    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Malwarebytes
2010-03-08 23:54 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 23:54 . 2010-03-08 23:54    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2010-03-08 23:54 . 2010-03-08 23:54    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-08 23:54 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-08 23:45 . 2010-03-08 23:45    --------    d-----w-    C:\_OTL
2010-03-05 14:56 . 2010-02-12 10:03    293376    ------w-    c:\windows\system32\browserchoice.exe
2010-02-21 19:03 . 2010-02-21 19:03    --------    d-----w-    c:\programme\gs
2010-02-20 18:58 . 2010-02-20 18:58    --------    d-----r-    c:\dokumente und einstellungen\LocalService\Favoriten
2010-02-18 21:35 . 2010-02-18 21:35    --------    d-----w-    c:\programme\OpenAL
2010-02-18 21:35 . 2010-02-18 21:35    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2010-02-18 21:35 . 2010-02-18 21:35    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2010-02-18 21:30 . 2010-02-18 21:30    --------    d-----w-    c:\programme\Futuremark
2010-02-16 19:51 . 2010-02-16 19:51    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\TVU Networks
2010-02-12 21:57 . 2010-02-12 21:57    --------    d-----w-    c:\programme\JoWooD
2010-02-12 19:09 . 2010-02-12 19:09    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Avira
2010-02-12 18:51 . 2010-02-12 18:57    56816    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-02-12 18:51 . 2009-03-30 09:33    96104    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-02-12 18:51 . 2009-02-13 11:29    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-02-12 18:51 . 2009-02-13 11:17    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-02-12 18:51 . 2010-02-12 18:51    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-02-12 18:51 . 2010-02-12 18:51    --------    d-----w-    c:\programme\Avira
2010-02-11 16:43 . 2010-02-11 16:43    --------    d--h--w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJScan

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 14:36 . 2010-03-09 14:36    503808    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-324b39f4-n\msvcp71.dll
2010-03-09 14:36 . 2010-03-09 14:36    499712    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-324b39f4-n\jmc.dll
2010-03-09 14:36 . 2010-03-09 14:36    348160    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-324b39f4-n\msvcr71.dll
2010-03-09 14:36 . 2010-03-09 14:36    61440    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-73cf518c-n\decora-sse.dll
2010-03-09 14:36 . 2010-03-09 14:36    12800    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-73cf518c-n\decora-d3d.dll
2010-03-09 14:36 . 2009-02-14 20:27    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-09 14:16 . 2009-02-14 21:35    --------    d-----w-    c:\programme\Mozilla Thunderbird
2010-03-08 23:31 . 2008-11-23 01:26    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\vlc
2010-03-08 22:35 . 2009-12-13 17:07    --------    d-----w-    c:\programme\Unlocker
2010-03-08 22:18 . 2009-07-06 15:04    --------    d-----w-    c:\programme\Project64 1.6
2010-03-08 22:16 . 2010-01-23 18:06    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\BOM
2010-03-08 22:16 . 2006-06-26 17:52    --------    d--h--w-    c:\programme\InstallShield Installation Information
2010-03-08 22:16 . 2007-09-23 11:05    --------    d-----w-    c:\programme\Electronic Arts
2010-03-08 22:15 . 2008-12-30 14:15    --------    d-----w-    c:\programme\Exact Audio Copy
2010-03-08 22:12 . 2006-12-16 12:37    --------    d-----w-    c:\programme\Steganos Live Encryption Engine 13
2010-03-08 20:56 . 2009-02-14 20:15    1    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-07 21:20 . 2009-07-05 21:45    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\U3
2010-03-01 22:32 . 2009-11-02 19:22    --------    d-----w-    c:\programme\JDownloader
2010-02-25 22:46 . 2009-09-10 14:16    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\dvdcss
2010-02-21 18:52 . 2009-01-12 19:38    --------    d-----w-    c:\programme\IrfanView
2010-02-18 21:29 . 2009-11-02 21:59    --------    d-----w-    c:\programme\Tropico
2010-02-16 19:52 . 2010-02-16 19:51    5562672    ----a-w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\TVU Networks\AutoUpgrade\TVUPlayer2.4.9.1.exe
2010-02-12 18:40 . 2009-02-14 14:04    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-02-12 18:40 . 2009-02-14 14:04    --------    d-----w-    c:\programme\Kaspersky Lab
2010-02-11 16:43 . 2007-03-30 13:56    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Canon
2010-02-03 22:09 . 2007-07-17 22:20    --------    d-----w-    c:\programme\FinePixViewer
2010-01-22 22:34 . 2008-02-16 18:42    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe
2010-01-17 19:17 . 2009-02-14 21:35    --------    d-----w-    c:\dokumente und einstellungen\Yann\Anwendungsdaten\Thunderbird
2010-01-16 19:06 . 2009-10-01 19:31    --------    d-----w-    c:\programme\a-squared Free
2009-12-31 16:50 . 2006-06-26 08:30    353792    ----a-w-    c:\windows\system32\drivers\srv.sys
2009-12-21 19:05 . 2006-06-26 08:30    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-12-18 09:34 . 2006-06-26 08:30    86566    ----a-w-    c:\windows\system32\perfc007.dat
2009-12-18 09:34 . 2006-06-26 08:30    464352    ----a-w-    c:\windows\system32\perfh007.dat
2009-12-17 07:40 . 2006-06-26 16:50    346624    ----a-w-    c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-06-26 08:29    33280    ----a-w-    c:\windows\system32\csrsrv.dll
2009-10-28 13:33 . 2009-02-14 14:04    5906464    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2009-10-28 13:33 . 2009-02-14 14:04    827424    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SoundMan"="SOUNDMAN.EXE" [2005-08-01 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-08-01 2803712]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 557056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]
"REGSHAVE"="c:\programme\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-05-17 282624]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
ATI CATALYST System Tray.lnk - c:\programme\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2007-7-17 294912]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 18:29 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.07.2008 21:55 716272]
R2 a2free;a-squared Free Service;c:\programme\a-squared Free\a2service.exe [01.10.2009 20:31 1858144]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [12.02.2010 19:51 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.02.2010 19:51 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [12.02.2010 19:51 434945]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 18:06 32272]
R3 SbieDrv;SbieDrv;c:\programme\Sandboxie\SbieDrv.sys [01.12.2009 14:55 119296]
S1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];\??\c:\windows\system32\drivers\SLEE13.sys --> c:\windows\system32\drivers\SLEE13.sys [?]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 cpuz130;cpuz130;\??\c:\dokume~1\Yann\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Yann\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [26.06.2006 18:47 1527900]
S3 iMSPCLOj;iMSPCLOj;\??\c:\dokume~1\Yann\LOKALE~1\Temp\iMSPCLOj.sys --> c:\dokume~1\Yann\LOKALE~1\Temp\iMSPCLOj.sys [?]
S3 SDTHelper;Helper driver for SDT-Tool;\??\i:\radix_installer1009\sdthlpr.sys --> i:\radix_installer1009\sdthlpr.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/fsc/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://de.yahoo.com/fsc/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\dokumente und einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\dokumente und einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 16:16
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x86F691F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7529f28
\Driver\ACPI -> ACPI.sys @ 0xf7276cb8
\Driver\atapi -> sfsync02.sys @ 0xf7745d60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7001bb0
PacketIndicateHandler -> NDIS.sys @ 0xf700ea21
SendHandler -> NDIS.sys @ 0xf6fec87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A306CFCD8163FE7823A40C8381D445EF0B878EF991E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14075D575E7D6A3B9808FEBC9E127BECC74C9FD85B1401B24DEC7C8576227B194563C06A2AEAC2FB3A656EC8E4A243DDB49D36E3D2CC5A8B355B3BBEB9B25B78966FDEA15CB1ACEDFA622EF277D87111CE7D4BDF3D5545AE4C187555732D855DA6C195C61C4D2C6C30B3E8C923643A291C97ACFBAD13B267CC1A64BBEAE3A3EAB04FA732FC9B448FB2690CAAEFD09851B83A903BBDDE3618B08C263CE79D04D63040BA929A6F1A0321C8E448679EAE4C04E90FF287060AB5B94FBBEF3693176DE672D9E691917A05DDCCA8A698403DED20DAA250ABC80A48EB768AC826F4738AD975738304BB52E88E216D22179F2F9CF4782E504EDD38EF8EC8DB080FE1D422D28E5A93179C37971FA8AE6677190E562D627546156CB85BAE435DC8477116B9DE34C39275575E0A3B774D7555F90BAAB8692059AD12D4519B92A174ABAE3BEB4E154A504C04A25155590BA55109793D49943B0446DFF72AE91D1B4B9D95E86737126D724C2D038F254A90200AFCD1C8D71EB695935BB5547179A66180996AECF13D8E72ACD1A27CA47CE764AA0330171FF5672FCDFD414F4FF17E9EBF202DD39C61F41CA5E448E311D481C159B952899C3D85C82E3373326387C63F4404C286967A4A1076CCDE24ECECB0DFC8351F1495CB2D2DF5DCCA25D06D83D00192608307389CC4DEE475B0FD122DB729FE1D3F102ADEFAE85066E5008B9C3AEA8D615CD6005F01267D3E91CEC61196B112F7A757987FA4CE550BC49E7CE231F92BC2373269E86294D711E0AE405C9F1EDD007C7A895872722BA2299A1085C0A99626CF8AC2F2D9F9AC69CFADE673C7AAC629824D2393FC2401BA0A2ACA1ACAFC6C5272150B1C2B25A4649F225A1CD81C260B92E6BF433438FB02F644629A03F6BFB0034BF6E671EDE0C628A76A8370B846629821EC5A5B8336CF8FA444E36F20164FF5E9EE39172D74F4551C9C3701CBE78D159B6F338865BB9A88CC8EB7EC07E8E0D772905E5D40E4FC26A12CAC4F22BF111BBB3B09A53B0E812D80953B2BB9A6B945A92B045A0A2E8A2E9C05B9F60FF41654257EFAF2E9A2C35AC660782E4F3254F019C4BD756FBF7393B9C819636924667CC59310035761C77F6C2ADBCCDD604FA10E93806B59FAAC1265CD6CD70DDBF364CA8FAF3CF0A795A303E337B4847B6BB11906A6CEB53952F9521DB5E85622D0EF29B8A5D9A5C75A5F5D30C063E2C2108E10BC70827643A2AD76F3DC822A6DB6161789A2E9E805E6DF92E5102E9C6646BA0B0AFDBF12D900A30DC32D606D2B80668EAF3B4F3219AF670112253CDB8DBBCC68F8D79201AF72691333D516"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1300)
c:\programme\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\webcheck.dll
c:\programme\Avira\AntiVir Desktop\avsda.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\Sandboxie\SbieSvc.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\eHome\ehmsas.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\windows\sm56hlpr.exe
c:\programme\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-03-09  16:24:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-03-09 15:24

Vor Suchlauf: 29 Verzeichnis(se), 32.519.581.696 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 32.386.646.016 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 79154046DADE8BD730E278449DC53DA7


Add-Remove Programs.txt

Code



a-squared Free 4.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1 - Deutsch
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Premium
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Canon MP Navigator EX 3.0
Canon MP550 series Benutzerregistrierung
Canon MP550 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
[url="http://www.ccleaner.de"]CCleaner[/url]
Counter-Strike(TM)
DivX Plus Web Player
EncSpot Basic 2.0
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.3
Firebird SQL Server (D)
FUJIFILM USB Driver
Google Earth
GPL Ghostscript 8.71
HD Tune 2.55
High Definition Audio - KB888111
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
iAUDIO LDB Manager
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 18
JDownloader
jetAudio Basic VX
Macromedia Flash Player 8
MAGIX Digital Foto Maker SE (D)
MAGIX Fotos auf CD (D)
MAGIX Media Suite - Standard Edition (D)
MAGIX mp3 maker SE (D)
MAGIX Online Druck Service (FS)
MAGIX Video deLuxe SE (D)
Malwarebytes' Anti-Malware
MediaInfo 0.7.8
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6)
Mozilla Thunderbird (3.0.2)
Mp3tag v2.45a
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
MSXML4 Parser
Nero BurnRights
Nero Digital
Nero OEM
NeroVision Express Content
No23 Recorder
O&O Defrag Professional Edition
Office 2003 Trial Assistant
OpenAL
OpenMG Secure Module 4.7.00
OpenOffice.org 3.1
PowerCinema Linux 4.0
PowerDVD
Pro Evolution Soccer 2010
Sandboxie 3.42
Security Update for CAPICOM (KB931906)
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Skype™ 3.6
Softwareupdate für Webordner
SopCast 3.2.4
Spelling Dictionaries Support For Adobe Reader 9
Steam(TM)
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
TrueCrypt
TVAnts 1.0
TVUPlayer 2.4.8.2
Unlocker 1.8.8
Update für Windows Internet Explorer 8 (KB969497)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Media Player 10 (KB913800)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Rollup 2 für Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.3
WD Diagnostics
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Messenger 5.1 MUI Pack
Windows Mobile® Device Handbook
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR Archivierer
XML Paper Specification Shared Components Language Pack 1.0


Schritt 4

Code


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=dedba6721cd45440ae46b036e0cfd66c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-09 05:29:33
# local_time=2010-03-09 06:29:33 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 2152171 2152171 0 0
# compatibility_mode=8192 67108863 100 0 3831 3831 0 0
# scanned=146843
# found=3
# cleaned=3
# scan_time=6519
C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Eigene Videos\unlocker1.8.8(2).exe    Win32/Adware.ADON application (deleted - quarantined)    00000000000000000000000000000000    C
C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Eigene Videos\unlocker1.8.8.exe    Win32/Adware.ADON application (deleted - quarantined)    00000000000000000000000000000000    C
C:\Programme\Sports Interactive\Football Manager 2009\fm91_t1.exe    probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C


Gruss in die Schweiz ^^

edit: Vor Kaspersky habe ich kurze Zeit NIS (müsste 2009 gewesen sein evtl 2010) genutzt. Dieses habe ich dann mit Nortons Removaltool entfernt.
Dieser Beitrag wurde am 09.03.2010 um 19:07 Uhr von CottonEyejoe editiert.
Seitenanfang Seitenende
09.03.2010, 21:39
Moderator

Beiträge: 5694
#8 Schritt 1

CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer
installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach
bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das
folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung =>
Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden
hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen.


Lade DeFogger herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.
• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread.

Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.


Schritt 2

Bei Dir scheint sich etwas im Master Boot Record festgesetzt zu haben, wie das obige
Ergebnis zeigt. Du hast jetzt zwei Möglichkeiten, den Master Boot Record (MBR) wieder in
Ordnung zu bringen, die erste zeigt Dir auf, wie Du das mit Windows eigenen Mitteln machen kannst, die zweite, wie es mit dem Tool mbr.exe zu machen ist.

MBR wiederherstellen

Entweder so:
• Lege die Installations-CD von XP oder Windows 2000 in das CD-Laufwerk ein und
starte den Computer neu.
• Bootet der Computer nicht von CD, musst Du im BIOS-Setup des PCs die
Boot-Reihenfolge umstellen, so dass die CD vor der Festplatte verwendet wird.
• Während des Bootens erkennt das Startprogramm auf der CD eine gegebenenfalls
vorhandene bootfähige Partition auf der Festplatte, stoppt das Hochfahren und fährt erst auf einen beliebigen Tastendruck hin mit dem Booten fort.
• Beim ersten Bildschirm des Windows-Setup-Programms wähle "R" und im nächsten Screen "K" für das Laden der Wiederherstellungskonsole.
• Nun gebe folgenden Befehl ein:
fixmbr
oder so:
• Kopiere die Datei mbr.exe nach C:\Windows\system32
• Start => ausführen => cmd (da reinschreiben) => OK
• es öffnet sich ein Dosfenster
• bitte dort nach dem Prompt eingeben: mbr.exe -f (Enter drücken)
• und ggfs. den Anweisungen folgen.

Schritt 3

Zweiter Lauf mit Gmer

• Starte Gmer erneut.
• Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
• Dann klickst Du auf "Scan" und erlaubst damit Gmer erneut zu scannen.
• Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
• Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
• Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
• Speichere das Dokument und poste mir den Inhalt hier in den Thread.


Schritt 4

Rootkitscan mit RootRepeal
• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

.
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.
Seitenanfang Seitenende
10.03.2010, 20:08
...neu hier

Themenstarter

Beiträge: 9
#9 Schritt 1

Ich habe Daemontools deinstalliert und dann noch zusätzlich Defogger eingesetzt, da ich nicht sicher bin, ob ich noch einen anderen Emulator installiert habe. Hier das Logfile:

Code


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:52 on 10/03/2010 (Yann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


Schritt 2

Da ich meine Windows-CD nicht finden konnte, habe ich mbr.exe bei http://virus-protect.org/artikel/tools/mbr.html heruntergeladen und nach deiner anleitung ausgeführt. Das Logfile:

Code


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Schritt 3

Der Gmer-Scan hat nur wenige Sekunden gedauert. Mir ist aufgefallen, dass im Log ein Treiber von Nvidia auftaucht. Meine Grafikkarte ist von ATI. Außerdem tauchen Einträge von bereits deinstallierten Kaspersky und Symantec Produkten und von Hamachi (auch deinstalliert) auf. Sollte ich diese entfernen und wenn ja wie ?

Code


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-10 18:21:28
Windows 5.1.2600 Service Pack 3
Running: ihe9vnt9.exe; Driver: C:\DOKUME~1\Yann\LOKALE~1\Temp\uxtdrpob.sys


---- Modules - GMER 1.0.15 ----

Module   klbg.sys (Kaspersky Lab Boot Guard Driver/Kaspersky Lab)                                                                                                                              F749B000-F74A8000 (53248 bytes)
Module   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)                                                                                                      F772B000-F7731000 (24576 bytes)
Module   viamraid.sys (VIA RAID DRIVER FOR WIN 2000/XP/2003IA32/VIA Technologies inc,.ltd)                                                                                                     F74FB000-F750A000 (61440 bytes)
Module   PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                                                            F752B000-F7534000 (36864 bytes)
Module   sfhlp02.sys (StarForce Protection Helper Driver/Protection Technology)                                                                                                                F773B000-F7743000 (32768 bytes)
Module   sfdrv01.sys (StarForce Protection Environment Driver/Protection Technology)                                                                                                           F70BE000-F70CF000 (69632 bytes)
Module   \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)                                                                                F6733000-F6888000 (1396736 bytes)
Module   \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)                                                               F66F7000-F671F000 (163840 bytes)
Module   \SystemRoot\system32\DRIVERS\klfltdev.sys (KLFLTDEV Pnp device filter/Kaspersky Lab)                                                                                                  F75EB000-F75F4000 (36864 bytes)
Module   \SystemRoot\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation)                                                                                               F63AD000-F66D3000 (3301376 bytes)
Module   \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)                                                                                                    F637E000-F63AD000 (192512 bytes)
Module   \SystemRoot\system32\DRIVERS\klim5.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab)                                                                                      F764B000-F7655000 (40960 bytes)
Module   \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                                F789B000-F78A0000 (20480 bytes)
Module   \SystemRoot\system32\DRIVERS\smserial.sys (Motorola SM56 Modem WDM Driver/Motorola Inc.)                                                                                              EE0B4000-EE183000 (847872 bytes)
Module   \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)                                                              EDE46000-EE0B4000 (2547712 bytes)
Module   \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)                                                                                                      EC979000-ECE99000 (5373952 bytes)
Module   \SystemRoot\System32\drivers\truecrypt.sys (TrueCrypt Driver/TrueCrypt Foundation)                                                                                                    B408B000-B40BF000 (212992 bytes)
Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                               B1220000-B123C000 (114688 bytes)
Module   \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                                    F7A57000-F7A59000 (8192 bytes)
Module   \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.)                                                                                         BF9D6000-BFA15000 (258048 bytes)
Module   \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.)                                                                                BFA15000-BFA4E000 (233472 bytes)
Module   \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.)                                                                                          BFA4E000-BFA83000 (217088 bytes)
Module   \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. )                                                                                                               BFA83000-BFCD5000 (2433024 bytes)
Module   \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/ATI Technologies Inc. )                                                                                 BFCD5000-BFD68000 (602112 bytes)
Module   \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated)                                                                                    BFFA0000-BFFE6000 (286720 bytes)
Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                                        AD207000-AD21B000 (81920 bytes)
Module   \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)                        ACACF000-ACAD9000 (40960 bytes)
Module   \??\C:\Programme\Sandboxie\SbieDrv.sys (Sandboxie Kernel Mode Driver/tzuk)                                                                                                            AC85E000-AC87F000 (135168 bytes)
Module   \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation)                                                                                           F783B000-F7841000 (24576 bytes)
Module   \??\C:\DOKUME~1\Yann\LOKALE~1\Temp\uxtdrpob.sys (GMER)                                                                                                                                AC074000-AC08B000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                                  136
Library  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                                  0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH)                                                                                     0x10000000
Library  c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH)                                                                                               0x00B50000
Library  c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                                                                                   0x00BE0000
Library  c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                                                                                               0x00C00000
Library  c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                                                                                     0x00C60000
Library  c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                           0x00C80000
Library  c:\programme\avira\antivir desktop\ccmguard.dll (Control Center MailGuard Plugin/Avira GmbH)                                                                                          0x00CB0000
Library  c:\programme\avira\antivir desktop\ccmgrdrc.dll (Plug-in Ressourcen fürs MailGuard Control Center/Avira GmbH)                                                                         0x00D50000
Library  c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                                                                                            0x00D70000
Library  c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                                                                                   0x00DC0000
Library  c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH)                                                                                               0x01000000
Library  c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                                                                                   0x01030000
Library  c:\programme\avira\antivir desktop\ccwgrd.dll (Control Center WebGuard Plugin/Avira GmbH)                                                                                             0x01050000
Library  c:\programme\avira\antivir desktop\ccwgrdrc.dll (Control Center WebGuard Plugin Resources/Avira GmbH)                                                                                 0x00DD0000
Library  c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                                                                                               0x00F10000
Library  C:\Programme\CyberLink\PowerDVD\hodll.dll                                                                                                                                             0x00FF0000

Process  C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.)                                                                       160
Library  C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.)                                                                       0x00400000

Process  C:\Programme\Microsoft ActiveSync\wcescomm.exe (ActiveSync Connection Manager/Microsoft Corporation)                                                                                  168
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                                                                         280
Library  C:\WINDOWS\system32\CNMLM58.DLL (BJ Language Monitor/CANON INC.)                                                                                                                      0x66F40000
Library  C:\WINDOWS\system32\CNMLM9Z.DLL (IJ Language Monitor/CANON INC.)                                                                                                                      0x67380000
Library  C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation)                                                                                                    0x00990000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD58.DLL (Canon BJ Print Processor Dispatcher/CANON INC.)                                                                                0x009A0000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD9Z.DLL (IJ Print Processor Dispatcher/CANON INC.)                                                                                      0x67200000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation)                                                                              0x00D00000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation)                                                             0x3F420000

Process  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                               312
Library  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                               0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                                             0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                                               0x00C20000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                                        0x00C40000
Library  C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                                                 0x00DB0000
Library  C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                                                                                   0x00DD0000
Library  C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                                                      0x011F0000
Library  C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                          0x01320000
Library  C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                           0x01360000
Library  C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x01390000
Library  C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                           0x014A0000
Library  C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                           0x014D0000
Library  C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                           0x01520000
Library  C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                          0x015B0000
Library  C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                                                  0x01630000
Library  C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x01690000
Library  C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                          0x016E0000
Library  C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                          0x01930000
Library  C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                           0x01980000
Library  C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                           0x019F0000
Library  C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                            0x01A70000
Library  C:\Programme\Avira\AntiVir Desktop\avesvc.dll (Antivirus Engine Service Dynamic Link Library/Avira GmbH)                                                                              0x01B30000
Library  C:\Programme\Avira\AntiVir Desktop\avesvcr.dll (avesvc.dll/Avira GmbH)                                                                                                                0x01B70000
Library  C:\Programme\Avira\AntiVir Desktop\onlcfg.dll (Online protection configuration dll/Avira GmbH)                                                                                        0x01B90000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                           0x01BC0000
Library  C:\Programme\Avira\AntiVir Desktop\webcat.dll (Web Catigorization Library/Avira GmbH)                                                                                                 0x01BF0000

Process  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                                         328
Library  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                                         0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                                               0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                                             0x00B80000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                                        0x00CD0000

Process  C:\WINDOWS\eHome\ehSched.exe (Media Center-Planerdienst/Microsoft Corporation)                                                                                                        412
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (CLI Application (Command Line Interface)/ATI Technologies Inc.)                                                                        468
Library  C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (CLI Application (Command Line Interface)/ATI Technologies Inc.)                                                                        0x00400000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c7d99574\mscorlib.dll                                                                               0x79990000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_56f334e8\system.windows.forms.dll                                                       0x7B810000
Library  c:\programme\ati technologies\ati.ace\cli.implementation.dll (CLI Application Implementation (Command Line Interface)/ATI Technologies Inc.)                                          0x11000000
Library  c:\programme\ati technologies\ati.ace\log.foundation.dll (LOG Foundation/ATI Technologies Inc.)                                                                                       0x02E50000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.dll (CLI Foundation/ATI Technologies Inc.)                                                                                       0x03360000
Library  c:\programme\ati technologies\ati.ace\log.foundation.service.dll (LOG Foundation Service/ATI Technologies Inc.)                                                                       0x03380000
Library  c:\programme\ati technologies\ati.ace\log.foundation.shared.dll (LOG Foundation Shared/ATI Technologies Inc.)                                                                         0x03390000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_41cd00da\system.dll                                                                                   0x7B1D0000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.xmanifestation.dll (CLI Foundation for XML/ATI Technologies Inc.)                                                                0x033E0000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_89e56abd\system.xml.dll                                                                           0x7BD60000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000
Library  c:\programme\ati technologies\ati.ace\cli.component.systemtray.dll (SystemTray Component/ATI Technologies Inc.)                                                                       0x03640000
Library  c:\programme\ati technologies\ati.ace\cli.caste.graphics.shared.dll (Shared Graphics Caste/ATI Technologies Inc.)                                                                     0x036C0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll (DEM Graphics DisplaysManager Shared/ATI Technologies Inc.)                                             0x036D0000
Library  c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll (Microsoft Common Language Runtime - WorkStation/Microsoft Corporation)                                                0x79760000
Library  C:\PROGRA~1\GEMEIN~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (Extended MAPI 1.0 for Windows NT/Microsoft Corporation)                                                                         0x35F70000
Library  c:\programme\ati technologies\ati.ace\cli.component.runtime.dll (Runtime Component/ATI Technologies Inc.)                                                                             0x03570000
Library  c:\programme\ati technologies\ati.ace\apm.foundation.dll (APM Foundation/ATI Technologies Inc.)                                                                                       0x03590000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec612f2d\system.drawing.dll                                                                   0x7B510000
Library  c:\programme\ati technologies\ati.ace\de\cli.component.systemtray.resources.dll (SystemTray Component/ATI Technologies Inc.)                                                          0x035E0000

Process  C:\WINDOWS\system32\bgsvcgen.exe (B's Recorder GOLD Service Library/B.H.A Corporation)                                                                                                532
Library  C:\WINDOWS\system32\bgsvcgen.exe (B's Recorder GOLD Service Library/B.H.A Corporation)                                                                                                0x00400000

Process  C:\WINDOWS\eHome\ehRecvr.exe (Media Center Receiver Service/Microsoft Corporation)                                                                                                    576
Library  C:\WINDOWS\system32\sbe.dll                                                                                                                                                           0x1FF00000
Library  C:\WINDOWS\system32\msdmo.dll                                                                                                                                                         0x73620000

Process  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                                            772
Library  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                                            0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000
Library  C:\PROGRA~1\GEMEIN~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (Extended MAPI 1.0 for Windows NT/Microsoft Corporation)                                                                         0x35F70000

Process  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                                        848
Library  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                                        0x00400000
Library  C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.)                                                                                                                    0x00D30000

Process  C:\PROGRA~1\MI3AA1~1\rapimgr.exe (ActiveSync RAPI Manager/Microsoft Corporation)                                                                                                      900
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)                                                                                                                      944
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU                                                                                                                    0x031E0000
Library  C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Sun Microsystems, Inc.)                                                                                            0x5EE60000
Library  C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll (STLport/STLport Consulting, Inc.)                                                                            0x5E470000
Library  C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.)                                                                          0x02F70000

Process  C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation)                                                                                                         1216
Library  C:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.)                                                                                        0x10000000

Process  C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation)                                                                                                      1272
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                                        1432
Library  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                                        0x00400000
Library  C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.)                                                                                                                    0x00BE0000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                                       1564
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                                       1612
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (PowerDVD RC Service/Cyberlink Corp.)                                                                                                    1768
Library  C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (PowerDVD RC Service/Cyberlink Corp.)                                                                                                    0x00400000
Library  C:\Programme\CyberLink\PowerDVD\hodll.dll                                                                                                                                             0x10000000

Process  C:\Programme\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)                                                                                                      1780
Library  C:\Programme\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)                                                                                                      0x00400000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                                       1788
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\Programme\ATI Technologies\ATI.ACE\cli.exe (CLI Application (Command Line Interface)/ATI Technologies Inc.)                                                                        1868
Library  C:\Programme\ATI Technologies\ATI.ACE\cli.exe (CLI Application (Command Line Interface)/ATI Technologies Inc.)                                                                        0x00400000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c7d99574\mscorlib.dll                                                                               0x79990000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_56f334e8\system.windows.forms.dll                                                       0x7B810000
Library  c:\programme\ati technologies\ati.ace\cli.implementation.dll (CLI Application Implementation (Command Line Interface)/ATI Technologies Inc.)                                          0x11000000
Library  c:\programme\ati technologies\ati.ace\log.foundation.dll (LOG Foundation/ATI Technologies Inc.)                                                                                       0x02E00000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.dll (CLI Foundation/ATI Technologies Inc.)                                                                                       0x03310000
Library  c:\programme\ati technologies\ati.ace\log.foundation.service.dll (LOG Foundation Service/ATI Technologies Inc.)                                                                       0x03330000
Library  c:\programme\ati technologies\ati.ace\log.foundation.shared.dll (LOG Foundation Shared/ATI Technologies Inc.)                                                                         0x03340000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_41cd00da\system.dll                                                                                   0x7B1D0000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.xmanifestation.dll (CLI Foundation for XML/ATI Technologies Inc.)                                                                0x03390000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_89e56abd\system.xml.dll                                                                           0x7BD60000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000
Library  c:\programme\ati technologies\ati.ace\cli.component.runtime.dll (Runtime Component/ATI Technologies Inc.)                                                                             0x035F0000
Library  c:\programme\ati technologies\ati.ace\aem.foundation.dll (AEM Foundation/ATI Technologies Inc.)                                                                                       0x03610000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec612f2d\system.drawing.dll                                                                   0x7B510000
Library  c:\programme\ati technologies\ati.ace\cli.caste.graphics.runtime.dll (Runtime Graphics Caste/ATI Technologies Inc.)                                                                   0x03750000
Library  c:\programme\ati technologies\ati.ace\cli.component.runtime.shared.dll (Runtime Shared/ATI Technologies Inc.)                                                                         0x037A0000
Library  c:\programme\ati technologies\ati.ace\cli.caste.graphics.shared.dll (Shared Graphics Caste/ATI Technologies Inc.)                                                                     0x037B0000
Library  c:\programme\ati technologies\ati.ace\dem.foundation.dll (DEM Foundation/ATI Technologies Inc.)                                                                                       0x037C0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll (DEM Graphics DisplaysManager Shared/ATI Technologies Inc.)                                             0x037D0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demosinfo.dll (DEM Graphics OSInfo/ATI Technologies Inc.)                                                                          0x037E0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demosadapterinfo.dll (DEM Graphics OSAdapterInfo/ATI Technologies Inc.)                                                            0x03900000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.dematiadapterinfo.dll (DEM Graphics ATIAdapterInfo/ATI Technologies Inc.)                                                          0x03910000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdriversettings.dll (DEM Graphics DriverSettings/ATI Technologies Inc.)                                                          0x03920000
Library  c:\programme\ati technologies\ati.ace\atidemgr.dll (Graphics DEM/ATI Technologies Inc.)                                                                                               0x03D30000
Library  c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll (Microsoft Common Language Runtime - WorkStation/Microsoft Corporation)                                                0x79760000
Library  C:\PROGRA~1\GEMEIN~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (Extended MAPI 1.0 for Windows NT/Microsoft Corporation)                                                                         0x35F70000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demosmodeinfo.dll (DEM Graphics OSModeInfo/ATI Technologies Inc.)                                                                  0x034F0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.dematidisplaysmanagersettings.dll (DEM Graphics ATIDisplaysManagerSettings/ATI Technologies Inc.)                                  0x03500000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demverylargedesktopsettings.dll (DEM Graphics VeryLargeDesktop/ATI Technologies Inc.)                                              0x03510000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll (Runtime Graphics Caste MultiVPU Aspect/ATI Technologies Inc.)                                         0x03550000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll (Shared Graphics Caste MultiVPU Aspect/ATI Technologies Inc.)                                           0x03560000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll (Runtime Graphics Caste VeryLargeDesktop Aspect/ATI Technologies Inc.)                         0x03580000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll (Shared Graphics Caste VeryLargeDesktop Aspect/ATI Technologies Inc.)                           0x03590000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll (Runtime Graphics Caste R300/R400 Radeon3D Aspect/ATI Technologies Inc.)                               0x035A0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll (Runtime Graphics Caste R100/R200 Radeon3D Aspect/ATI Technologies Inc.)                         0x035C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll (Shared Graphics Caste R100/R200 Radeon3D Aspect/ATI Technologies Inc.)                           0x035D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll (Runtime Graphics Caste Display Colour 2/ATI Technologies Inc.)                                 0x035E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll (Shared Graphics Caste Display Colour 2 Aspect/ATI Technologies Inc.)                            0x042A0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdisplayscoloursettings.dll (DEM Graphics DisplaysColourSettings/ATI Technologies Inc.)                                          0x042B0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll (Runtime Graphics Caste Display Colour/ATI Technologies Inc.)                                    0x042C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll (Shared Graphics Caste Display Colour Aspect/ATI Technologies Inc.)                               0x042D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll (Runtime Graphics Caste MM Video Aspect/ATI Technologies Inc.)                                          0x042E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll (Shared Graphics Caste MM Video Aspect/ATI Technologies Inc.)                                            0x042F0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.mmdeintlacingsettings.dll (DEM Graphics MM DeIntLacing/ATI Technologies Inc.)                                                      0x04310000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll (Runtime Graphics Caste VideoOverlay Aspect/ATI Technologies Inc.)                                 0x046E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.shared.dll (Shared Graphics Caste VideoOverlay Aspect/ATI Technologies Inc.)                           0x046F0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.videooverlay.shared.dll (DEM Graphics VideoOverlay Shared/ATI Technologies Inc.)                                                   0x04700000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll (Runtime Graphics Caste SMARTGART Aspect/ATI Technologies Inc.)                                       0x05370000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demsmartgartsettings.dll (DEM Graphics SmartgartSettings/ATI Technologies Inc.)                                                    0x05690000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll (Runtime Graphics Caste VPU Recover Aspect/ATI Technologies Inc.)                                    0x056A0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll (Shared Graphics Caste VPU Recover Aspect/ATI Technologies Inc.)                                      0x056C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll (Runtime Graphics Caste WorkstationConfig Aspect/ATI Technologies Inc.)                       0x056D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll (Runtime Graphics Caste CRT Aspect/ATI Technologies Inc.)                                             0x056E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll (Runtime Graphics Caste CRT 2 Aspect/ATI Technologies Inc.)                                          0x056F0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll (Runtime Graphics Caste LCD Aspect/ATI Technologies Inc.)                                             0x05700000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll (Shared Graphics Caste LCD Aspect/ATI Technologies Inc.)                                               0x05710000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll (Runtime Graphics Caste LCD 2 Aspect/ATI Technologies Inc.)                                          0x05730000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll (Shared Graphics Caste LCD 2 Aspect/ATI Technologies Inc.)                                            0x05740000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll (Runtime Graphics Caste CV Aspect/ATI Technologies Inc.)                                               0x05750000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll (Shared Graphics Caste CV Aspect/ATI Technologies Inc.)                                                 0x05760000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll (Shared Custom Formats/ATI Technologies Inc.)                                                      0x05770000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll (Runtime Graphics Caste CV Aspect/ATI Technologies Inc.)                                              0x05780000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll (Shared Graphics Caste CV 2 Aspect/ATI Technologies Inc.)                                              0x057A0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll (Runtime Graphics Caste CRT Aspect/ATI Technologies Inc.)                                             0x057B0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll (Runtime Graphics Caste CRT Aspect/ATI Technologies Inc.)                                              0x057C0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicetvsettings.dll (DEM Graphics DeviceTVSettings/ATI Technologies Inc.)                                                      0x057D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll (Runtime Graphics Caste DFP Aspect/ATI Technologies Inc.)                                             0x057E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll (Shared Graphics Caste DFP Aspect/ATI Technologies Inc.)                                               0x057F0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll (Runtime Graphics Caste DFP 2 Aspect/ATI Technologies Inc.)                                          0x05810000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll (Shared Graphics Caste DFP 2 Aspect/ATI Technologies Inc.)                                            0x05820000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll (Runtime Graphics Caste OverDrive3 Aspect/ATI Technologies Inc.)                                     0x05830000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll (Shared Graphics Caste OverDrive3 Aspect/ATI Technologies Inc.)                                       0x05850000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll (Runtime Graphics Caste OverDrive2 Aspect/ATI Technologies Inc.)                                     0x05860000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demoverdrivesettings.dll (DEM Graphics OverdriveSettings/ATI Technologies Inc.)                                                    0x05870000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll (Runtime Graphics Caste PowerPlay3 Aspect/ATI Technologies Inc.)                                     0x05890000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll (Shared Graphics Caste PowerPlay3 Aspect/ATI Technologies Inc.)                                       0x058A0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.dempowerplaysettings.dll (DEM Graphics PowerPlaySettings/ATI Technologies Inc.)                                                    0x058B0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll (Runtime Graphics Caste Display Option Aspect/ATI Technologies Inc.)                            0x058C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll (Runtime Graphics Caste Integrated UMA Frame Buffer Aspect/ATI Technologies Inc.)      0x058D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll (Runtime Graphics Caste InfoCentre Aspect/ATI Technologies Inc.)                                     0x058E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll (Shared Graphics Caste InforCentre Aspect/ATI Technologies Inc.)                                      0x05900000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll (Runtime Graphics Caste HotkeysHandling Aspect/ATI Technologies Inc.)                           0x05920000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll (Shared Graphics Caste HotkeysHandling Aspect/ATI Technologies Inc.)                             0x05930000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demmultivpusettings.dll (DEM Graphics MultiVPU/ATI Technologies Inc.)                                                              0x05940000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll (Shared Graphics Caste R300/R400 Radeon3D Aspect/ATI Technologies Inc.)                                 0x05950000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.mmoverlaysettings.dll (DEM Grahpic MM Overlay Adjustment/ATI Technologies Inc.)                                                    0x05970000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demvideotheatermodesettings.dll (DEM Graphics VideoTheaterModeSettings/ATI Technologies Inc.)                                      0x05990000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demvideooverlaysettings.dll (DEM Graphics VideoOverlaySettings/ATI Technologies Inc.)                                              0x059B0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demvpurecoverinfo.dll (DEM Graphics VPURecoverInfo/ATI Technologies Inc.)                                                          0x059C0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.workstationsettings.dll (DEM Graphics WorkstationSettings/ATI Technologies Inc.)                                                   0x059D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll (Shared Graphics Caste Common Display Device Aspect/ATI Technologies Inc.)                        0x059E0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicecrtsettings.dll (DEM Graphics DeviceCRTSettings/ATI Technologies Inc.)                                                    0x059F0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicecommonsettings.dll (DEM Graphics DeviceCommonSettings/ATI Technologies Inc.)                                              0x05A10000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll (Shared Graphics Caste CRT Aspect/ATI Technologies Inc.)                                               0x05A20000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll (Shared Graphics Caste Common Display Device Aspect/ATI Technologies Inc.)                       0x05A30000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicecommon2settings.dll (DEM Graphics DeviceCommon2Settings/ATI Technologies Inc.)                                            0x05A40000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicelcdsettings.dll (DEM Graphics DeviceLCDSettings/ATI Technologies Inc.)                                                    0x05A50000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicecomponentvideosettings.dll (DEM Graphics DeviceComponentvideoSettings/ATI Technologies Inc.)                              0x05A80000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicetv2settings.dll (DEM Graphics DeviceTV2Settings/ATI Technologies Inc.)                                                    0x05AB0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll (Shared Graphics Caste TV Aspect/ATI Technologies Inc.)                                                 0x05AC0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicedfpsettings.dll (DEM Graphics DeviceDFPSettings/ATI Technologies Inc.)                                                    0x05AE0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdevicedfp2settings.dll (DEM Graphics DeviceDFP2Settings/ATI Technologies Inc.)                                                  0x05AF0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demoverdrive3settings.dll (DEM Graphics Overdrive3Settings/ATI Technologies Inc.)                                                  0x05B00000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demdisplaysmanageroptionssettings.dll (DEM Graphics DisplaysManagerOptionsSettings/ATI Technologies Inc.)                          0x05B10000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll (Shared Graphics Caste Display Option Aspect/ATI Technologies Inc.)                              0x05B50000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.demumaframebuffersettings.dll (DEM Graphics UMAFrameBufferSettings/ATI Technologies Inc.)                                          0x05B30000
Library  c:\programme\ati technologies\ati.ace\apm.foundation.dll (APM Foundation/ATI Technologies Inc.)                                                                                       0x05B40000

Process  C:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.)                                                                                                           1880
Library  C:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.)                                                                                                           0x00400000

Process  C:\Programme\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.)                                                                                        1908
Library  C:\Programme\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.)                                                                                        0x00400000
Library  C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.)                                                                                                                               0x10000000

Process  C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.)                                                                                           1916
Library  C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.)                                                                                           0x00400000
Library  C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.)                                                                                                                               0x10000000
Library  C:\WINDOWS\system32\SynTPAPI.dll (SynTPAPI/Synaptics, Inc.)                                                                                                                           0x63010000

Process  C:\WINDOWS\sm56hlpr.exe (Motorola SM56 Win32 Utility/Motorola Inc.)                                                                                                                   1948
Library  C:\WINDOWS\sm56hlpr.exe (Motorola SM56 Win32 Utility/Motorola Inc.)                                                                                                                   0x00400000
Library  C:\WINDOWS\sm56eng.dll                                                                                                                                                                0x10000000
Library  C:\WINDOWS\sm56fra.dll                                                                                                                                                                0x00A00000
Library  C:\WINDOWS\sm56brz.dll                                                                                                                                                                0x00A10000
Library  C:\WINDOWS\sm56chs.dll                                                                                                                                                                0x00A30000
Library  C:\WINDOWS\sm56cht.dll                                                                                                                                                                0x00A40000
Library  C:\WINDOWS\sm56ger.dll                                                                                                                                                                0x00A50000
Library  C:\WINDOWS\sm56itl.dll                                                                                                                                                                0x00A60000
Library  C:\WINDOWS\sm56jpn.dll                                                                                                                                                                0x00A80000
Library  C:\WINDOWS\sm56spn.dll                                                                                                                                                                0x00A90000

Process  C:\WINDOWS\system32\oodag.exe (O&O Defrag Agent/O&O Software GmbH)                                                                                                                    2396
Library  C:\WINDOWS\system32\oodag.exe (O&O Defrag Agent/O&O Software GmbH)                                                                                                                    0x00400000
Library  C:\WINDOWS\system32\OODAGRS.DLL (O&O Defrag Agent Resource DLL (GER)/O&O Software GmbH)                                                                                               0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x01050000

Process  C:\WINDOWS\system32\PnkBstrA.exe                                                                                                                                                      2428
Library  C:\WINDOWS\system32\PnkBstrA.exe                                                                                                                                                      0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk)                                                                                                                           2464
Library  C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk)                                                                                                                           0x01000000
Library  C:\Programme\Sandboxie\SbieDll.dll (Sandboxie User Mode DLL/tzuk)                                                                                                                     0x7D220000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                                       2696
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\WINDOWS\System32\PAStiSvc.exe                                                                                                                                                      2728
Library  C:\WINDOWS\System32\PAStiSvc.exe                                                                                                                                                      0x00400000

Process  C:\WINDOWS\ehome\mcrdsvc.exe (MCRD Device Service/Microsoft Corporation)                                                                                                              2964
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation)                                                                                                 3148
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000

Process  C:\Programme\ATI Technologies\ATI.ACE\cli.exe (CLI Application (Command Line Interface)/ATI Technologies Inc.)                                                                        3420
Library  C:\Programme\ATI Technologies\ATI.ACE\cli.exe (CLI Application (Command Line Interface)/ATI Technologies Inc.)                                                                        0x00400000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c7d99574\mscorlib.dll                                                                               0x79990000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_56f334e8\system.windows.forms.dll                                                       0x7B810000
Library  c:\programme\ati technologies\ati.ace\cli.implementation.dll (CLI Application Implementation (Command Line Interface)/ATI Technologies Inc.)                                          0x11000000
Library  c:\programme\ati technologies\ati.ace\log.foundation.dll (LOG Foundation/ATI Technologies Inc.)                                                                                       0x02E50000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.dll (CLI Foundation/ATI Technologies Inc.)                                                                                       0x03360000
Library  c:\programme\ati technologies\ati.ace\log.foundation.service.dll (LOG Foundation Service/ATI Technologies Inc.)                                                                       0x03380000
Library  c:\programme\ati technologies\ati.ace\log.foundation.shared.dll (LOG Foundation Shared/ATI Technologies Inc.)                                                                         0x03390000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_41cd00da\system.dll                                                                                   0x7B1D0000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.xmanifestation.dll (CLI Foundation for XML/ATI Technologies Inc.)                                                                0x033E0000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_89e56abd\system.xml.dll                                                                           0x7BD60000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x10000000
Library  c:\programme\ati technologies\ati.ace\cli.component.dashboard.dll (Dashboard Component/ATI Technologies Inc.)                                                                         0x03640000
Library  c:\programme\ati technologies\ati.ace\cli.foundation.clients.dll (CLI Foundation for Clients/ATI Technologies Inc.)                                                                   0x03770000
Library  c:\programme\ati technologies\ati.ace\cli.component.dashboard.shared.dll (Dashboard Component Shared Types/ATI Technologies Inc.)                                                     0x03780000
Library  c:\programme\ati technologies\ati.ace\cli.component.runtime.dll (Runtime Component/ATI Technologies Inc.)                                                                             0x039A0000
Library  c:\programme\ati technologies\ati.ace\cli.caste.graphics.shared.dll (Shared Graphics Caste/ATI Technologies Inc.)                                                                     0x039C0000
Library  c:\programme\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll (DEM Graphics DisplaysManager Shared/ATI Technologies Inc.)                                             0x039D0000
Library  c:\programme\ati technologies\ati.ace\aem.foundation.dll (AEM Foundation/ATI Technologies Inc.)                                                                                       0x039E0000
Library  c:\programme\ati technologies\ati.ace\cli.caste.local.dashboard.dll (Dashboard Local Caste/ATI Technologies Inc.)                                                                     0x03A00000
Library  c:\programme\ati technologies\ati.ace\cli.caste.graphics.dashboard.dll (Dashboard Graphics Caste/ATI Technologies Inc.)                                                               0x03A10000
Library  c:\programme\ati technologies\ati.ace\cli.caste.graphics.dashboard.shared.dll (Dashboard Graphics Shared Caste/ATI Technologies Inc.)                                                 0x03A30000
Library  c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec612f2d\system.drawing.dll                                                                   0x7B510000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.welcome.local.dashboard.dll (Dashboard Local Caste Welcome Aspect/ATI Technologies Inc.)                                             0x03A40000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.infocentre.graphics.dashboard.dll (Dashboard Graphics Caste InfoCentre Aspect/ATI Technologies Inc.)                                 0x03A70000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.dashboard.dll (Dashboard Graphics Caste Display Manager Aspect/ATI Technologies Inc.)                       0x03BD0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.dashboard.dll (Dashboard Graphics Caste VeryLargeDesktop Aspect/ATI Technologies Inc.)                     0x03C80000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.dashboard.dll (Dashboard Graphics Caste Display Options Aspect/ATI Technologies Inc.)                       0x03CD0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.dashboard.dll (Dashboard Graphics Caste CRT Aspect/ATI Technologies Inc.)                                         0x03D10000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.dashboard.dll (Dashboard Graphics Caste CRT 2 Aspect/ATI Technologies Inc.)                                      0x03DB0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.dashboard.dll (Dashboard Graphics Caste LCD Aspect/ATI Technologies Inc.)                                         0x03E40000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.dashboard.dll (Dashboard Graphics Caste LCD 2 Aspect/ATI Technologies Inc.)                                      0x03EB0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv.graphics.dashboard.dll (Dashboard Graphics Caste CV Aspect/ATI Technologies Inc.)                                           0x03F20000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.dashboard.dll (Dashboard Graphics Caste CV 2 Aspect/ATI Technologies Inc.)                                        0x03FF0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.dashboard.dll (Dashboard Graphics Caste TV Aspect/ATI Technologies Inc.)                                          0x040C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv.graphics.dashboard.dll (Dashboard Graphics Caste TV Aspect/ATI Technologies Inc.)                                           0x041E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.dashboard.dll (Dashboard Graphics Caste DFP Aspect/ATI Technologies Inc.)                                         0x04310000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.dashboard.dll (Dashboard Graphics Caste DFP 2 Aspect/ATI Technologies Inc.)                                      0x04380000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.dashboard.dll (Dashboard Graphics Caste R300/R400 Radeon3D Aspect/ATI Technologies Inc.)                           0x04400000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.dashboard.dll (Dashboard Graphics Caste R100/R200 Radeon3D Aspect/ATI Technologies Inc.)                     0x044E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.dashboard.dll (Dashboard Graphics Display Colour 2 Aspect/ATI Technologies Inc.)                            0x04550000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.dashboard.dll (Dashboard Graphics Display Colour Aspect/ATI Technologies Inc.)                               0x04620000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.dashboard.dll (Dashboard Graphics Caste MM Video Aspect/ATI Technologies Inc.)                                      0x04700000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.dashboard.dll (Dashboard Graphics Caste VideoOverlay Aspect/ATI Technologies Inc.)                             0x04800000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.dashboard.dll (Dashboard Graphics Caste PowerPlay3 Aspect/ATI Technologies Inc.)                                 0x04AB0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.smartgart.graphics.dashboard.dll (Dashboard Graphics Caste SMARTGART Aspect/ATI Technologies Inc.)                                   0x04B00000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.dashboard.dll (Dashboard Graphics Caste VPU Recover Aspect/ATI Technologies Inc.)                                0x04C60000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.dashboard.dll (Dashboard Graphics Caste WorkstationConfig Aspect/ATI Technologies Inc.)                   0x04DC0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.dashboard.dll (Dashboard Graphics Caste OverDrive3 Aspect/ATI Technologies Inc.)                                 0x04E00000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.dashboard.dll (Dashboard Graphics Caste OverDrive2 Aspect/ATI Technologies Inc.)                                 0x04EE0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.dashboard.dll (Dashboard Graphics Caste Integrated UMA Frame Buffer Aspect/ATI Technologies Inc.)  0x04F90000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.multivpu.graphics.dashboard.dll (Dashboard Graphics Caste MultiVPU Aspect/ATI Technologies Inc.)                                     0x04FE0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll (Shared Graphics Caste InforCentre Aspect/ATI Technologies Inc.)                                      0x05060000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll (Shared Graphics Caste VeryLargeDesktop Aspect/ATI Technologies Inc.)                           0x05080000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll (Shared Graphics Caste Display Option Aspect/ATI Technologies Inc.)                              0x05090000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll (Shared Graphics Caste CRT Aspect/ATI Technologies Inc.)                                               0x050A0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll (Shared Graphics Caste Common Display Device Aspect/ATI Technologies Inc.)                        0x050B0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll (Shared Graphics Caste CRT 2 Aspect/ATI Technologies Inc.)                                            0x050C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll (Shared Graphics Caste Common Display Device Aspect/ATI Technologies Inc.)                       0x050E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll (Shared Graphics Caste LCD Aspect/ATI Technologies Inc.)                                               0x050F0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll (Shared Graphics Caste LCD 2 Aspect/ATI Technologies Inc.)                                            0x05110000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll (Shared Graphics Caste CV Aspect/ATI Technologies Inc.)                                                 0x05120000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll (Shared Graphics Caste CV 2 Aspect/ATI Technologies Inc.)                                              0x05140000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll (Shared Graphics Caste TV Aspect/ATI Technologies Inc.)                                                0x05150000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll (Shared Graphics Caste TV Aspect/ATI Technologies Inc.)                                                 0x05160000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll (Shared Graphics Caste DFP Aspect/ATI Technologies Inc.)                                               0x05180000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll (Shared Custom Formats/ATI Technologies Inc.)                                                      0x05190000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll (Shared Graphics Caste DFP 2 Aspect/ATI Technologies Inc.)                                            0x051C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll (Shared Graphics Caste R300/R400 Radeon3D Aspect/ATI Technologies Inc.)                                 0x051D0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll (Shared Graphics Caste R100/R200 Radeon3D Aspect/ATI Technologies Inc.)                           0x051E0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll (Shared Graphics Caste Display Colour 2 Aspect/ATI Technologies Inc.)                            0x05200000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll (Shared Graphics Caste Display Colour Aspect/ATI Technologies Inc.)                               0x05210000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll (Shared Graphics Caste MM Video Aspect/ATI Technologies Inc.)                                            0x05220000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll (Shared Graphics Caste VideoOverlay Aspect/ATI Technologies Inc.)                                   0x05230000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll (Shared Graphics Caste PowerPlay3 Aspect/ATI Technologies Inc.)                                       0x05250000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll (Shared Graphics Caste SMARTGART Aspect/ATI Technologies Inc.)                                         0x05260000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll (Shared Graphics Caste VPU Recover Aspect/ATI Technologies Inc.)                                      0x05270000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll (Shared Graphics Caste WorkstationConfig Aspect/ATI Technologies Inc.)                         0x05480000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll (Shared Graphics Caste OverDrive3 Aspect/ATI Technologies Inc.)                                       0x05490000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll (Shared Graphics Caste OverDrive2 Aspect/ATI Technologies Inc.)                                       0x054B0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll (Shared Graphics Caste Integrated UMA Frame Buffer Aspect/ATI Technologies Inc.)        0x054C0000
Library  c:\programme\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll (Shared Graphics Caste MultiVPU Aspect/ATI Technologies Inc.)                                           0x054D0000
Library  c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll (Microsoft Common Language Runtime - WorkStation/Microsoft Corporation)                                                0x79760000
Library  C:\PROGRA~1\GEMEIN~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (Extended MAPI 1.0 for Windows NT/Microsoft Corporation)                                                                         0x35F70000

Process  C:\Dokumente und Einstellungen\Yann\Desktop\ihe9vnt9.exe                                                                                                                              3980
Library  C:\Dokumente und Einstellungen\Yann\Desktop\ihe9vnt9.exe                                                                                                                              0x00400000

Process  C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Antivirus MailScanner Service/Avira GmbH)                                                                                             4028
Library  C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Antivirus MailScanner Service/Avira GmbH)                                                                                             0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\avmailcr.dll (avmailcr/Avira GmbH)                                                                                                                 0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                                             0x00670000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                                        0x00A00000
Library  C:\Programme\Avira\AntiVir Desktop\mgrs.dll (AntiVir MailGuard Cache Module/Avira GmbH)                                                                                               0x006D0000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x00A70000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                           0x00DF0000

Process  C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (AntiVir WebGuard Service/Avira GmbH)                                                                                                 4040
Library  C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (AntiVir WebGuard Service/Avira GmbH)                                                                                                 0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                           0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\msgclient.dll (Message Client/Avira GmbH)                                                                                                          0x00790000
Library  C:\Programme\Avira\AntiVir Desktop\avsda.dll (AntiVir layered service provider/Avira GmbH)                                                                                            0x00C80000
Seitenanfang Seitenende
10.03.2010, 20:10
...neu hier

Themenstarter

Beiträge: 9
#10 Musste es teilen, da es zu lang für einen Post war.

Code



---- Services - GMER 1.0.15 ----

Service  C:\Programme\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)                                                                                                      [AUTO] a2free
Service  C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Antivirus MailScanner Service/Avira GmbH)                                                                                             [AUTO] AntiVirMailService
Service  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                                         [AUTO] AntiVirSchedulerService
Service  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                               [AUTO] AntiVirService
Service  C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (AntiVir WebGuard Service/Avira GmbH)                                                                                                 [AUTO] AntiVirWebService
Service  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                                        [AUTO] Ati HotKey Poller
Service  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)                                                                                 [MANUAL] ati2mtag
Service                                                                                                                                                                                        Atierecord
Service  C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe                                                                                                                                  [AUTO] Automatisches LiveUpdate - Scheduler
Service  C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                                        [SYSTEM] avgio
Service  C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                                         [AUTO] avgntflt
Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                                [SYSTEM] avipbb
Service  C:\WINDOWS\system32\bgsvcgen.exe (B's Recorder GOLD Service Library/B.H.A Corporation)                                                                                                [AUTO] bgsvcgen
Service  C:\ComboFix\catchme.sys                                                                                                                                                               [MANUAL] catchme
Service  C:\DOKUME~1\Yann\LOKALE~1\Temp\cpuz130\cpuz_x32.sys                                                                                                                                   [MANUAL] cpuz130
Service  C:\MAGIX\Common\Database\bin\fbserver.exe (Firebird SQL Server/The Firebird Project)                                                                                                  [MANUAL] FirebirdServerMAGIXInstance
Service  C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe                                                                                                                    [DISABLED] gusvc
Service  C:\WINDOWS\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.)                                                                                      [MANUAL] hamachi
Service  C:\WINDOWS\system32\drivers\HdAudio.sys (High Definition Audio Function Driver v1.0a/Windows (R) Server 2003 DDK provider)                                                            [MANUAL] HdAudAddService
Service  C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)                                                                [MANUAL] HDAudBus
Service  C:\WINDOWS\system32\drivers\iaStor.sys (Intel Matrix Storage Manager driver/Intel Corporation)                                                                                        [BOOT] iaStor
Service  C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation)                                                             [MANUAL] IDriverT
Service  C:\DOKUME~1\Yann\LOKALE~1\Temp\iMSPCLOj.sys                                                                                                                                           [MANUAL] iMSPCLOj
Service  C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)                                                               [MANUAL] IntcAzAudAddService
Service  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                                            [AUTO] JavaQuickStarterService
Service  C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)                                                                                                          [SYSTEM] kl1
Service  C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab Boot Guard Driver/Kaspersky Lab)                                                                                                  [BOOT] klbg
Service  C:\WINDOWS\system32\DRIVERS\klfltdev.sys (KLFLTDEV Pnp device filter/Kaspersky Lab)                                                                                                   [MANUAL] KLFLTDEV
Service  C:\WINDOWS\system32\DRIVERS\klim5.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab)                                                                                       [MANUAL] klim5
Service  C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (MSCSPTISRV Module/Sony Corporation)                                                                                 [MANUAL] MSCSPTISRV
Service                                                                                                                                                                                        MSDTC Bridge 3.0.0.0
Service                                                                                                                                                                                        nm
Service  C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation)                                                                               [BOOT] nvatabus
Service  C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation)                                                                                            [BOOT] nvraid
Service  C:\WINDOWS\system32\oodag.exe (O&O Defrag Agent/O&O Software GmbH)                                                                                                                    [AUTO] O&O Defrag
Service                                                                                                                                                                                        OODBS
Service                                                                                                                                                                                        Outlook
Service  C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe                                                                                                                      [MANUAL] PACSPTISVR
Service  C:\WINDOWS\system32\PnkBstrA.exe                                                                                                                                                      [AUTO] PnkBstrA
Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                                 [MANUAL] Ptilink
Service  C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                                [BOOT] PxHelp20
Service  C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver                         /Realtek Semiconductor Corporation                           )                  [MANUAL] RTL8023xp
Service  C:\Programme\Sandboxie\SbieDrv.sys (Sandboxie Kernel Mode Driver/tzuk)                                                                                                                [MANUAL] SbieDrv
Service  C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk)                                                                                                                           [AUTO] SbieSvc
Service  I:\radix_installer1009\sdthlpr.sys                                                                                                                                                    [MANUAL] SDTHelper
Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)                         [AUTO] Secdrv
Service                                                                                                                                                                                        ServiceModelEndpoint 3.0.0.0
Service                                                                                                                                                                                        ServiceModelOperation 3.0.0.0
Service                                                                                                                                                                                        ServiceModelService 3.0.0.0
Service  C:\WINDOWS\System32\drivers\sfdrv01.sys (StarForce Protection Environment Driver/Protection Technology)                                                                               [BOOT] sfdrv01
Service  C:\WINDOWS\System32\drivers\sfhlp02.sys (StarForce Protection Helper Driver/Protection Technology)                                                                                    [BOOT] sfhlp02
Service  C:\WINDOWS\System32\drivers\sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)                                                                          [BOOT] sfsync02
Service  C:\WINDOWS\system32\drivers\SiSRaid2.sys (SiS RAID Miniport Driver/Silicon Integrated Systems Corp)                                                                                   [BOOT] SiSRaid2
Service  C:\WINDOWS\system32\drivers\SLEE13.sys                                                                                                                                                [SYSTEM] SLEE_13_DRIVER
Service  C:\WINDOWS\system32\DRIVERS\smserial.sys (Motorola SM56 Modem WDM Driver/Motorola Inc.)                                                                                               [MANUAL] smserial
Service                                                                                                                                                                                        SMSvcHost 3.0.0.0
Service  C:\WINDOWS\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)                                                                                               [DISABLED] sptd
Service  C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (SPTISRV Module/Sony Corporation)                                                                                       [MANUAL] SPTISRV
Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                             [MANUAL] ssmdrv
Service  C:\WINDOWS\System32\PAStiSvc.exe                                                                                                                                                      [AUTO] STI Simulator
Service  C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation)                                                                                             [MANUAL] streamip
Service  system32\DRIVERS\SymIM.sys                                                                                                                                                            [MANUAL] SymIM
Service  system32\DRIVERS\SymIM.sys                                                                                                                                                            [MANUAL] SymIMMP
Service  C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation)                                                                                               [AUTO] symlcbrd
Service  C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)                                                                                                     [MANUAL] SynTP
Service  C:\WINDOWS\System32\drivers\truecrypt.sys (TrueCrypt Driver/TrueCrypt Foundation)                                                                                                     [SYSTEM] truecrypt
Service  C:\WINDOWS\system32\drivers\viamraid.sys (VIA RAID DRIVER FOR WIN 2000/XP/2003IA32/VIA Technologies inc,.ltd)                                                                         [BOOT] viamraid
Service  C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation)                                                                                                [MANUAL] w29n51
Service                                                                                                                                                                                        Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----


Schritt 4

[Code)
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/10 18:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xB541C000 Size: 16384 File Visible: No Signed: -
Status: -

Name: dump_viamraid.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_viamraid.sys
Address: 0xBA1AE000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xACE21000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7b95f26

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b95f1c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7b95f2b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7b95f35

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7b95f3a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b95f08

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b95f0d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7b95f44

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7b95f3f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7b95f30

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7b95f17

==EOF==
[/Code]


Kannst du mir bitte noch sagen, was es mit dieser Festplatte auf sich hat nach der du gefragt hast ?
E:\starter.exe
Fotos\nach riga\P1010169.JPG
E:\Toshiba\more4you.exe
Kann man erkennen ob mein Laptop sich dort infiziert hat? Soll ich den Besitzer der Festplatte warnen, damit sich die Malware nicht noch weiter verbreitet?

Vielen Dank nochmal! Kann ich ja gar nicht oft genug sagen...


edit: Verdammt.. Habe mir gerade noch einmal deinen ersten Post durchgelesen und gemerkt, dass ich diese beiden Punkte nicht befolgt habe:

Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.

Deinstalliert habe ich heute neben Daemontools noch andere Programme. Leider fällt mir gerade nicht ein welche. Installiert habe ich gestern oder vorgestern Unlocker.

Externe Festplatten besitze ich 3 Stück. Außerdem habe ich einen USB-Stick. Alle 4 waren während der Scans nicht angeschlossen. Soll ich jetzt alle Scans neu machen?
Dieser Beitrag wurde am 10.03.2010 um 20:18 Uhr von CottonEyejoe editiert.
Seitenanfang Seitenende
10.03.2010, 20:24
Moderator

Beiträge: 5694
#11 Das kann ich Dir leider nicht sagen. Starter.exe kann auch einfach auf der Festplatte sein um diese dann als Programm zu starten.
Da more4you.exe ist tatsächlich ein Programm von Toshiba.
Ich denke nicht das Du Dich dort infiziert hast.

Interessieren würde mich aus welcher Quelle Du dies hast:

Zitat

C:\Programme\Sports Interactive\Football Manager 2009\fm91_t1.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)
Schritt 1

Dr. Web CureIt!

Downloade Dr. Web CureIt! und speichere es auf Deinem Desktop.
Dr. Web CureIt! ist für alle Computer mit MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/Vista Betriebssysteme geeignet.

• Schalte Dein Antiviren-Programm ab.
• Starte die launch.exe durch Doppelklick.
Dr. Web CureIt! legt nun automatisch einen eigenen Order in Deinem Userprofil an:
C:\Dokumente und Einstellungen\<DeinBenutzername>\DoctorWeb
• Klicke auf "Starten".
• Breche die Schnellüberprüfung ab.
(durch Klick auf den viereckigen grünen Button (rechts in der Mitte).
• Stelle bei dem Reiter "Scannen" auf "Komplett scannen" um.
• Starte nun den Komplett-Scan durch Klick auf den dreieckigen Button.
• Wenn Funde gemacht werden, bitte desinfizieren lassen,
sollte das nicht möglich sein, die Funde verschieben lassen.
• Wenn der Scan beendet ist und Funde zu verzeichnen waren:
im Menü auf Datei und Berichtliste speichern
und als DrWeb.cvs auf Deinem Desktop speichern.
• Poste den Inhalt von DrWeb.cvs hier in den Thread.


Schritt 2

Nun die Frage hast Du irgendwelche Probleme noch?


Schritt 3

Schauen wir uns nochmals wegen KIS und NIS um ;)

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
Vista User: [COLOR=green]Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen[/COLOR]
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte [COLOR=green]Use SafeList[/COLOR]
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
12.03.2010, 15:59
...neu hier

Themenstarter

Beiträge: 9
#12 Sooo... DrWeb hat gestern fast 8 Stunden gebraucht, deswegen erst heute ^^

Die fm91_t1.exe hab ich mal irgendwo runtergeladen, aber das Spiel ist schon längst wieder deinstalliert.

Schritt 1

Mir ist nicht ganz klar wie ich den Inhalt der Excel-Datei hier rein posten kann, deswegen füge ich sie an. Die Funde sind von meiner ältesten externen Festplatte, die mir eigentlich nur als Archiv dient. Es sind nur Dateien von meinem ersten PC drauf. Ich habe davon noch nichts auf meinem Laptop (bewusst) ausgeführt. Die anderen externen Festplatten und der USB-Stick waren auch angeschlossen.

Schritt 2

Nö, läuft alles rund ;)

Schritt 3

Extras.txt

Code


OTL Extras logfile created on: 12.03.2010 15:26:36 - Run 2
OTL by OldTimer - Version 3.1.35.0     Folder = C:\Dokumente und Einstellungen\Yann\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 572,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 29,94 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMILO
Current User Name: Yann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{489C4FA2-F9C9-4FD4-BC9D-945218FFC6CD}" = ATI Catalyst Control Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48346D4-3903-4949-9939-3FE60E47F48C}" = iAUDIO LDB Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EncSpot Basic_is1" = EncSpot Basic 2.0
"Firebird SQL Server D" = Firebird SQL Server (D)
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS)
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.8
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"OpenAL" = OpenAL
"Sandboxie" = Sandboxie 3.42
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TrueCrypt" = TrueCrypt
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.8.2
"Unlocker" = Unlocker 1.8.8
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 27.12.2009 12:29:40 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.01.2010 15:16:27 | Computer Name = AMILO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung.  .

Error - 02.01.2010 15:16:28 | Computer Name = AMILO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung.  .

Error - 02.01.2010 22:10:46 | Computer Name = AMILO | Source = O&O Defrag | ID = 131083
Description = Waehrend der STEALTH-Defragmentierung von Laufwerk E: (NTFS) ist ein
Fehler aufgetreten: 0xC000000E

Error - 18.01.2010 17:02:04 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung javaw.exe, Version 6.0.170.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 01.02.2010 11:32:41 | Computer Name = AMILO | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 03.02.2010 18:05:38 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.3.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.02.2010 18:09:12 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.3.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.02.2010 18:11:05 | Computer Name = AMILO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.3.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 11.02.2010 14:02:07 | Computer Name = AMILO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x046b5152.

[ System Events ]
Error - 11.03.2010 12:13:35 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2  SLEE_13_DRIVER

Error - 11.03.2010 12:17:59 | Computer Name = AMILO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet:   %%3

Error - 11.03.2010 12:18:00 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2  SLEE_13_DRIVER

Error - 11.03.2010 12:37:58 | Computer Name = AMILO | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 11.03.2010 20:20:09 | Computer Name = AMILO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet:   %%3

Error - 11.03.2010 20:20:12 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2  SLEE_13_DRIVER

Error - 12.03.2010 09:52:00 | Computer Name = AMILO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet:   %%3

Error - 12.03.2010 09:52:02 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2  SLEE_13_DRIVER

Error - 12.03.2010 10:24:23 | Computer Name = AMILO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet:   %%3

Error - 12.03.2010 10:24:24 | Computer Name = AMILO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  nvatabus  nvraid  SiSRaid2  SLEE_13_DRIVER


< End of report >


OTL.txt

Code


OTL logfile created on: 12.03.2010 15:26:36 - Run 2
OTL by OldTimer - Version 3.1.35.0     Folder = C:\Dokumente und Einstellungen\Yann\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 572,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 29,94 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMILO
Current User Name: Yann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe (OldTimer Tools)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (gusvc) --  File not found
SRV - (Automatisches LiveUpdate - Scheduler) --  File not found
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
SRV - (a2free) -- C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.13 19:33:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.09 01:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.10 20:32:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.01.22 23:34:54 | 000,000,000 | ---D | M]

[2010.01.17 20:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Extensions
[2010.01.17 20:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.12 15:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions
[2010.02.11 13:48:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009.06.25 20:49:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.02 20:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Mozilla\Firefox\Profiles\6qd1evf3.default\extensions\firefox@tvunetworks.com
[2010.03.12 15:21:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.23 18:31:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.23 18:31:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.23 18:31:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.23 18:31:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.23 18:31:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.09 16:16:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher 2.lnk = C:\Programme\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161818853750 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab (DeskUpdate - Activex Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Eigene Bilder\3d shapes.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Eigene Bilder\3d shapes.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.26 17:54:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.11 17:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\DoctorWeb
[2010.03.10 18:27:34 | 000,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Yann\Desktop\RootRepeal.exe
[2010.03.10 17:36:42 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.09 16:30:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.09 16:04:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.09 16:03:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.03.09 16:03:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.03.09 16:03:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.03.09 16:03:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.09 16:00:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.09 15:41:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\Downloads
[2010.03.09 15:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.03.09 15:37:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.03.09 15:36:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.03.09 15:36:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.03.09 15:36:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.03.09 15:36:33 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.03.09 00:54:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Malwarebytes
[2010.03.09 00:54:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.09 00:54:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.09 00:54:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.09 00:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.03.09 00:45:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.08 21:57:05 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe
[2010.03.05 15:56:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.21 20:03:08 | 000,000,000 | ---D | C] -- C:\Programme\gs
[2010.02.20 19:57:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.02.18 22:35:17 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL
[2010.02.18 22:35:16 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.02.18 22:35:16 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.02.18 22:30:37 | 000,000,000 | ---D | C] -- C:\Programme\Futuremark
[2010.02.16 20:51:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\TVU Networks
[2010.02.13 21:50:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Desktop\gouranga
[2010.02.12 22:58:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\JoWooD
[2010.02.12 22:57:23 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD
[2010.02.12 20:09:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\Avira
[2010.02.12 19:51:28 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.02.12 19:51:28 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.02.12 19:51:28 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.02.12 19:51:28 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.02.12 19:51:23 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.02.12 19:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.02.11 17:43:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2010.02.10 19:46:01 | 000,677,632 | ---- | C] (ATI Technologies Inc.) -- C:\Dokumente und Einstellungen\Yann\Desktop\atimcatw.exe
[2009.05.05 19:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.05.05 19:57:24 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2006.06.26 17:57:46 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2006.06.26 17:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.12 15:24:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.12 15:24:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.12 15:23:56 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.12 15:23:53 | 000,732,930 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010.03.12 15:22:49 | 012,582,912 | -H-- | M] () -- C:\Dokumente und Einstellungen\Yann\NTUSER.DAT
[2010.03.12 15:22:49 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Yann\ntuser.ini
[2010.03.12 01:16:33 | 000,001,027 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\DrWeb.csv
[2010.03.11 17:02:17 | 033,395,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\vhv5tz89.exe
[2010.03.10 18:30:25 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\settings.dat
[2010.03.10 18:26:54 | 000,465,298 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\RootRepeal.rar
[2010.03.10 18:13:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\snapsaver-Yann.ini
[2010.03.10 18:09:10 | 000,077,312 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
[2010.03.10 17:53:08 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\defogger_reenable
[2010.03.10 17:51:45 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\Defogger.exe
[2010.03.10 17:46:42 | 000,000,842 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.10 10:55:30 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.09 16:16:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.09 16:16:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.09 16:05:06 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010.03.09 15:48:54 | 003,883,629 | R--- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\ComboFix.exe
[2010.03.09 15:41:48 | 000,100,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\SystemLook.exe
[2010.03.09 15:36:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.03.09 15:36:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.03.09 15:36:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.03.09 15:36:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.03.09 15:36:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.03.09 01:15:45 | 000,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\mbr.exe
[2010.03.09 00:33:50 | 000,034,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.08 22:57:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.08 21:57:06 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Yann\Desktop\OTL.exe
[2010.03.08 17:56:23 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Desktop\ihe9vnt9.exe
[2010.03.05 11:03:50 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010.02.28 17:14:47 | 000,303,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\2008_0104Eintracht-Training0113.JPG
[2010.02.28 17:09:18 | 000,067,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\berryyann.jpg
[2010.02.25 16:08:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.18 22:54:06 | 000,029,149 | ---- | M] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\3dmark06.3dr
[2010.02.18 22:35:17 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.02.18 22:35:16 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.02.14 04:28:22 | 001,576,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.02.12 19:57:16 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.02.12 11:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.11 22:40:42 | 000,001,610 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010.02.10 19:46:03 | 000,677,632 | ---- | M] (ATI Technologies Inc.) -- C:\Dokumente und Einstellungen\Yann\Desktop\atimcatw.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.12 01:16:33 | 000,001,027 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\DrWeb.csv
[2010.03.11 16:58:16 | 033,395,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\vhv5tz89.exe
[2010.03.10 18:30:25 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\settings.dat
[2010.03.10 18:26:52 | 000,465,298 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\RootRepeal.rar
[2010.03.10 18:09:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
[2010.03.10 17:52:52 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\defogger_reenable
[2010.03.10 17:51:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\Defogger.exe
[2010.03.09 16:05:06 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010.03.09 16:05:03 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.03.09 16:03:17 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.09 16:03:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.09 16:03:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.09 16:03:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.09 16:03:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.09 15:48:23 | 003,883,629 | R--- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\ComboFix.exe
[2010.03.09 15:41:47 | 000,100,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\SystemLook.exe
[2010.03.09 01:15:44 | 000,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\mbr.exe
[2010.03.08 17:56:23 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Desktop\ihe9vnt9.exe
[2010.02.28 17:13:53 | 000,303,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\2008_0104Eintracht-Training0113.JPG
[2010.02.28 17:09:18 | 000,067,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\berryyann.jpg
[2010.02.18 22:54:05 | 000,029,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Eigene Dateien\3dmark06.3dr
[2009.12.12 23:28:59 | 000,001,610 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009.12.03 22:09:11 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.05.23 21:54:57 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\$_hpcst$.hpc
[2009.01.26 22:46:43 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.01.12 21:48:30 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.01.12 21:48:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.01.12 21:48:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.01.12 21:48:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008.04.03 22:27:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.01.06 01:10:32 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.08.09 10:03:57 | 000,000,052 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2007.05.15 19:02:38 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.03.30 14:59:48 | 000,042,771 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007.03.26 12:06:02 | 000,000,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Anwendungsdaten\wklnhst.dat
[2007.02.20 22:21:36 | 000,000,350 | ---- | C] () -- C:\WINDOWS\snapsaver-Yann.ini
[2007.01.27 15:38:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.04 00:20:19 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2006.10.29 14:39:48 | 000,034,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.26 00:18:43 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Yann\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.25 14:21:44 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.06.26 19:05:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.06.26 18:51:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.26 18:48:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006.06.26 18:48:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006.06.26 18:48:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006.06.26 18:48:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006.06.26 18:48:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006.06.26 18:48:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006.06.26 18:48:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006.06.26 18:48:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006.06.26 18:48:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006.06.26 18:47:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.06.26 18:44:42 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.06.26 18:44:01 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.06.26 17:58:48 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.06.26 17:50:25 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.06.26 09:35:22 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.06.26 09:30:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >


Beim OTL-Scan war keine externe Festplatte/USB-Stick angeschlossen.

Anhang: DrWeb.csv
Seitenanfang Seitenende
12.03.2010, 19:55
Moderator

Beiträge: 5694
#13

Zitat

G:\Eigene Dateien\Downloads\Spiele\NO CD\Diablo II - Crack\lod.exe
Stellungsnahme!!
Seitenanfang Seitenende
13.03.2010, 17:46
...neu hier

Themenstarter

Beiträge: 9
#14 Naja ist ja bekanntlich einfacher als jedes mal die richtige CD/DVD rauszukramen... Mir war damals jedoch nicht bewusst, dass so eine große Malware-Gefahr besteht.
Seitenanfang Seitenende
13.03.2010, 19:21
Moderator

Beiträge: 5694
#15 Lass die Finger davon. Bei 99% aller Cracks oder Keygens ist gleichzeiti noch Malware mit bei!!

Du hast Glück dass ich dies erst jetzt gesehen habe, da ich dies nicht unterstütze.


Schritt 1

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

• Doppelklick auf OTL.exe um das Programm auszuführen.
Vista-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
• Klicke auf den Button "CleanUp!"
• OTM fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Schritt 2

Mach bitte noch folgende Onlinescans: FSecure und Bitdefender
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »