Ständige Trojaner Meldung

#0
07.04.2010, 14:00
Member

Beiträge: 25
#1 Hi allerseits,

habe seit gestern unglaubliche Probleme mit meinem Pc. Ich komme nicht mehr ins netz ständig kommen warnungen von einer antivirus software die ich gar nicht instaliert habe und er stürzt ab und zu ab.
habe versucht hijackthis laufen zu lassen aber das programm wird nciht mal gestartet habe nur ein unvollständiges gmer file da er da auch immer abbricht.
ich hoffe ihr könnt mir trotzdem helfen
Mfg
Seitenanfang Seitenende
07.04.2010, 14:01
Member

Themenstarter

Beiträge: 25
#2 GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 12:28:31
Windows 5.1.2600 Service Pack 3
Running: 5s18h02r.exe; Driver: C:\DOKUME~1\Burghard\LOKALE~1\Temp\uxrdipow.sys


---- System - GMER 1.0.15 ----

Code 85190450 ZwEnumerateKey
Code 8518BD98 ZwFlushInstructionCache
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
Code 8519265E IofCallDriver
Code 8519833E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP ED899424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 85192663
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 85198343
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP ED8997DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC6 5 Bytes JMP 8518BD9C
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB76 5 Bytes JMP 85190454
.text C:\WINDOWS\system32\drivers\ACEDRV09.sys section is writeable [0xEB2C7000, 0x3326E, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0xEB30C000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV09.sys unknown last section [0xEB328000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 033A000A
? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6CF1820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6CF1820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 000301D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00030240
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 000302B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00030320
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00030550
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 000305C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00030630
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 000306A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 000307F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00030860
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 000308D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00030940
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 000309B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00030A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00030A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00030CC0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00030D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00030DA0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00030E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9D0630
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9D06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9D0710
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9D08D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9D0940
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9D0B00
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9D0B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7C9D0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 7C9D0E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7C9D0EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys (*** hidden *** ) ED6C5000-ED6E7000 (139264 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [140] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [140] 0x008C0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [244] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [244] 0x00B20000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiapsrv.exe [256] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiapsrv.exe [256] 0x009B0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [264] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [264] 0x00CE0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [376] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [376] 0x008C0000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [500] 0x00C50000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\AssistantServices.exe [548] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\AssistantServices.exe [548] 0x00D10000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [832] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [832] 0x00D10000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe [908] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe [908] 0x00D40000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe [924] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe [924] 0x00D40000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936] 0x00B30000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\System32\wudfhost.exe [1040] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\System32\wudfhost.exe [1040] 0x00800000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1204] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1204] 0x00830000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1256] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1256] 0x00830000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1268] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1268] 0x008B0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [1428] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [1428] 0x00D80000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [1500] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [1500] 0x00CE0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jqs.exe [1664] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jqs.exe [1664] 0x00A40000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1684] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1684] 0x008C0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1720] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1720] 0x008C0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1776] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1776] 0x008C0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [1852] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [1852] 0x00CE0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [1876] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [1876] 0x00CD0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\HPZipm12.exe [1936] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\HPZipm12.exe [1936] 0x00A10000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2016] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2016] 0x008C0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [2176] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [2176] 0x009B0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [2360] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [2360] 0x00D80000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Skype\Plugin Manager\skypePM.exe [2680] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Skype\Plugin Manager\skypePM.exe [2680] 0x00C90000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [2720] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [2720] 0x00DA0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\AGRSMMSG.exe [2728] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\AGRSMMSG.exe [2728] 0x00D30000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2792] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2792] 0x00CF0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2844] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2844] 0x00DD0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\HP\HP Software Update\HPWuSchd2.exe [3028] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\HP\HP Software Update\HPWuSchd2.exe [3028] 0x00CB0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [3188] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [3188] 0x00D20000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\SweetIM\Messenger\SweetIM.exe [3232] 0x00CD0000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\SweetIM\Messenger\SweetIM.exe [3232] 0x00D70000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\HiYo\bin\HiYo.exe [3248] 0x00DD0000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\HiYo\bin\HiYo.exe [3248] 0x00E80000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jusched.exe [3352] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jusched.exe [3352] 0x00CD0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\UIExec.exe [3436] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\UIExec.exe [3436] 0x00CB0000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Avira\AntiVir Desktop\avgnt.exe [3512] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Avira\AntiVir Desktop\avgnt.exe [3512] 0x00D70000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3576] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3576] 0x00B40000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Skype\Phone\Skype.exe [3624] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Skype\Phone\Skype.exe [3624] 0x02650000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\DOKUME~1\Burghard\LOKALE~1\Temp\mplay32xe.exe [3676] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\DOKUME~1\Burghard\LOKALE~1\Temp\mplay32xe.exe [3676] 0x00D00000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Your Protection\urpprot.exe [3716] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Your Protection\urpprot.exe [3716] 0x01140000
Library \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe [3956] 0x10000000
Library \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe [3956] 0x00D10000

---- Services - GMER 1.0.15 ----

Service system32\drivers\_VOIDklmfyefmqr.sys (*** hidden *** ) [SYSTEM] _VOIDd.sys <-- ROOTKIT !!!
Service C:\WINDOWS\_VOIDxtfjpyfvit\_VOIDd.sys (*** hidden *** ) [SYSTEM] _VOIDxtfjpyfvit <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@imagepath \systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_VOIDc \\?\globalroot\systemroot\system32\_VOIDjxeatvaoex.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_VOIDd \\?\globalroot\systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_VOIDsrcr \\?\globalroot\systemroot\system32\_VOIDllkytkaosp.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_voidserf \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_voidbbr \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit@imagepath \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@imagepath \systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_VOIDc \\?\globalroot\systemroot\system32\_VOIDjxeatvaoex.dll
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_VOIDd \\?\globalroot\systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_VOIDsrcr \\?\globalroot\systemroot\system32\_VOIDllkytkaosp.dat
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_voidserf \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_voidbbr \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit@imagepath \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\_VOIDcd77.tmp 343040 bytes executable
File C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\_VOIDmainqt.dll 10377 bytes
File C:\WINDOWS\system32\_VOIDjxeatvaoex.dll 29696 bytes executable
File C:\WINDOWS\system32\_VOIDllkytkaosp.dat 191 bytes
File C:\WINDOWS\system32\_VOIDqqjyioitjo.dll 49152 bytes executable
File C:\WINDOWS\system32\_VOIDuunijeyxbd.dll 49152 bytes executable

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
07.04.2010, 14:24
Moderator

Beiträge: 5694
#3 Hallo und Willkommen auf Protecus.de

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList >Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt >Poste die Logfiles hier in den Thread.
Seitenanfang Seitenende
07.04.2010, 14:42
Member

Themenstarter

Beiträge: 25
#4 danke für die schnelle antwort! Hier die beiden log files:

OTL Extras logfile created on: 07.04.2010 14:33:55 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Dokumente und Einstellungen\Burghard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,00 Mb Total Physical Memory | 484,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,26 Gb Total Space | 47,53 Gb Free Space | 59,97% Space Free | Partition Type: NTFS
Drive D: | 13,88 Gb Total Space | 1,63 Gb Free Space | 11,76% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK-1
Current User Name: Burghard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"H:\Azureus\Azureus.exe" = H:\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Anti-Virus 7.0 -- (Kaspersky Lab)
"E:\SetupWizard\stInstall.exe" = E:\SetupWizard\stInstall.exe:*:Enabled:SpeedTouch-Assistent für Home-Installation -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira GmbH)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E1E235-AB45-4695-A156-073118949ED4}" = HiYo
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2727FBEF-3155-11D4-8F73-0050DA0F6297}" = Die Sims Das volle Leben
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2FD4826C-1589-4FB5-8B98-D9625190B2C0}" = SpeedTouch 121g Wireless USB Adapter
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B2715ED-7DBF-4BF1-9009-FE4D66421031}" = Nero 7 Premium
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HiYo" = HiYo
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2FD4826C-1589-4FB5-8B98-D9625190B2C0}" = SpeedTouch 121g Wireless USB Adapter
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LHTTSGED" = L&H TTS3000 Deutsch
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoLine_is1" = PhotoLine 15.0.0.0
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"ReadABit_is1" = ReadABit 1.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winbond WLAN" = Winbond WLAN
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zuma_Deluxe!_1.0" = Zuma Deluxe! 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 29.06.2009 05:17:14 | Computer Name = NOTEBOOK-1 | Source = Google Update | ID = 20
Description =

Error - 13.08.2009 11:28:53 | Computer Name = NOTEBOOK-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 8.1.0.137, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 13.08.2009 11:41:22 | Computer Name = NOTEBOOK-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 8.1.0.137, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 19.08.2009 12:16:32 | Computer Name = NOTEBOOK-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 07.04.2010 08:29:10 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 07.04.2010 08:29:10 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Guard.

Error - 07.04.2010 08:29:10 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 07.04.2010 08:29:10 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kaspersky
Anti-Virus.

Error - 07.04.2010 08:29:10 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 07.04.2010 08:29:10 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%10091

Error - 07.04.2010 08:29:11 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
wurde mit folgendem Fehler beendet: %%10047

Error - 07.04.2010 08:29:11 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
wbsecdrv

Error - 07.04.2010 08:29:11 | Computer Name = NOTEBOOK-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
%%2147952491

Error - 07.04.2010 08:30:17 | Computer Name = NOTEBOOK-1 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


< End of report >


OTL logfile created on: 07.04.2010 14:33:55 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Dokumente und Einstellungen\Burghard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,00 Mb Total Physical Memory | 484,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,26 Gb Total Space | 47,53 Gb Free Space | 59,97% Space Free | Partition Type: NTFS
Drive D: | 13,88 Gb Total Space | 1,63 Gb Free Space | 11,76% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK-1
Current User Name: Burghard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Your Protection\urpprot.exe ()
PRC - C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\mplay32xe.exe ()
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Programme\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ACEDRV09) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (PAEAFLT.sys) -- C:\WINDOWS\system32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (BT4501G) -- C:\WINDOWS\system32\drivers\BT4501G.sys (THOMSON Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (W33ND) -- C:\WINDOWS\system32\drivers\W33ND.SYS (Winbond Electronics Corp.)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 66 28 E8 1C 3A CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "MyStart Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.5.8.6
FF - prefs.js..keyword.URL: "http://mystart.hiyo.com/?loc=ff_address&search="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.05 19:57:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.02 00:15:15 | 000,000,000 | ---D | M]

[2009.09.21 12:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Extensions
[2010.04.07 03:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions
[2009.09.21 14:12:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 19:28:50 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.04.07 03:52:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.01 22:18:58 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.09.29 03:46:40 | 000,002,160 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\searchplugins\MySpace.xml
[2010.03.12 17:07:39 | 000,002,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\searchplugins\MyStart Search.xml
[2009.11.01 22:18:52 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\searchplugins\sweetim.xml
[2010.04.06 14:28:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.02 00:15:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.02 00:15:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.02 00:15:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.02 00:15:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.02 00:15:09 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Hiyo] C:\Programme\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\Programme\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [Windows Security Center] C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe ()
O4 - HKCU..\Run: [mplay32xe.exe] C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\mplay32xe.exe ()
O4 - HKCU..\Run: [Windows Security Center] C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe ()
O4 - HKCU..\Run: [Your Protection] C:\Programme\Your Protection\urpprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Vorlesen - C:\Programme\ReadABit\readselection.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Seite vorlesen - {DD69FD11-3C84-4309-B4E4-D599D4C012CC} - C:\Programme\ReadABit\Reader.exe (Sven Ilius)
O9 - Extra 'Tools' menuitem : &Seite vorlesen - {DD69FD11-3C84-4309-B4E4-D599D4C012CC} - C:\Programme\ReadABit\Reader.exe (Sven Ilius)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 () - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.07.04 15:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\AuToplay\coMmand - "" = snrww.exe
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\AutoRun\command - "" = snrww.exe
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\expLorE\ComManD - "" = snrww.exe
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\Open\ComMaND - "" = snrww.exe
O33 - MountPoints2\{2d7c3c7a-a5ce-11de-a540-0040d089c59d}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\autoPlAy\cOmmanD - "" = hhwpc.exe
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\AutoRun\command - "" = hhwpc.exe
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\exPlORe\ComMANd - "" = hhwpc.exe
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\oPen\coMManD - "" = hhwpc.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.04.07 14:33:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe
[2010.04.07 12:43:37 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Burghard\Desktop\mbam-setup.exe
[2010.04.07 11:51:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Burghard\Recent
[2010.04.07 11:49:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.07 11:47:22 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Burghard\Desktop\ccsetup230.exe
[2010.04.07 11:28:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe
[2010.04.07 04:49:45 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.04.07 04:37:51 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Dokumente und Einstellungen\Burghard\Desktop\LSPFix.exe
[2010.04.07 04:34:18 | 000,000,000 | ---D | C] -- C:\Programme\CleanUp!
[2010.04.07 03:33:50 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.07 03:33:48 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.04.07 03:33:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\TuneUp Software
[2010.04.07 03:33:30 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.04.07 03:33:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.04.07 03:33:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.07 03:24:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Avira
[2010.04.07 03:16:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.07 03:16:09 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.04.07 03:16:09 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.04.07 03:16:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.04.07 03:16:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.04.07 03:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.07 03:16:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.04.07 03:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Your Protection
[2010.04.05 19:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\Conduit
[2010.04.05 19:28:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\Messenger_Plus_Live_Germany
[2010.04.05 19:28:59 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.05 19:28:55 | 000,000,000 | ---D | C] -- C:\Programme\Messenger_Plus_Live_Germany
[2010.03.31 15:54:36 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010.03.31 15:54:36 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010.03.31 15:54:36 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010.03.31 15:54:36 | 000,013,824 | ---- | C] (ZTE) -- C:\WINDOWS\System32\drivers\ZTEusbccid.sys
[2010.03.31 15:54:36 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2010.03.31 15:54:23 | 000,021,504 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys
[2010.03.31 15:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB
[2010.03.31 15:54:13 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner Manager
[2010.03.25 00:27:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Theme Hospital
[2010.03.24 18:13:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Abe´s Odissee (Oddworld)
[2010.03.24 18:02:53 | 000,000,000 | ---D | C] -- C:\Programme\VID_0E8F&PID_0012
[2010.03.19 18:32:49 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010.03.19 18:26:09 | 000,721,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB40032.DLL
[2010.03.19 18:26:03 | 000,000,000 | ---D | C] -- C:\Programme\Elbenwald
[2010.03.19 18:25:55 | 000,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2010.03.19 18:14:18 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.03.19 18:14:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.03.19 18:14:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.03.16 18:23:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Desktop\musik von sandra
[2010.03.14 16:19:04 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.12 17:09:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HiYo
[2010.03.12 17:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HiYo
[2010.03.12 17:09:27 | 000,000,000 | ---D | C] -- C:\Programme\HiYo
[2010.03.11 15:03:35 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009.02.28 13:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.02.22 11:38:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2008.06.27 16:12:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.12.02 14:25:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2007.10.17 18:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ahead
[2006.07.04 15:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2006.07.04 15:05:09 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2006.07.04 15:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2005.05.11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.04.07 14:33:32 | 000,015,196 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fiosejgfse.dll
[2010.04.07 14:29:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.07 14:27:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.07 14:27:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.07 14:27:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe
[2010.04.07 14:25:52 | 006,553,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.dat
[2010.04.07 14:25:52 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.ini
[2010.04.07 13:54:48 | 000,001,591 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\pornotube.com.lnk
[2010.04.07 13:54:48 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\nudetube.com.lnk
[2010.04.07 13:54:48 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\youporn.com.lnk
[2010.04.07 12:50:20 | 003,908,851 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\ComboFix.exe
[2010.04.07 12:37:14 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Burghard\Desktop\mbam-setup.exe
[2010.04.07 11:49:42 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\CCleaner.lnk
[2010.04.07 11:44:32 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Burghard\Desktop\ccsetup230.exe
[2010.04.07 11:27:00 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe
[2010.04.07 11:26:46 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\39ct13yn.exe
[2010.04.07 11:23:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe
[2010.04.07 09:57:07 | 000,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.04.07 09:36:53 | 000,000,669 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\CleanUp!.lnk
[2010.04.07 05:52:24 | 004,288,622 | -H-- | M] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.07 04:57:51 | 000,000,627 | ---- | M] () -- C:\NetworkCfg.xml
[2010.04.07 04:33:09 | 000,001,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\listen.bat
[2010.04.07 04:32:46 | 000,001,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\listen.bat
[2010.04.07 04:31:25 | 000,001,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Editor.lnk
[2010.04.07 03:33:45 | 000,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.07 03:33:45 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk
[2010.04.07 03:16:31 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.07 00:27:42 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Vergiss was gewesen.doc
[2010.04.06 15:24:48 | 004,747,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Reason - Ich Bin Er (feat.A.R. Benjamins).mp3
[2010.04.06 11:35:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.04.06 10:33:55 | 000,095,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 21:25:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.04.01 11:14:26 | 000,545,676 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.01 11:14:26 | 000,502,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.01 11:14:26 | 000,131,820 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.01 11:14:26 | 000,111,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.01 11:14:26 | 000,004,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.31 15:54:30 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner Manager.lnk
[2010.03.20 23:45:46 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Ich kann nicht wirklich sagen.doc
[2010.03.20 21:07:14 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\jede träne die ich weinte.doc
[2010.03.20 14:36:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.19 18:40:11 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.03.19 18:25:55 | 000,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2010.03.18 20:36:40 | 000,084,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Hauptschulprüfung - Deutsch.doc
[2010.03.15 18:31:28 | 000,000,435 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Musik.lnk
[2010.03.14 23:02:20 | 000,306,673 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Deutsch.pdf
[2010.03.14 23:00:01 | 001,170,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Biologie.pdf
[2010.03.14 22:59:07 | 001,313,428 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Physik.pdf
[2010.03.14 22:54:36 | 000,902,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Geschichte.pdf
[2010.03.14 22:33:18 | 000,059,440 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Entstehung von BRD und DDR.pdf
[2010.03.13 20:10:58 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Hitlers Weg an die Macht.doc
[2010.03.10 19:25:08 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Beschreibe alles was du über die NSDAP weißt.doc
[2010.03.10 19:14:37 | 000,027,648 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\1949 Vergleich zweier Deutscher Staaten BRD.doc
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.04.07 13:46:53 | 003,908,851 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\ComboFix.exe
[2010.04.07 11:49:42 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\CCleaner.lnk
[2010.04.07 11:28:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\39ct13yn.exe
[2010.04.07 11:28:45 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe
[2010.04.07 11:14:40 | 000,001,591 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\pornotube.com.lnk
[2010.04.07 11:14:40 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\nudetube.com.lnk
[2010.04.07 11:14:40 | 000,001,583 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\youporn.com.lnk
[2010.04.07 09:57:07 | 000,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.04.07 09:36:53 | 000,000,669 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\CleanUp!.lnk
[2010.04.07 04:46:50 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\avenger.exe
[2010.04.07 04:33:09 | 000,001,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\listen.bat
[2010.04.07 04:32:46 | 000,001,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\listen.bat
[2010.04.07 03:33:45 | 000,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.07 03:33:45 | 000,001,705 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk
[2010.04.07 03:16:31 | 000,001,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.07 03:13:11 | 000,015,196 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fiosejgfse.dll
[2010.04.07 00:27:42 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Vergiss was gewesen.doc
[2010.04.06 15:24:25 | 004,747,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Reason - Ich Bin Er (feat.A.R. Benjamins).mp3
[2010.03.31 16:07:04 | 000,000,627 | ---- | C] () -- C:\NetworkCfg.xml
[2010.03.31 15:54:30 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner Manager.lnk
[2010.03.20 16:23:58 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\jede träne die ich weinte.doc
[2010.03.20 14:36:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.03.20 14:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.03.19 18:25:57 | 000,009,271 | ---- | C] () -- C:\WINDOWS\Port_DE.gpl
[2010.03.15 18:31:28 | 000,000,435 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Musik.lnk
[2010.03.15 00:28:33 | 000,084,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Hauptschulprüfung - Deutsch.doc
[2010.03.14 23:02:20 | 000,306,673 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Deutsch.pdf
[2010.03.14 23:00:01 | 001,170,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Biologie.pdf
[2010.03.14 22:59:07 | 001,313,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Physik.pdf
[2010.03.14 22:54:36 | 000,902,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Geschichte.pdf
[2010.03.14 22:33:15 | 000,059,440 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Entstehung von BRD und DDR.pdf
[2010.03.13 21:57:55 | 000,005,632 | -HS- | C] () -- C:\Dokumente und Einstellungen\Burghard\Thumbs.db
[2010.03.10 19:14:37 | 000,027,648 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\1949 Vergleich zweier Deutscher Staaten BRD.doc
[2009.11.05 09:59:06 | 006,553,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.dat
[2009.10.30 14:05:28 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2009.10.10 20:31:03 | 000,111,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe
[2009.09.20 12:50:15 | 000,000,115 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\default.pls
[2009.02.06 17:55:10 | 000,000,364 | ---- | C] () -- C:\WINDOWS\GSHH09.INI
[2009.02.06 17:52:06 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2008.01.04 23:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.04 23:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.01.04 23:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.01.04 23:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.05 12:44:24 | 000,315,948 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2007.12.05 12:44:24 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007.12.05 12:44:12 | 000,002,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HPSU_48BitScanUpdate.log
[2007.12.05 12:44:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007.11.04 18:16:29 | 000,065,165 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log
[2007.11.04 18:16:29 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007.10.26 11:00:36 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2007.08.05 11:46:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007.08.05 11:46:53 | 000,000,359 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007.08.05 11:46:53 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007.08.05 11:46:02 | 000,003,162 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\PatchUpdate_InstantShareJPG.log
[2007.08.05 11:46:02 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007.08.05 11:45:32 | 000,003,993 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\PatchUpdate_IZClosingDiscError.log
[2007.08.05 11:45:32 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007.05.13 14:57:38 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.01.24 18:16:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2007.01.22 17:43:37 | 000,095,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.23 17:38:05 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat
[2006.11.23 17:38:05 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat.LOG
[2006.08.14 19:29:09 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.14 19:26:31 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2006.07.08 19:35:02 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.07.06 14:27:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.07.05 08:18:52 | 000,002,053 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1152028508_PROTOCOL.log
[2006.07.05 08:18:52 | 000,000,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1152028508_UI.log
[2006.07.05 08:18:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006.07.05 08:18:52 | 000,000,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1152028508_API.log
[2006.07.04 18:37:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.07.04 17:43:57 | 000,010,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2006.07.04 15:54:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.07.04 15:10:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.07.04 15:07:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.07.04 15:07:41 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006.07.04 15:07:40 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.07.04 15:06:06 | 000,020,480 | -H-- | C] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.dat.LOG
[2006.07.04 15:06:06 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.ini
[2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >
Seitenanfang Seitenende
07.04.2010, 15:09
Moderator

Beiträge: 5694
#5 Was sicher ist, dass Du ein Rootkit hast. Wie dieser kam und ob es sinnvoll ist zu Reinigen sage ich Dir dann wenn ich die Logs durchgeachert habe. Bin aber zur Zeit noch bei der Arbeit und melde mich gegen Abend.
Seitenanfang Seitenende
07.04.2010, 19:16
Moderator

Beiträge: 5694
#6 Schritt 1

Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:

• Trenne den Rechner physikalisch vom Netz.
• Deaktiviere den Hintergrundwächter deines AVP.
• Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
• Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
• Wenn der Scan zuende ist, kannst du das Programm schließen.
• Starte Deinen Rechner neu.

Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.

Schritt 2

Programme deinstallieren

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.

Code

Messenger Plus! Live
Messenger_Plus_Live_Germany Toolbar
Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.
SweetIM

Schritt 3

Lade den Avenger herunter und entzippe ihn auf den Desktop. Nicht gezippt direkt als EXE ist der Avenger hier erhältlich.

Starte die avenger.exe durch Doppelklick und akzeptiere mit OK die Nutzungsbedingungen. Füge den Inhalt der folgenden Codebox vollständig und unverändert bei "Input script here" ein und klicke auf "Execute". Beantworte die Frage, ob Du sicher bist, dass das Skript ausgeführt werden soll mit "Ja".

Code


Drivers to disable
_VOIDklmfyefmqr.sys
_VOIDd.sys

Drivers to delete:
_VOIDklmfyefmqr.sys
_VOIDd.sys

Files to delete:
C:\WINDOWS\system32\drivers\_VOIDklmfyefmqr.sys
C:\WINDOWS\_VOIDxtfjpyfvit\_VOIDd.sys


Beantworte die Frage zum Neustart des Rechners (Reboot now?) ebenfalls mit "Ja". Nachdem der Rechner neu gestartet ist (das kann auch zweimal nötig sein und passieren!) und das DOS-Fenster, das der Avenger geöffnet hat, wieder geschlossen ist, öffnet Avenger Deinen Editor mit dem Avengerlog, zu finden auch unter C:\avenger.txt. Den Inhalt bitte posten. Ein Backup der entfernten Objekte wurde als C:\avenger\backup.zip angelegt.

Schritt 4

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
PRC - C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe ()
PRC - C:\Programme\Your Protection\urpprot.exe ()
PRC - C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\mplay32xe.exe ()
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: [Your Protection] C:\Programme\Your Protection\urpprot.exe ()
O4 - HKLM..\Run: [Windows Security Center] C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe ()
O4 - HKCU..\Run: [Windows Security Center] C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe ()
O4 - HKCU..\Run: [mplay32xe.exe] C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\mplay32xe.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\AuToplay\coMmand - "" = snrww.exe
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\AutoRun\command - "" = snrww.exe
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\expLorE\ComManD - "" = snrww.exe
O33 - MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\Shell\Open\ComMaND - "" = snrww.exe
O33 - MountPoints2\{2d7c3c7a-a5ce-11de-a540-0040d089c59d}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\autoPlAy\cOmmanD - "" = hhwpc.exe
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\AutoRun\command - "" = hhwpc.exe
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\exPlORe\ComMANd - "" = hhwpc.exe
O33 - MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\Shell\oPen\coMManD - "" = hhwpc.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010.04.07 03:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Your Protection
[2010.04.05 19:28:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\Messenger_Plus_Live_Germany
[2010.04.05 19:28:59 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.05 19:28:55 | 000,000,000 | ---D | C] -- C:\Programme\Messenger_Plus_Live_Germany
[2010.04.07 13:54:48 | 000,001,591 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\pornotube.com.lnk
[2010.04.07 13:54:48 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\nudetube.com.lnk
[2010.04.07 13:54:48 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\youporn.com.lnk
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread


Schritt 5

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

Schritt 6

Zweiter Lauf mit Gmer

• Starte Gmer erneut.
• Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
• Dann klickst Du auf "Scan" und erlaubst damit Gmer erneut zu scannen.
• Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
• Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
• Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
• Speichere das Dokument und poste mir den Inhalt hier in den Thread.

Schritt 7

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
07.04.2010, 23:42
Member

Themenstarter

Beiträge: 25
#7 Hey,
vielen Dank der Rechner läuft jetzt wieder!!! Es kommen auch keine nervigen Werbeeinblendungen mehr!!! Ins netzt kann ich aber iwie noch nicht, aber vil. liegt das an dem stick.

hier noch die logs:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "_VOIDd.sys" found!
ImagePath: \systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Start Type: 1 (System)

Hidden driver "_VOIDxtfjpyfvit" found!
ImagePath: \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 09:29:41 2010

09:29:41: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 09:29:55 2010

09:29:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 09:32:56 2010

09:32:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 14:03:26 2010

14:03:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 22:25:05 2010

22:25:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 22:25:25 2010

22:25:25: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 22:25:35 2010

22:25:35: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 22:26:00 2010

22:26:00: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Apr 07 22:26:10 2010

22:26:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "_VOIDd.sys" found!
ImagePath: \systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Start Type: 1 (System)

Hidden driver "_VOIDxtfjpyfvit" found!
ImagePath: \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys
Start Type: 1 (System)

Rootkit scan completed.


Error: could not open driver "_VOIDklmfyefmqr.sys"
Disablement of driver "_VOIDklmfyefmqr.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Disablement of driver "_VOIDd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\_VOIDklmfyefmqr.sys" not found!
Deletion of driver "_VOIDklmfyefmqr.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "_VOIDd.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\_VOIDklmfyefmqr.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\_VOIDklmfyefmqr.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\_VOIDxtfjpyfvit\_VOIDd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Code

All processes killed
========== OTL ==========
Process svchost.exe killed successfully!
No active process named urpprot.exe was found!
No active process named mplay32xe.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.
File C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Your Protection not found.
C:\Programme\Your Protection\urpprot.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Security Center deleted successfully.
C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Security Center deleted successfully.
File C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mplay32xe.exe deleted successfully.
C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\mplay32xe.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
File snrww.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
File snrww.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
File snrww.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084a6a84-c57b-11de-a57d-0040d089c59d}\ not found.
File snrww.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d7c3c7a-a5ce-11de-a540-0040d089c59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d7c3c7a-a5ce-11de-a540-0040d089c59d}\ not found.
File F:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
File hhwpc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
File hhwpc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
File hhwpc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b77cc41-a60c-11de-a543-0040d089c59d}\ not found.
File hhwpc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Programme\Your Protection folder moved successfully.
Folder C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\Messenger_Plus_Live_Germany\ not found.
C:\Programme\Conduit\Community Alerts folder moved successfully.
C:\Programme\Conduit folder moved successfully.
Folder C:\Programme\Messenger_Plus_Live_Germany\ not found.
C:\Dokumente und Einstellungen\All Users\Desktop\pornotube.com.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\nudetube.com.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Desktop\youporn.com.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Burghard
->Temp folder emptied: 14877102 bytes
->Temporary Internet Files folder emptied: 5374315 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64847726 bytes
->Google Chrome cache emptied: 8641249 bytes
->Flash cache emptied: 6050 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 11292300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 11761543 bytes
%systemroot%\System32\dllcache .tmp files removed: 8501248 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123990 bytes
RecycleBin emptied: 135582 bytes

Total Files Cleaned = 122,00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04072010_223846

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Code

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 12:28:31
Windows 5.1.2600 Service Pack 3
Running: 5s18h02r.exe; Driver: C:\DOKUME~1\Burghard\LOKALE~1\Temp\uxrdipow.sys


---- System - GMER 1.0.15 ----

Code            85190450                                                                                                                                               ZwEnumerateKey
Code            8518BD98                                                                                                                                               ZwFlushInstructionCache
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                  FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                  IoIsOperationSynchronous
Code            8519265E                                                                                                                                               IofCallDriver
Code            8519833E                                                                                                                                               IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                                                               804E9FA0 5 Bytes  JMP ED899424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!IofCallDriver                                                                                                                             804EE130 5 Bytes  JMP 85192663
.text           ntkrnlpa.exe!IofCompleteRequest                                                                                                                        804EE1C0 5 Bytes  JMP 85198343
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                                                                  804EE87E 5 Bytes  JMP ED8997DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
PAGE            ntkrnlpa.exe!ZwFlushInstructionCache                                                                                                                   805ABEC6 5 Bytes  JMP 8518BD9C
PAGE            ntkrnlpa.exe!ZwEnumerateKey                                                                                                                            8061AB76 5 Bytes  JMP 85190454
.text           C:\WINDOWS\system32\drivers\ACEDRV09.sys                                                                                                               section is writeable [0xEB2C7000, 0x3326E, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV09.sys                                                                                                               entry point in ".pklstb" section [0xEB30C000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV09.sys                                                                                                               unknown last section [0xEB328000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[500] kernel32.dll!CreateProcessW                                                                                               7C802336 5 Bytes  JMP 033A000A
?               C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] C:\WINDOWS\system32\ntdll.dll                                                       time/date stamp mismatch;
?               C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] C:\WINDOWS\system32\kernel32.dll                                                    time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                [F6CF1820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                [F6CF1820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                      000301D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                          00030240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                          000302B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]                    00030320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                        00030550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                         000305C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                            00030630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                        000306A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                      000307F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                       00030860
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                          000308D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                      00030940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]                    000309B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                           00030A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                       00030A90
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                        00030CC0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                            00030D30
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                         00030DA0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                             00030E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                         7C9D0630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                         7C9D06A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                        7C9D0710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                       7C9D08D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                        7C9D0940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                        7C9D0B00
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                           7C9D0B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                        7C9D0BE0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                         7C9D0E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                             7C9D0EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3188] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                         7C9D01D0

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module          \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys (*** hidden *** )                                                                                               ED6C5000-ED6E7000 (139264 bytes)                                                                                      
---- Processes - GMER 1.0.15 ----

Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [140]                                       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [140]                                       0x008C0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [244]       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [244]       0x00B20000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiapsrv.exe [256]                                 0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiapsrv.exe [256]                                 0x009B0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [264]                                      0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [264]                                      0x00CE0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [376]                                       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [376]                                       0x008C0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [500]                                               0x00C50000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\AssistantServices.exe [548]             0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\AssistantServices.exe [548]             0x00D10000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [832]                           0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [832]                           0x00D10000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe [908]          0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe [908]          0x00D40000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe [924]           0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe [924]           0x00D40000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936]                                       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [936]                                       0x00B30000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\System32\wudfhost.exe [1040]                                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\System32\wudfhost.exe [1040]                                     0x00800000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1204]                                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1204]                                     0x00830000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1256]                                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1256]                                     0x00830000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1268]                                        0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1268]                                        0x008B0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [1428]       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [1428]       0x00D80000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [1500]                                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [1500]                                     0x00CE0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jqs.exe [1664]                                   0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jqs.exe [1664]                                   0x00A40000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1684]                                      0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1684]                                      0x008C0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1720]                                      0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1720]                                      0x008C0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1776]                                      0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1776]                                      0x008C0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [1852]    0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [1852]    0x00CE0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [1876]                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [1876]                     0x00CD0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\HPZipm12.exe [1936]                                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\HPZipm12.exe [1936]                                     0x00A10000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2016]                                      0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2016]                                      0x008C0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [2176]                                0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [2176]                                0x009B0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [2360]       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe [2360]       0x00D80000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Skype\Plugin Manager\skypePM.exe [2680]                        0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Skype\Plugin Manager\skypePM.exe [2680]                        0x00C90000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [2720]                                              0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [2720]                                              0x00DA0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\AGRSMMSG.exe [2728]                                              0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\AGRSMMSG.exe [2728]                                              0x00D30000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2792]         0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2792]         0x00CF0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2844]                            0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2844]                            0x00DD0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\HP\HP Software Update\HPWuSchd2.exe [3028]                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\HP\HP Software Update\HPWuSchd2.exe [3028]                     0x00CB0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [3188]         0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [3188]         0x00D20000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\SweetIM\Messenger\SweetIM.exe [3232]                           0x00CD0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\SweetIM\Messenger\SweetIM.exe [3232]                           0x00D70000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\HiYo\bin\HiYo.exe [3248]                                       0x00DD0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\HiYo\bin\HiYo.exe [3248]                                       0x00E80000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jusched.exe [3352]                               0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Java\jre6\bin\jusched.exe [3352]                               0x00CD0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\UIExec.exe [3436]                       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Mobile Partner Manager\UIExec.exe [3436]                       0x00CB0000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Avira\AntiVir Desktop\avgnt.exe [3512]                         0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Avira\AntiVir Desktop\avgnt.exe [3512]                         0x00D70000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3576]                                       0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3576]                                       0x00B40000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Skype\Phone\Skype.exe [3624]                                   0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Skype\Phone\Skype.exe [3624]                                   0x02650000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\DOKUME~1\Burghard\LOKALE~1\Temp\mplay32xe.exe [3676]                     0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\DOKUME~1\Burghard\LOKALE~1\Temp\mplay32xe.exe [3676]                     0x00D00000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Programme\Your Protection\urpprot.exe [3716]                             0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Programme\Your Protection\urpprot.exe [3716]                             0x01140000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe [3956]  0x10000000                                                                                                            
Library         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll (*** hidden *** ) @ C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\svchost.exe [3956]  0x00D10000                                                                                                            

---- Services - GMER 1.0.15 ----

Service         system32\drivers\_VOIDklmfyefmqr.sys (*** hidden *** )                                                                                                 [SYSTEM] _VOIDd.sys                                                                                                    <-- ROOTKIT !!!
Service         C:\WINDOWS\_VOIDxtfjpyfvit\_VOIDd.sys (*** hidden *** )                                                                                                [SYSTEM] _VOIDxtfjpyfvit                                                                                               <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys                                                                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@start                                                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@type                                                                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@group                                                                                                file system
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys@imagepath                                                                                            \systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules                                                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_VOIDc                                                                                       \\?\globalroot\systemroot\system32\_VOIDjxeatvaoex.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_VOIDd                                                                                       \\?\globalroot\systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_VOIDsrcr                                                                                    \\?\globalroot\systemroot\system32\_VOIDllkytkaosp.dat
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_voidserf                                                                                    \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDd.sys\modules@_voidbbr                                                                                     \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit                                                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit@start                                                                                           1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit@type                                                                                            1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\_VOIDxtfjpyfvit@imagepath                                                                                       \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys (not active ControlSet)                                                                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@start                                                                                                    1
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@type                                                                                                     1
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@group                                                                                                    file system
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys@imagepath                                                                                                \systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules (not active ControlSet)                                                                          
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_VOIDc                                                                                           \\?\globalroot\systemroot\system32\_VOIDjxeatvaoex.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_VOIDd                                                                                           \\?\globalroot\systemroot\system32\drivers\_VOIDklmfyefmqr.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_VOIDsrcr                                                                                        \\?\globalroot\systemroot\system32\_VOIDllkytkaosp.dat
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_voidserf                                                                                        \\?\globalroot\systemroot\system32\_VOIDuunijeyxbd.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDd.sys\modules@_voidbbr                                                                                         \\?\globalroot\systemroot\system32\_VOIDqqjyioitjo.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit (not active ControlSet)                                                                            
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit@start                                                                                               1
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit@type                                                                                                1
Reg             HKLM\SYSTEM\ControlSet003\Services\_VOIDxtfjpyfvit@imagepath                                                                                           \systemroot\_VOIDxtfjpyfvit\_VOIDd.sys

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\_VOIDcd77.tmp                                                                        343040 bytes executable
File            C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Temp\_VOIDmainqt.dll                                                                      10377 bytes
File            C:\WINDOWS\system32\_VOIDjxeatvaoex.dll                                                                                                                29696 bytes executable
File            C:\WINDOWS\system32\_VOIDllkytkaosp.dat                                                                                                                191 bytes
File            C:\WINDOWS\system32\_VOIDqqjyioitjo.dll                                                                                                                49152 bytes executable
File            C:\WINDOWS\system32\_VOIDuunijeyxbd.dll                                                                                                                49152 bytes executable

---- EOF - GMER 1.0.15 ----


Code

OTL logfile created on: 07.04.2010 23:08:40 - Run 2
OTL by OldTimer - Version 3.2.1.0     Folder = C:\Dokumente und Einstellungen\Burghard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,00 Mb Total Physical Memory | 442,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,26 Gb Total Space | 47,61 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 13,88 Gb Total Space | 1,63 Gb Free Space | 11,77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK-1
Current User Name: Burghard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Programme\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Programme\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\Mobile Partner Manager\AssistantServices.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ACEDRV09) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (PAEAFLT.sys) -- C:\WINDOWS\system32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (BT4501G) -- C:\WINDOWS\system32\drivers\BT4501G.sys (THOMSON Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (W33ND) -- C:\WINDOWS\system32\drivers\W33ND.SYS (Winbond Electronics Corp.)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 66 28 E8 1C 3A CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "MyStart Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.5.8.6
FF - prefs.js..keyword.URL: "http://mystart.hiyo.com/?loc=ff_address&search="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.05 19:57:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.02 00:15:15 | 000,000,000 | ---D | M]

[2009.09.21 12:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Extensions
[2010.04.07 03:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions
[2009.09.21 14:12:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 19:28:50 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.04.07 03:52:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.01 22:18:58 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.09.29 03:46:40 | 000,002,160 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\searchplugins\MySpace.xml
[2010.03.12 17:07:39 | 000,002,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\searchplugins\MyStart Search.xml
[2009.11.01 22:18:52 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Mozilla\Firefox\Profiles\v29chf1c.default\searchplugins\sweetim.xml
[2010.04.06 14:28:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.02 00:15:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.02 00:15:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.02 00:15:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.02 00:15:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.02 00:15:09 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Hiyo] C:\Programme\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\Programme\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Vorlesen - C:\Programme\ReadABit\readselection.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Seite vorlesen - {DD69FD11-3C84-4309-B4E4-D599D4C012CC} - C:\Programme\ReadABit\Reader.exe (Sven Ilius)
O9 - Extra 'Tools' menuitem : &Seite vorlesen - {DD69FD11-3C84-4309-B4E4-D599D4C012CC} - C:\Programme\ReadABit\Reader.exe (Sven Ilius)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 () - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.07.04 15:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.07 22:33:33 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.07 22:33:36 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.04.07 22:44:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Malwarebytes
[2010.04.07 22:43:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.07 22:43:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.07 22:43:37 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.07 22:43:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.07 22:38:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.07 22:33:33 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.04.07 22:32:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.04.07 22:19:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Desktop\avenger
[2010.04.07 14:33:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe
[2010.04.07 12:43:37 | 005,918,776 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Burghard\Desktop\mbam-setup.exe
[2010.04.07 11:51:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Burghard\Recent
[2010.04.07 11:49:37 | 000,000,000 | ---D | C] -- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
[2010.04.07 11:47:22 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Burghard\Desktop\ccsetup230.exe
[2010.04.07 11:28:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe
[2010.04.07 04:37:51 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Dokumente und Einstellungen\Burghard\Desktop\LSPFix.exe
[2010.04.07 04:34:18 | 000,000,000 | ---D | C] -- C:\Programme\CleanUp!
[2010.04.07 03:33:50 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.07 03:33:48 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.04.07 03:33:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\TuneUp Software
[2010.04.07 03:33:30 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.04.07 03:33:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.04.07 03:33:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.07 03:24:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Avira
[2010.04.07 03:16:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.07 03:16:09 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.04.07 03:16:09 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.04.07 03:16:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.04.07 03:16:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.04.07 03:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.07 03:16:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.04.05 19:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\Conduit
[2010.03.31 15:54:36 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010.03.31 15:54:36 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010.03.31 15:54:36 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010.03.31 15:54:36 | 000,013,824 | ---- | C] (ZTE) -- C:\WINDOWS\System32\drivers\ZTEusbccid.sys
[2010.03.31 15:54:36 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2010.03.31 15:54:23 | 000,021,504 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys
[2010.03.31 15:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB
[2010.03.31 15:54:13 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner Manager
[2010.03.25 00:27:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Theme Hospital
[2010.03.24 18:13:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Abe´s Odissee (Oddworld)
[2010.03.24 18:02:53 | 000,000,000 | ---D | C] -- C:\Programme\VID_0E8F&PID_0012
[2010.03.19 18:32:49 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010.03.19 18:26:09 | 000,721,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB40032.DLL
[2010.03.19 18:26:03 | 000,000,000 | ---D | C] -- C:\Programme\Elbenwald
[2010.03.19 18:25:55 | 000,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2010.03.19 18:14:18 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.03.19 18:14:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.03.19 18:14:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.03.16 18:23:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Desktop\musik von sandra
[2010.03.14 16:19:04 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.12 17:09:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HiYo
[2010.03.12 17:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HiYo
[2010.03.12 17:09:27 | 000,000,000 | ---D | C] -- C:\Programme\HiYo
[2010.03.11 15:03:35 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009.02.28 13:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.02.22 11:38:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2008.06.27 16:12:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.12.02 14:25:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2007.10.17 18:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ahead
[2006.07.04 15:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2006.07.04 15:05:09 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2006.07.04 15:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2005.05.11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.04.07 22:59:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.07 22:58:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.07 22:58:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.07 22:57:36 | 006,553,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.dat
[2010.04.07 22:57:36 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.ini
[2010.04.07 22:43:42 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.07 22:08:32 | 000,132,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Flash_Disinfector.exe
[2010.04.07 20:58:32 | 005,918,776 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Burghard\Desktop\mbam-setup.exe
[2010.04.07 20:50:38 | 000,724,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\avenger.zip
[2010.04.07 14:27:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Burghard\Desktop\OTL.exe
[2010.04.07 12:50:20 | 003,908,851 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\ComboFix.exe
[2010.04.07 11:49:42 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\[url="http://www.ccleaner.de"]CCleaner[/url].lnk
[2010.04.07 11:44:32 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Burghard\Desktop\ccsetup230.exe
[2010.04.07 11:27:00 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe
[2010.04.07 11:26:46 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\39ct13yn.exe
[2010.04.07 11:23:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Burghard\Desktop\HJTInstall.exe
[2010.04.07 09:57:07 | 000,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.04.07 09:36:53 | 000,000,669 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\CleanUp!.lnk
[2010.04.07 05:52:24 | 004,288,622 | -H-- | M] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.07 04:57:51 | 000,000,627 | ---- | M] () -- C:\NetworkCfg.xml
[2010.04.07 04:33:09 | 000,001,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\listen.bat
[2010.04.07 04:32:46 | 000,001,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\listen.bat
[2010.04.07 04:31:25 | 000,001,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Editor.lnk
[2010.04.07 03:33:45 | 000,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.07 03:33:45 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk
[2010.04.07 03:16:31 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.07 00:27:42 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Vergiss was gewesen.doc
[2010.04.06 15:24:48 | 004,747,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Reason - Ich Bin Er (feat.A.R. Benjamins).mp3
[2010.04.06 11:35:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.04.06 10:33:55 | 000,095,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 21:25:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.04.01 11:14:26 | 000,545,676 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.01 11:14:26 | 000,502,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.01 11:14:26 | 000,131,820 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.01 11:14:26 | 000,111,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.01 11:14:26 | 000,004,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.31 15:54:30 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner Manager.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.20 23:45:46 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Ich kann nicht wirklich sagen.doc
[2010.03.20 21:07:14 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\jede träne die ich weinte.doc
[2010.03.20 14:36:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.19 18:40:11 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.03.19 18:25:55 | 000,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2010.03.18 20:36:40 | 000,084,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Hauptschulprüfung - Deutsch.doc
[2010.03.15 18:31:28 | 000,000,435 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Musik.lnk
[2010.03.14 23:02:20 | 000,306,673 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Deutsch.pdf
[2010.03.14 23:00:01 | 001,170,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Biologie.pdf
[2010.03.14 22:59:07 | 001,313,428 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Physik.pdf
[2010.03.14 22:54:36 | 000,902,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Geschichte.pdf
[2010.03.14 22:33:18 | 000,059,440 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Entstehung von BRD und DDR.pdf
[2010.03.13 20:10:58 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Hitlers Weg an die Macht.doc
[2010.03.10 19:25:08 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Beschreibe alles was du über die NSDAP weißt.doc
[2010.03.10 19:14:37 | 000,027,648 | ---- | M] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\1949 Vergleich zweier Deutscher Staaten BRD.doc

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.04.07 22:43:42 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.07 22:05:51 | 000,132,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Flash_Disinfector.exe
[2010.04.07 21:53:32 | 000,724,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\avenger.zip
[2010.04.07 13:46:53 | 003,908,851 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\ComboFix.exe
[2010.04.07 11:49:42 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\[url="http://www.ccleaner.de"]CCleaner[/url].lnk
[2010.04.07 11:28:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\39ct13yn.exe
[2010.04.07 11:28:45 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\5s18h02r.exe
[2010.04.07 09:57:07 | 000,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.04.07 09:36:53 | 000,000,669 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\CleanUp!.lnk
[2010.04.07 04:46:50 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\avenger.exe
[2010.04.07 04:33:09 | 000,001,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\listen.bat
[2010.04.07 04:32:46 | 000,001,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\listen.bat
[2010.04.07 03:33:45 | 000,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.07 03:33:45 | 000,001,705 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk
[2010.04.07 03:16:31 | 000,001,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.07 00:27:42 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Vergiss was gewesen.doc
[2010.04.06 15:24:25 | 004,747,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Eigene Dateien\Reason - Ich Bin Er (feat.A.R. Benjamins).mp3
[2010.03.31 16:07:04 | 000,000,627 | ---- | C] () -- C:\NetworkCfg.xml
[2010.03.31 15:54:30 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner Manager.lnk
[2010.03.20 16:23:58 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\jede träne die ich weinte.doc
[2010.03.20 14:36:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.03.20 14:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.03.19 18:25:57 | 000,009,271 | ---- | C] () -- C:\WINDOWS\Port_DE.gpl
[2010.03.15 18:31:28 | 000,000,435 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Musik.lnk
[2010.03.15 00:28:33 | 000,084,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Hauptschulprüfung - Deutsch.doc
[2010.03.14 23:02:20 | 000,306,673 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Deutsch.pdf
[2010.03.14 23:00:01 | 001,170,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Biologie.pdf
[2010.03.14 22:59:07 | 001,313,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Physik.pdf
[2010.03.14 22:54:36 | 000,902,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Geschichte.pdf
[2010.03.14 22:33:15 | 000,059,440 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\Entstehung von BRD und DDR.pdf
[2010.03.13 21:57:55 | 000,005,632 | -HS- | C] () -- C:\Dokumente und Einstellungen\Burghard\Thumbs.db
[2010.03.10 19:14:37 | 000,027,648 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Desktop\1949 Vergleich zweier Deutscher Staaten BRD.doc
[2009.11.05 09:59:06 | 006,553,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.dat
[2009.10.30 14:05:28 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2009.09.20 12:50:15 | 000,000,115 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\default.pls
[2009.02.06 17:55:10 | 000,000,364 | ---- | C] () -- C:\WINDOWS\GSHH09.INI
[2009.02.06 17:52:06 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2008.01.04 23:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.04 23:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.01.04 23:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.01.04 23:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.05 12:44:24 | 000,315,948 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2007.12.05 12:44:24 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007.12.05 12:44:12 | 000,002,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HPSU_48BitScanUpdate.log
[2007.12.05 12:44:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007.11.04 18:16:29 | 000,065,165 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log
[2007.11.04 18:16:29 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007.10.26 11:00:36 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2007.08.05 11:46:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007.08.05 11:46:53 | 000,000,359 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007.08.05 11:46:53 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007.08.05 11:46:02 | 000,003,162 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\PatchUpdate_InstantShareJPG.log
[2007.08.05 11:46:02 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007.08.05 11:45:32 | 000,003,993 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\PatchUpdate_IZClosingDiscError.log
[2007.08.05 11:45:32 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007.05.13 14:57:38 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.01.24 18:16:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2007.01.22 17:43:37 | 000,095,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.23 17:38:05 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat
[2006.11.23 17:38:05 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat.LOG
[2006.08.14 19:29:09 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.14 19:26:31 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2006.07.08 19:35:02 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.07.06 14:27:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.07.05 08:18:52 | 000,002,053 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1152028508_PROTOCOL.log
[2006.07.05 08:18:52 | 000,000,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1152028508_UI.log
[2006.07.05 08:18:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006.07.05 08:18:52 | 000,000,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Burghard\Anwendungsdaten\Hewlett-PackardHP PSC 1400 series1152028508_API.log
[2006.07.04 18:37:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.07.04 17:43:57 | 000,010,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2006.07.04 15:54:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.07.04 15:10:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.07.04 15:07:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.07.04 15:07:41 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006.07.04 15:07:40 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.07.04 15:06:06 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.dat.LOG
[2006.07.04 15:06:06 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\Burghard\ntuser.ini
[2004.08.04 14:00:00 | 000,159,140 | RHS- | C] () -- C:\WINDOWS\System32\uwcmk.dll
[2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >


Danke für die schnelle Hilfe! Der Rechner läuft!
Seitenanfang Seitenende
08.04.2010, 08:02
Moderator

Beiträge: 5694
#8 Aber denoch sind da noch Rootkitteile vorhanden. Werde mich am Nachmittag wieder melden ;)
Seitenanfang Seitenende
08.04.2010, 18:45
Member

Themenstarter

Beiträge: 25
#9 ok, danke dir!
Lg
Seitenanfang Seitenende
08.04.2010, 19:24
Moderator

Beiträge: 5694
#10 Hmm habe gerade gesehen, dass du das gleiche GMER Log nochmals gepostet hast. Bitte lösche GMER vom Desktop und lade es neu herunter von dieser Seite
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
14.04.2010, 20:11
Member

Themenstarter

Beiträge: 25
#11 Hey sorry dass ich mcih so lange nciht gemeldet habe. Musste ne seminararbeit schreiben und hatte von daher keine zeit.
hier das logfile

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-14 18:28:48
Windows 5.1.2600 Service Pack 3
Running: y579m7zx.exe; Driver: C:\DOKUME~1\Burghard\LOKALE~1\Temp\uxrdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 19:08:30
Windows 5.1.2600 Service Pack 3
Running: y579m7zx.exe; Driver: C:\DOKUME~1\Burghard\LOKALE~1\Temp\uxrdipow.sys


---- System - GMER 1.0.15 ----

SSDT F7A9D3AC ZwCreateThread
SSDT F7A9D398 ZwOpenProcess
SSDT F7A9D39D ZwOpenThread

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\ACEDRV09.sys section is writeable [0xEBB46000, 0x3326E, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0xEBB8B000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV09.sys unknown last section [0xEBBA7000, 0x8E, 0x42000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
14.04.2010, 20:18
Moderator

Beiträge: 5694
#12 Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:filefind
*VOID*
VOID

:regfind
*VOID*
VOID

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.



Schritt 2

Eset Online Scanner (NOD32)
• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Voraussetzung: Internet Explorer (IE) 5.0 oder höher
• Haken bei "YES, I accept the Terms of Use" machen
• Start
• ActiveX-Steuerelement installieren
• Start
• Signaturen werden heruntergeladen
• Haken machen bei "Remove found threads"
• Haken machen bei "Remove found threads" und "Scan unwanted applications"
• Scan
• Scanende
• Browser schließen
• Explorer öffnen
• C:\Programme\EsetOnlineScanner\log.txt
• Log hier posten
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner entfernen.


Schritt 3

Wie läuft die Kiste?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: