Virus / Trojaner-Infektion, Probleme mit IE + Systemwiederherstellung

#0
16.07.2010, 22:06
Member

Beiträge: 12
#1 Hallo liebes Hilfeteam,

ich doktere nun schon 2 Tage an meinem infizierten System herum. Alles begann nach
Besuch einer vermeintlich seriösen Webseite. AntiVirur gab mir plötzlich die Meldung aus, dass
ein Webseiten-Objekt (*.php-Datei) in Wirklichkeit eine ausführbare Datei war, und sich nun auf meinem System befindet. Ich habe dann mit AntiVirus die betreffende Datei sofort entfernt (leider habe ich den Namen des Virus/Trojaners nicht aufgeschrieben). Doch in diesem Moment ging Plötzlich
die Windows-Hilfefunmktion unter dem Stickwort "anything", das ich natürlich nicht eingegeben hatte, auf und ein fiktivier Virenscanner names Antivirus 2010 startete. Ausserdem konnte ich eine EXE-Dateien mehr öffnen bzw. fast eine Programme mehr starten. Ich fuhr darauf hin sofort mein System herunter und führte im agesicherten Modus mit AntiVir, A-Squared und Security Task Manager einige Suchen durch, und fand prompt einige Viren-Dateien, die ich dann auch entfernte, darunter:
- IM-Flooder.Win32.QuietStorm in c:\windows\system32\DartWeb.oca
- TR/Vundo.Gen in C:\Dokumente und Einstellungen\...\Lokale Einstellungen\...\346468.exe
sowie in F:\Temporary Internet Files\Content.IE5\DXL9WUYP\Server1[1].exe
- ivrssres.dll (?)

Mein Sytem weisst (auch nach Durchführung der unten aufgelisteten Schritte) folgende Fehler auf:
- Windows Update funktionert nicht
- Systemwiederherstellung funktioniert nicht
- Internet Exlorer und Firefox öffnen keine Microsoft Support bzw. Update Seiten. Beim Versuch
solche Seiten zu öffnen, öffnen sich plötzlich andere verdächdtige Seiten.
- Bei laufendem IE gehen manchmal plötzlich ominöse Google-Seiten u.ä. auf

Irgendwie scheint es ein technisches Problem mit dem Posting zum geben. Darum werde ich mein Posting auf zwei Teile aufteilen.
__________
"The rug really tied the room together."
Seitenanfang Seitenende
16.07.2010, 22:09
Member

Themenstarter

Beiträge: 12
#2 Im Folgenden poste ich nun gemäß Eurer Anleitung weitere Logfiles von den Programmen, die Ihr vorschlagt.

1. Scan mit Malwarebytes (und anschliessende Bereinigung)
[Code]
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4320

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

16.07.2010 18:44:25
mbam-log-2010-07-16 (18-44-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164001
Laufzeit: 5 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\notepad.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aspimgr (Trojan.Asprox) -> No action taken.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\WINDOWS\ws386.ini (Malware.Trace) -> No action taken.
[\Code]
__________
"The rug really tied the room together."
Seitenanfang Seitenende
16.07.2010, 22:11
Member

Themenstarter

Beiträge: 12
#3 Irgendwie geht es leider nur häppchenweise ........

2. Gmer Report
Gmer lief trotz aller Versuche (Umbenennung usw.) nicht.
Dafür liefen die Tools MBR und CatchME. Hier Logs:

[Code]
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
[\Code]

[Code]
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 19:33:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[\Code]
__________
"The rug really tied the room together."
Seitenanfang Seitenende
16.07.2010, 22:14
Member

Themenstarter

Beiträge: 12
#4 3. Scan mit OTL
OTL
[Code]
OTL logfile created on: 16.07.2010 20:50:43 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS
Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,45% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Paulchen
Current User Name: Fritzle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Minimal

[color=#E56717]========== Processes (All) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
PRC - C:\Programme\NDAS\System\ndassvc.exe (XIMETA, Inc.)
PRC - D:\Diskeeper Professional Premier\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [NETSVCS] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [emoteRegistry] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [emoteRegistry] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\services.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe ()
PRC - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.)
PRC - C:\WINDOWS\system32\PDFCreatorMessages.exe (Global Graphics Software Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\SCARDS32.EXE (Towitoko AG)
PRC - C:\WINDOWS\system32\sstray.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


[color=#E56717]========== Modules (All) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\wininet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shlwapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\user32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\normaliz.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winspool.drv (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wldap32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\version.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\userenv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\srclient.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\samlib.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\secur32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\olepro32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\psapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntmarta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msctf.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\imagehlp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\imm32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\comres.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\advapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\setupapi.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (All) ==========[/color]

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (a2free) -- D:\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Microsoft Corporation)
SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (stisvc) Windows-Bilderfassung (WIA) -- C:\WINDOWS\system32\wiaservc.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (WmdmPmSN) -- C:\WINDOWS\system32\mspmsnsv.dll (Microsoft Corporation)
SRV - (WudfSvc) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)
SRV - (lanmanworkstation) -- C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation)
SRV - (RasMan) -- C:\WINDOWS\system32\rasmans.dll (Microsoft Corporation)
SRV - (ndassvc) -- C:\Programme\NDAS\System\ndassvc.exe (XIMETA, Inc.)
SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (WebClient) -- C:\WINDOWS\system32\webclnt.dll (Microsoft Corporation)
SRV - (Diskeeper) -- D:\Diskeeper Professional Premier\DkService.exe (Diskeeper Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SandraTheSrv) -- D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (SiSoftware)
SRV - (SandraDataSrv) -- D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (SiSoftware)
SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Microsoft Corporation)
SRV - (RpcSs) Remoteprozeduraufruf (RPC) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
SRV - (DcomLaunch) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
SRV - (EventSystem) -- C:\WINDOWS\system32\es.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Microsoft Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (MSIServer) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (lanmanserver) -- C:\WINDOWS\system32\srvsvc.dll (Microsoft Corporation)
SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation)
SRV - (UPS) -- C:\WINDOWS\system32\ups.exe (Microsoft Corporation)
SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation)
SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation)
SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation)
SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation)
SRV - (mnmsrvc) -- C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation)
SRV - (RpcLocator) -- C:\WINDOWS\system32\locator.exe (Microsoft Corporation)
SRV - (SamSs) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (PolicyAgent) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (NtLmSsp) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (Netlogon) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Microsoft Corporation)
SRV - (Fax) -- C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (SwPrv) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (COMSysApp) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
SRV - (CiSvc) -- C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation)
SRV - (ALG) -- C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov) -- C:\WINDOWS\system32\xmlprov.dll (Microsoft Corporation)
SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)
SRV - (wscsvc) -- C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation)
SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Microsoft Corporation)
SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)
SRV - (HTTPFilter) -- C:\WINDOWS\system32\w3ssl.dll (Microsoft Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
SRV - (TrkWks) Überwachung verteilter Verknüpfungen (Client) -- C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\WINDOWS\system32\ssdpsrv.dll (Microsoft Corporation)
SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
SRV - (SENS) -- C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Microsoft Corporation)
SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)
SRV - (RasAuto) -- C:\WINDOWS\system32\rasauto.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
SRV - (Nla) NLA (Network Location Awareness) -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (LmHosts) -- C:\WINDOWS\system32\lmhsvc.dll (Microsoft Corporation)
SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)
SRV - (ERSvc) -- C:\WINDOWS\system32\ersvc.dll (Microsoft Corporation)
SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Microsoft Corporation)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Microsoft Corp.)
SRV - (CryptSvc) -- C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation)
SRV - (Browser) -- C:\WINDOWS\system32\browser.dll (Microsoft Corporation)
SRV - (AudioSrv) -- C:\WINDOWS\system32\audiosrv.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe ()
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (PDFCreatorMessages) -- C:\WINDOWS\system32\PDFCreatorMessages.exe (Global Graphics Software Ltd)
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TWKSCARDSRV) -- C:\WINDOWS\SCARDS32.EXE (Towitoko AG)
SRV - (RSVP) -- C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - (WDICA) -- File not found
DRV - (ViaIde) -- File not found
DRV - (ultra) -- File not found
DRV - (TosIde) -- File not found
DRV - (symc8xx) -- File not found
DRV - (symc810) -- File not found
DRV - (sym_u3) -- File not found
DRV - (sym_hi) -- File not found
DRV - (sr) -- C:\WINDOWS\SystemRoot\System32\DRIVERS\sr.sys File not found
DRV - (Simbad) -- File not found
DRV - (ql1280) -- File not found
DRV - (ql1240) -- File not found
DRV - (ql12160) -- File not found
DRV - (Ql10wnt) -- File not found
DRV - (ql1080) -- File not found
DRV - (perc2hib) -- File not found
DRV - (perc2) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (oreans32) -- C:\WINDOWS\System32\drivers\oreans32.sys File not found
DRV - (NETFRITZ) -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS File not found
DRV - (mraid35x) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (IntelIde) -- File not found
DRV - (ini910u) -- File not found
DRV - (i2omp) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hpn) -- File not found
DRV - (dpti2o) -- File not found
DRV - (dac960nt) -- File not found
DRV - (Cpqarray) -- File not found
DRV - (CmdIde) -- File not found
DRV - (Changer) -- File not found
DRV - (cd20xrnt) -- File not found
DRV - (Atdisk) -- File not found
DRV - (asc3550) -- File not found
DRV - (asc3350p) -- File not found
DRV - (asc) -- File not found
DRV - (amsint) -- File not found
DRV - (AliIde) -- File not found
DRV - (aic78u2) -- File not found
DRV - (Aha154x) -- File not found
DRV - (adpu160m) -- File not found
DRV - (abp480n5) -- File not found
DRV - (Abiosdsk) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- D:\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (Tcpip) -- C:\WINDOWS\system32\drivers\TCPIP.SYS (Microsoft Corporation)
DRV - (Ntfs) -- C:\WINDOWS\System32\drivers\ntfs.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\WudfRd.sys (Microsoft Corporation)
DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\WudfPf.sys (Microsoft Corporation)
DRV - (FltMgr) -- C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Corporation)
DRV - (Srv) -- C:\WINDOWS\system32\drivers\srv.sys (Microsoft Corporation)
DRV - (lfsfilt) -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys (XIMETA, Inc.)
DRV - (ndasscsi) -- C:\WINDOWS\system32\drivers\ndasscsi.sys (XIMETA, Inc.)
DRV - (ndasbus) -- C:\WINDOWS\system32\drivers\ndasbus.sys (XIMETA, Inc.)
DRV - (lpx) -- C:\WINDOWS\system32\DRIVERS\lpx.sys (XIMETA, Inc.)
DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys (Microsoft Corporation)
DRV - (splitter) -- C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Corporation)
DRV - (kmixer) -- C:\WINDOWS\system32\drivers\kmixer.sys (Microsoft Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (Rdbss) -- C:\WINDOWS\system32\drivers\rdbss.sys (Microsoft Corporation)
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (HTTP) -- C:\WINDOWS\system32\drivers\http.sys (Microsoft Corporation)
DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys (Microsoft Corporation)
DRV - (timounter) -- C:\WINDOWS\System32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\System32\DRIVERS\snapman.sys (Acronis)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (ohci1394) -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys (Microsoft Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (RDPWD) -- C:\WINDOWS\System32\drivers\rdpwd.sys (Microsoft Corporation)
DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Generic)
DRV - (bfhubase) Eumex C 200 data (WinXP/2000) -- C:\WINDOWS\system32\drivers\bfhubase.sys (AVM Berlin)
DRV - (CAPI_CIP) -- C:\WINDOWS\system32\drivers\capi_cip.sys (AVM Berlin)
DRV - (AVMBTSERIAL) -- C:\WINDOWS\system32\drivers\avmbtser.sys (AVM GmbH)
DRV - (AVMBTPARALLEL) -- C:\WINDOWS\system32\drivers\avmbtpar.sys (AVM GmbH)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (AVMBTSND) -- C:\WINDOWS\system32\drivers\avmbtsnd.sys (AVM GmbH)
DRV - (NETBFPAN) -- C:\WINDOWS\system32\drivers\netbfpan.sys (AVM Berlin)
DRV - (IpNat) -- C:\WINDOWS\system32\drivers\ipnat.sys (Microsoft Corporation)
DRV - (TDTCP) -- C:\WINDOWS\System32\drivers\tdtcp.sys (Microsoft Corporation)
DRV - (TDPIPE) -- C:\WINDOWS\System32\drivers\tdpipe.sys (Microsoft Corporation)
DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys (Microsoft Corporation)
DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (kbdhid) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Microsoft Corporation)
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Microsoft Corporation)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Microsoft Corporation)
DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Microsoft Corporation)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Microsoft Corporation)
DRV - (Processor) -- C:\WINDOWS\system32\drivers\processr.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\WINDOWS\system32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Microsoft Corporation)
DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Microsoft Corporation)
DRV - (Pcmcia) -- C:\WINDOWS\System32\DRIVERS\pcmcia.sys (Microsoft Corporation)
DRV - (PCI) -- C:\WINDOWS\System32\DRIVERS\pci.sys (Microsoft Corporation)
DRV - (ACPI) -- C:\WINDOWS\System32\DRIVERS\ACPI.sys (Microsoft Corporation)
DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Microsoft Corporation)
DRV - (usbprint) -- C:\WINDOWS\system32\drivers\usbprint.sys (Microsoft Corporation)
DRV - (sysaudio) -- C:\WINDOWS\system32\drivers\sysaudio.sys (Microsoft Corporation)
DRV - (Mup) -- C:\WINDOWS\System32\drivers\mup.sys (Microsoft Corporation)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys (Microsoft Corporation)
DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys (Microsoft Corporation)
DRV - (NDIS) -- C:\WINDOWS\System32\drivers\ndis.sys (Microsoft Corporation)
DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys (Microsoft Corporation)
DRV - (PptpMiniport) WAN-Miniport (PPTP) -- C:\WINDOWS\system32\drivers\raspptp.sys (Microsoft Corporation)
DRV - (Rasl2tp) WAN-Miniport (L2TP) -- C:\WINDOWS\system32\drivers\rasl2tp.sys (Microsoft Corporation)
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys (Microsoft Corporation)
DRV - (Cdfs) -- C:\WINDOWS\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (NABTSFEC) -- C:\WINDOWS\system32\drivers\nabtsfec.sys (Microsoft Corporation)
DRV - (WSTCODEC) -- C:\WINDOWS\system32\drivers\wstcodec.sys (Microsoft Corporation)
DRV - (CCDECODE) -- C:\WINDOWS\system32\drivers\ccdecode.sys (Microsoft Corporation)
DRV - (SLIP) -- C:\WINDOWS\system32\drivers\slip.sys (Microsoft Corporation)
DRV - (streamip) -- C:\WINDOWS\system32\drivers\streamip.sys (Microsoft Corporation)
DRV - (NdisIP) -- C:\WINDOWS\system32\drivers\ndisip.sys (Microsoft Corporation)
DRV - (usbccgp) -- C:\WINDOWS\system32\drivers\usbccgp.sys (Microsoft Corporation)
DRV - (usbstor) -- C:\WINDOWS\system32\drivers\usbstor.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys (Microsoft Corporation)
DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys (Microsoft Corporation)
DRV - (usbohci) -- C:\WINDOWS\system32\drivers\usbohci.sys (Microsoft Corporation)
DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys (Microsoft Corporation)
DRV - (DMusic) -- C:\WINDOWS\system32\drivers\dmusic.sys (Microsoft Corporation)
DRV - (VgaSave) -- C:\WINDOWS\System32\drivers\vga.sys (Microsoft Corporation)
DRV - (RasPppoe) -- C:\WINDOWS\system32\drivers\raspppoe.sys (Microsoft Corporation)
DRV - (AsyncMac) -- C:\WINDOWS\system32\drivers\asyncmac.sys (Microsoft Corporation)
DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys (Microsoft Corporation)
DRV - (IpInIp) -- C:\WINDOWS\system32\drivers\ipinip.sys (Microsoft Corporation)
DRV - (PSched) -- C:\WINDOWS\system32\drivers\psched.sys (Microsoft Corporation)
DRV - (Gpc) -- C:\WINDOWS\system32\drivers\msgpc.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\WINDOWS\system32\drivers\netbios.sys (Microsoft Corporation)
DRV - (Ndisuio) -- C:\WINDOWS\system32\drivers\ndisuio.sys (Microsoft Corporation)
DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys (Microsoft Corporation)
DRV - (IRENUM) -- C:\WINDOWS\system32\drivers\irenum.sys (Microsoft Corporation)
DRV - (Npfs) -- C:\WINDOWS\System32\drivers\npfs.sys (Microsoft Corporation)
DRV - (Msfs) -- C:\WINDOWS\System32\drivers\msfs.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (Imapi) -- C:\WINDOWS\system32\drivers\imapi.sys (Microsoft Corporation)
DRV - (Ip6Fw) -- C:\WINDOWS\system32\drivers\ip6fw.sys (Microsoft Corporation)
DRV - (sbp2port) -- C:\WINDOWS\System32\DRIVERS\sbp2port.sys (Microsoft Corporation)
DRV - (Disk) -- C:\WINDOWS\System32\DRIVERS\disk.sys (Microsoft Corporation)
DRV - (Sfloppy) -- C:\WINDOWS\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (Cdrom) -- C:\WINDOWS\system32\drivers\cdrom.sys (Microsoft Corporation)
DRV - (KSecDD) -- C:\WINDOWS\System32\drivers\ksecdd.sys (Microsoft Corporation)
DRV - (atapi) -- C:\WINDOWS\System32\DRIVERS\atapi.sys (Microsoft Corporation)
DRV - (Fdc) -- C:\WINDOWS\system32\drivers\fdc.sys (Microsoft Corporation)
DRV - (Flpydisk) -- C:\WINDOWS\system32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (serenum) -- C:\WINDOWS\system32\drivers\serenum.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys (Microsoft Corporation)
DRV - (MSKSSRV) -- C:\WINDOWS\system32\drivers\mskssrv.sys (Microsoft Corporation)
DRV - (swenum) -- C:\WINDOWS\system32\drivers\swenum.sys (Microsoft Corporation)
DRV - (MSPQM) -- C:\WINDOWS\system32\drivers\mspqm.sys (Microsoft Corporation)
DRV - (MSTEE) -- C:\WINDOWS\system32\drivers\mstee.sys (Microsoft Corporation)
DRV - (MSPCLOCK) -- C:\WINDOWS\system32\drivers\mspclock.sys (Microsoft Corporation)
DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys (Microsoft Corporation)
DRV - (Atmarpc) -- C:\WINDOWS\system32\drivers\atmarpc.sys (Microsoft Corporation)
DRV - (MountMgr) -- C:\WINDOWS\System32\drivers\mountmgr.sys (Microsoft Corporation)
DRV - (NIC1394) -- C:\WINDOWS\system32\drivers\nic1394.sys (Microsoft Corporation)
DRV - (Arp1394) -- C:\WINDOWS\system32\drivers\arp1394.sys (Microsoft Corporation)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (vobiw) -- C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH)
DRV - (cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (Pinnacle Systems GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bfubase) BlueFRITZ! USB (WinXP/2000) -- C:\WINDOWS\system32\drivers\bfubase.sys (AVM Berlin)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)
DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)
DRV - (sojubus) -- C:\WINDOWS\System32\DRIVERS\sojubus.sys ( )
DRV - (sojuscsi) -- C:\WINDOWS\System32\DRIVERS\sojuscsi.sys ( )
DRV - (VOBID) -- C:\WINDOWS\System32\DRIVERS\vobid.sys (Pinnacle Systems)
DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (uscbs108) -- C:\WINDOWS\system32\drivers\uscbs108.sys ( )
DRV - (uscsc108) -- C:\WINDOWS\system32\drivers\uscsc108.sys ( )
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (fxusbase) BlueFRITZ! AP-X (WinXP/2000) -- C:\WINDOWS\system32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM Berlin)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (TwkPCSC) -- C:\WINDOWS\System32\drivers\TWKPCSC.SYS (Towitoko AG)
DRV - (TwkMs) -- C:\WINDOWS\System32\drivers\TWKMS.SYS (Towitoko AG)
DRV - (TWKPNP) -- C:\WINDOWS\system32\drivers\TWKPNP.SYS (Towitoko AG)
DRV - (Cap7134) TV-Station (SAA7134Capture with MK3-Tuner) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors)
DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors)
DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (BT878) -- C:\WINDOWS\system32\drivers\bt878.sys (Hauppauge Computer Works)
DRV - (vobcom) -- C:\WINDOWS\System32\drivers\vobcom.sys (VOB Computersysteme GmbH)
DRV - (VisorUsb) -- C:\WINDOWS\system32\drivers\VisorUsb.sys (Handspring, Inc)
DRV - (Ftdisk) -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (swmidi) -- C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft Corporation)
DRV - (NDProxy) -- C:\WINDOWS\System32\drivers\ndproxy.sys (Microsoft Corporation)
DRV - (isapnp) -- C:\WINDOWS\System32\DRIVERS\isapnp.sys (Microsoft Corporation)
DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Microsoft Corporation)
DRV - (IpFilterDriver) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys (Microsoft Corporation)
DRV - (NwlnkFwd) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys (Microsoft Corporation)
DRV - (PartMgr) -- C:\WINDOWS\System32\drivers\partmgr.sys (Microsoft Corporation)
DRV - (Cdaudio) -- C:\WINDOWS\System32\drivers\cdaudio.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Raspti) Parallelanschluss (direkt) -- C:\WINDOWS\system32\drivers\raspti.sys (Microsoft Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (NwlnkFlt) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys (Microsoft Corporation)
DRV - (mouhid) -- C:\WINDOWS\system32\drivers\mouhid.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (NdisTapi) -- C:\WINDOWS\system32\drivers\ndistapi.sys (Microsoft Corporation)
DRV - (HidUsb) -- C:\WINDOWS\system32\drivers\hidusb.sys (Microsoft Corporation)
DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys (Microsoft Corporation)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINDOWS\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (RDPCDD) -- C:\WINDOWS\system32\drivers\rdpcdd.sys (Microsoft Corporation)
DRV - (mnmdd) -- C:\WINDOWS\System32\drivers\mnmdd.sys (Microsoft Corporation)
DRV - (Beep) -- C:\WINDOWS\System32\drivers\beep.sys (Microsoft Corporation)
DRV - (Null) -- C:\WINDOWS\System32\drivers\null.sys (Microsoft Corporation)
DRV - (PCIIde) -- C:\WINDOWS\System32\DRIVERS\pciide.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (aic78xx) -- C:\WINDOWS\System32\DRIVERS\aic78xx.sys (Microsoft Corporation)
DRV - (audstub) -- C:\WINDOWS\system32\drivers\audstub.sys (Microsoft Corporation)
DRV - (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (HCW848NT) -- C:\WINDOWS\system32\drivers\HCW848NT.sys (Hauppauge Computer Works)
DRV - (Wdm1) -- C:\WINDOWS\system32\drivers\usbbc.sys ()


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "engine://D%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Torrent-Search Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.de"
FF - prefs.js..browser.startup.homepage: "http://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4
FF - prefs.js..keyword.URL: "Google"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010.06.26 19:36:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.06.26 19:36:08 | 000,000,000 | ---D | M]

[2008.06.27 20:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions
[2008.06.27 20:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.07.15 15:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions
[2010.04.21 19:42:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.03.14 23:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com
[2008.10.18 15:28:48 | 000,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\searchplugins\conduit.xml

O1 HOSTS File: ([2006.02.11 05:36:59 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe ()
O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://204.49.60.246/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.1427893518 (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontech.ltd.uk/software/download/IEPrint.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2003.01.16 06:38:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.19 00:58:16 | 000,169,504 | ---- | M] () - E:\Auto Kaufberatung.mht -- [ NTFS ]
O32 - AutoRun File - [2007.11.19 00:59:29 | 000,276,766 | ---- | M] () - E:\Auto-Kauf -- Rabatt für Bar-Zahler spart oft mehr als günstiges Finanzierungsangebot.mht -- [ NTFS ]
O32 - AutoRun File - [2009.10.16 13:50:05 | 000,852,681 | ---- | M] () - E:\Autobatterie aufladen-wechseln bei heimwerker_de.mht -- [ NTFS ]
O32 - AutoRun File - [2007.09.10 00:55:02 | 000,006,346 | ---- | M] () - E:\automatische Seitenweiterleitung.mht -- [ NTFS ]
O32 - AutoRun File - [2007.11.12 04:59:26 | 000,513,453 | ---- | M] () - E:\Autotteilestore.com -- Auspuffanlage komplett.mht -- [ NTFS ]
O32 - AutoRun File - [2008.06.23 16:43:43 | 000,365,621 | ---- | M] () - E:\Autozine - Autotest Chevrolet Captiva.mht -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 18:26:08 | 000,033,488 | ---- | M] () - F:\Autoversicherung_Bus.pdf -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 17:39:03 | 000,035,391 | ---- | M] () - F:\Autoversicherung_Golf.pdf -- [ NTFS ]
O32 - AutoRun File - [2009.12.15 04:35:34 | 000,033,990 | ---- | M] () - F:\Autoversicherung_Golf_Version2.pdf -- [ NTFS ]
O32 - AutoRun File - [2008.09.16 00:17:56 | 000,372,517 | ---- | M] () - G:\Autovermietung#Hertz_Amerika#buchen.pdf -- [ NTFS ]
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell - "" = AutoRun
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2006.12.19 23:49:40 | 008,494,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell - "" = AutoRun
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun\command - "" = M:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 360 Days ==========[/color]

[2010.07.16 20:47:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
[2010.07.16 18:46:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fritzle\Recent
[2010.07.16 18:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Malwarebytes
[2010.07.16 18:36:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.16 18:36:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.16 18:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ProcessExplorer
[2010.07.15 19:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.07.14 23:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.07.14 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.07.14 16:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn
[2010.07.13 16:28:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM
[2010.07.13 16:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.07.13 16:25:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.13 16:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.13 15:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\a-squared Free
[2010.07.12 22:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server
[2010.04.21 19:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.04.21 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.21 19:42:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Conduit
[2010.04.06 02:15:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\Downloads
[2010.03.14 20:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\TVU Networks
[2010.03.14 20:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
[2010.03.14 20:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\LocalLow
[2010.03.14 20:31:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\LocalLow
[2010.02.17 17:27:38 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.02.17 17:27:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.02.17 17:27:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.02.17 17:27:09 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.02.17 17:27:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.01.29 11:58:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime
[2010.01.29 11:31:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Media Player Classic
[2010.01.29 10:59:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(4)
[2010.01.29 09:51:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.01.29 08:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(3)
[2010.01.29 07:33:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions
[2010.01.29 06:16:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.29 06:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2009.11.30 17:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\cdviewer
[2009.11.14 02:52:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Download Manager
[2009.11.14 02:37:15 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2009.11.11 00:08:24 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009.11.11 00:08:24 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009.09.12 23:56:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall
[2009.08.10 15:45:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip
[2009.07.24 23:45:41 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009.07.24 23:45:41 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009.07.24 23:45:41 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009.07.24 23:45:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2009.07.24 22:00:21 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\drivers\SSPORT.sys
[2009.07.24 21:46:35 | 000,837,028 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.dll
[2009.07.24 21:46:35 | 000,704,512 | ---- | C] (Unified FB) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.dll
[2009.07.24 21:46:35 | 000,224,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ui.dll
[2009.07.24 21:46:35 | 000,204,800 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.dll
[2009.07.24 21:46:35 | 000,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.exe
[2009.07.24 21:46:35 | 000,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.dll
[2009.07.24 21:46:35 | 000,022,663 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.dll
[2009.07.24 21:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series
[2009.07.24 21:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung
[2009.07.24 14:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2003.10.05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003.09.28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2003.03.09 19:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 19:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 19:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
[2003.02.12 08:37:16 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 360 Days ==========[/color]

[2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
[2010.07.16 19:33:31 | 000,147,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe
[2010.07.16 18:55:46 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat
[2010.07.16 18:48:09 | 000,000,378 | ---- | M] () -- C:\WINDOWS\SCARDSRV.INI
[2010.07.16 18:47:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.16 18:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.16 18:47:29 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.16 18:46:45 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.ini
[2010.07.16 18:36:20 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 17:37:22 | 000,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe
[2010.07.15 19:09:28 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\.exe
[2010.07.15 18:59:40 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe
[2010.07.15 16:18:35 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
[2010.07.15 14:03:26 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk
[2010.07.15 13:27:55 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 04:43:36 | 000,001,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.15 04:43:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.15 04:43:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.15 02:38:54 | 000,018,254 | ---- | M] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010.07.15 02:25:50 | 000,000,032 | ---- | M] () -- C:\WINDOWS\HCWBTDLG.INI
[2010.07.15 02:25:30 | 000,001,249 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2010.07.14 16:51:26 | 000,000,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.07.13 16:09:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
[2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job
[2010.06.24 07:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.21 19:43:20 | 000,000,505 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk
[2010.03.28 16:30:02 | 001,061,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 16:30:02 | 000,454,634 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.28 16:30:02 | 000,437,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 16:30:02 | 000,083,648 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.28 16:30:02 | 000,070,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.02.19 22:25:48 | 000,002,143 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\InstantCD+DVD.lnk
[2010.02.17 17:27:53 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.01.10 20:15:46 | 000,000,563 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2009.12.24 04:39:24 | 000,000,387 | ---- | M] () -- C:\WINDOWS\Clony2.ini
[2009.12.20 19:27:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com
[2009.11.11 01:08:24 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009.11.11 01:08:24 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009.09.15 00:48:19 | 000,038,467 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR
[2009.09.15 00:06:37 | 000,038,429 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.09.14 22:18:59 | 000,020,179 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.14 22:18:51 | 000,001,746 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2009.09.04 10:58:33 | 000,001,379 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2009.08.28 20:42:52 | 002,065,696 | ---- | M] () -- C:\WINDOWS\System32\usbaaplrc.dll
[2009.08.25 01:53:39 | 000,000,451 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mp3tag.lnk
[2009.07.24 23:45:50 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009.07.24 21:48:33 | 000,000,138 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SAMSUNG Dr.Printer.url
[2009.07.24 20:22:34 | 000,000,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\abschalten.reg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.07.16 19:40:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com
[2010.07.16 19:33:31 | 000,147,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe
[2010.07.16 18:36:20 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 17:37:22 | 000,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe
[2010.07.15 19:09:28 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\.exe
[2010.07.15 19:02:59 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe
[2010.07.15 16:18:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.07.15 16:18:06 | 000,003,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\iisagx.dll
[2010.07.15 14:03:26 | 000,000,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk
[2010.07.15 02:21:16 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.14 16:51:26 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.06.24 01:30:52 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat
[2010.04.21 19:43:20 | 000,000,505 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk
[2010.02.17 17:27:52 | 000,001,594 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.01.29 08:15:09 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.01.29 08:14:57 | 002,065,696 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc.dll
[2010.01.29 08:14:57 | 002,060,288 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc(2).dll
[2010.01.29 08:14:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009.09.15 00:48:16 | 000,038,467 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR
[2009.09.14 22:18:51 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.09.14 22:18:44 | 000,020,179 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.14 22:18:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.09.14 22:11:54 | 000,038,429 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.07.24 23:51:18 | 000,000,295 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\abschalten.reg
[2009.07.24 23:45:50 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009.07.24 21:48:33 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SAMSUNG Dr.Printer.url
[2009.07.24 21:46:35 | 001,443,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.ctd
[2009.07.24 21:46:35 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u2.dll
[2009.07.24 21:46:35 | 000,626,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ua.bmp
[2009.07.24 21:46:35 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1U.dll
[2009.07.24 21:46:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M.DLL
[2009.07.24 21:46:35 | 000,206,278 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ub.bmp
[2009.07.24 21:46:35 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uC.bmp
[2009.07.24 21:46:35 | 000,062,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.dat
[2009.07.24 21:46:35 | 000,060,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.dat
[2009.07.24 21:46:35 | 000,059,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.dat
[2009.07.24 21:46:35 | 000,059,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.dat
[2009.07.24 21:46:35 | 000,059,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.dat
[2009.07.24 21:46:35 | 000,058,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.dat
[2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucv.bmp
[2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucs.bmp
[2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucp.bmp
[2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1uco.bmp
[2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucd.bmp
[2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucc.bmp
[2009.07.24 21:46:35 | 000,058,276 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.dat
[2009.07.24 21:46:35 | 000,058,042 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.dat
[2009.07.24 21:46:35 | 000,057,303 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.dat
[2009.07.24 21:46:35 | 000,057,083 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.dat
[2009.07.24 21:46:35 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.dat
[2009.07.24 21:46:35 | 000,056,215 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.dat
[2009.07.24 21:46:35 | 000,056,098 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.dat
[2009.07.24 21:46:35 | 000,056,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.dat
[2009.07.24 21:46:35 | 000,055,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.dat
[2009.07.24 21:46:35 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.dat
[2009.07.24 21:46:35 | 000,054,019 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.dat
[2009.07.24 21:46:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lf.dll
[2009.07.24 21:46:35 | 000,052,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.dat
[2009.07.24 21:46:35 | 000,046,843 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.dat
[2009.07.24 21:46:35 | 000,046,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.dat
[2009.07.24 21:46:35 | 000,041,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1.cat
[2009.07.24 21:46:35 | 000,031,381 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.chm
[2009.07.24 21:46:35 | 000,031,277 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.chm
[2009.07.24 21:46:35 | 000,031,241 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.chm
[2009.07.24 21:46:35 | 000,031,155 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.chm
[2009.07.24 21:46:35 | 000,031,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.chm
[2009.07.24 21:46:35 | 000,030,711 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.chm
[2009.07.24 21:46:35 | 000,030,437 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.chm
[2009.07.24 21:46:35 | 000,030,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.chm
[2009.07.24 21:46:35 | 000,030,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.chm
[2009.07.24 21:46:35 | 000,030,247 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.chm
[2009.07.24 21:46:35 | 000,030,229 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.chm
[2009.07.24 21:46:35 | 000,030,223 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.chm
[2009.07.24 21:46:35 | 000,030,199 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.chm
[2009.07.24 21:46:35 | 000,030,025 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.chm
[2009.07.24 21:46:35 | 000,029,945 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.chm
[2009.07.24 21:46:35 | 000,029,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.chm
[2009.07.24 21:46:35 | 000,029,803 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.chm
[2009.07.24 21:46:35 | 000,029,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.chm
[2009.07.24 21:46:35 | 000,029,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.chm
[2009.07.24 21:46:35 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M3.bmp
[2009.07.24 21:46:35 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M2.bmp
[2009.07.24 21:46:35 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M1.bmp
[2009.07.24 21:46:35 | 000,029,323 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.chm
[2009.07.24 21:46:35 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uG.bmp
[2009.07.24 21:46:35 | 000,014,700 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u1.bmp
[2009.07.24 21:46:35 | 000,014,684 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.bmp
[2009.07.24 21:46:35 | 000,014,071 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.xml
[2009.07.24 21:46:35 | 000,009,242 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.INI
[2009.07.24 21:46:35 | 000,004,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ul.bmp
[2009.07.24 21:46:35 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.inf
[2009.07.24 21:46:35 | 000,000,746 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.ver
[2009.07.24 21:46:35 | 000,000,555 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.smt
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007.11.08 13:23:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006.12.31 12:12:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006.06.04 20:32:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2006.02.24 13:18:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005.10.31 18:44:31 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2005.10.27 14:43:21 | 000,000,963 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2005.07.22 17:38:48 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.01.18 11:55:24 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005.01.15 17:12:45 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2005.01.13 16:40:47 | 000,001,779 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2005.01.13 16:22:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI
[2005.01.13 16:18:15 | 000,020,425 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2005.01.13 16:14:49 | 000,001,249 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005.01.12 13:55:55 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005.01.12 13:53:22 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.11.25 19:07:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.10.15 12:30:57 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\niknakXML.dll
[2004.10.15 12:30:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2004.10.15 12:30:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EventConsumer.dll
[2004.10.15 12:30:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PDFMacroUtils.dll
[2004.05.21 07:25:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\b2020.ini
[2004.05.14 12:53:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2004.04.30 04:16:21 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2004.01.27 22:55:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.25 03:31:04 | 000,018,254 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003.11.17 16:00:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2003.11.11 01:06:20 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003.11.11 01:06:20 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003.11.11 01:06:20 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003.11.11 01:06:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003.11.11 01:06:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2003.10.10 21:38:52 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Prof.ini
[2003.10.01 03:29:11 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2003.07.24 01:57:10 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2003.06.13 02:29:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2003.04.08 18:33:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2003.04.07 12:07:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.02.24 14:01:16 | 000,000,541 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2003.02.19 21:05:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini
[2003.02.19 20:58:38 | 000,000,387 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2003.02.18 13:27:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2003.02.18 13:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2003.02.12 08:37:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003.01.29 09:17:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SCARDSRV.INI
[2003.01.29 09:17:32 | 000,000,396 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2003.01.28 21:50:52 | 000,001,052 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.01.27 16:52:55 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2003.01.19 13:19:29 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.01.18 00:11:11 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2003.01.18 00:11:11 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003.01.17 16:38:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002.03.25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(3).DLL
[2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(2).DLL
[2001.01.22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(3).DLL
[1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1998.12.14 19:00:00 | 000,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini
[1996.06.07 21:07:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[1996.06.07 21:07:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[1996.06.07 21:07:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[1996.06.07 21:07:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[1996.06.07 21:07:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[1996.06.07 21:07:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[1996.06.07 21:07:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[1996.06.07 21:07:08 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[1996.06.07 21:07:08 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[1996.06.07 21:07:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[1996.06.07 21:07:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[1996.06.07 21:07:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[1996.06.07 21:07:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll

[color=#E56717]========== LOP Check ==========[/color]

[2006.02.02 16:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2005.12.30 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software
[2010.04.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2008.02.05 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2005.12.30 02:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.11.10 03:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2005.09.02 13:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2005.01.12 14:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.07.15 03:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2005.01.12 14:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2005.01.12 14:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2005.01.15 19:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2005.04.13 01:31:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.01.29 06:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.29 09:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005.02.27 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Aim
[2010.07.11 19:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Azureus
[2010.07.11 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Canon
[2003.04.16 13:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\EverAd
[2003.01.21 14:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\FileMaker
[2003.01.17 14:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterTrust
[2003.01.23 12:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterVideo
[2006.01.17 16:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Leadertech
[2009.03.21 02:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mp3tag
[2009.08.10 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip
[2005.03.27 14:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Pegasys Inc
[2005.01.12 13:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\ScanSoft
[2009.01.06 18:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\SharePod
[2006.05.08 16:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Steinberg
[2009.09.12 23:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall
[2005.01.15 15:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Ulead Systems
[2007.04.01 17:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Viewpoint
[2005.04.14 18:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WeatherBug
[2010.01.29 07:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions
[2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
[2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
[2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
[\Code]
__________
"The rug really tied the room together."
Seitenanfang Seitenende
16.07.2010, 22:15
Member

Themenstarter

Beiträge: 12
#5 Extras
[Code]
OTL Extras logfile created on: 16.07.2010 20:50:43 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS
Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,45% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULCHEN
Current User Name: Fritzle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6969:TCP" = 6969:TCP:*:Enabled:Azureus
"52525:TCP" = 52525:TCP:*:Enabled:Azureus
"6969:UDP" = 6969:UDP:*:Enabled:Azureus
"52525:UDP" = 52525:UDP:*:Enabled:Azureus
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Microsoft ActiveSync\WCESCOMM.EXE" = D:\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"D:\Azureus\Azureus.exe" = D:\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Messenger-Software\AIM95\aim.exe" = D:\Messenger-Software\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"D:\Messenger-Software\Yahoo-Messenger\YPager.exe" = D:\Messenger-Software\Yahoo-Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*;)isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*;)isabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Microsoft ActiveSync\WCESMGR.EXE" = D:\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"D:\RealPlayer\realplay.exe" = D:\RealPlayer\realplay.exe:*;)isabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*;)isabled:Internet Explorer -- (Microsoft Corporation)
"D:\WS_FTP\WS_FTP95.exe" = D:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe" = D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\SopCast\SopCast.exe" = D:\SopCast\SopCast.exe:*;)isabled:SopCast Main Application -- (www.sopcast.com)
"D:\SopCast\adv\SopAdver.exe" = D:\SopCast\adv\SopAdver.exe:*;)isabled:SopCast Adver -- (www.sopcast.com)
"D:\TVAnts\Tvants.exe" = D:\TVAnts\Tvants.exe:*;)isabled:TVAnts -- (Zhejiang University)
"D:\TVUPlayer\TVUPlayer.exe" = D:\TVUPlayer\TVUPlayer.exe:*;)isabled:TVUPlayer Component -- (TVU networks)
"C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe" = C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe:*:Enabled:Win32load -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04277B8F-9663-43DA-BA52-69A11AE28440}" = StarMoney
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = USB Dual Vibration Joystick - Twin
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead FilmBrennerei 2 Deluxe
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{253A8DF7-72F1-4643-A7DB-830F42F4D471}_is1" = MetaBench 0.93 BETA
"{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total
"{27DCB0FF-E8D8-44DE-9725-A7C96CC3FEB6}" = DCS - DVD Copy Suite
"{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A501AD-C538-4286-9A45-AAF5514A482D}" = Universal SCSI Controller
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{53480350-2D1F-461C-9214-3AEC993DD4A1}" = O&O UnErase
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A73544A-0FD4-4529-9420-CB1D6322BB50}" = FW LiveUpdate
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FDCF790-49AF-4E3B-8EB2-C07E2DBA55EA}" = StarMoney 5.0 S-Edition
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7BC42D2B-A730-43B4-8057-9B9946DF1031}" = Microsoft Producer
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9313E9A6-03DF-11D5-88F8-005004361016}" = Pinnacle TRex
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F13B93-1892-4C55-B709-995BBB730F33}" = ATI RADEON 9700 NPR Hatching Demo v1.1
"{A12A36EC-ACB7-11D9-8E75-000D614181EB}" = NDAS Software 3.11.1328
"{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator
"{A45302B5-1842-4B7A-92FC-53F618882BF1}" = Cuttermaran 1.65
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AD6B62AC-18A2-4632-86D0-7962E2ECB9D5}" = Pinnacle InstantCD/DVD Suite
"{ADAF6BDD-EC42-4239-B191-FDE6FFD6E1D6}" = ATI RADEON 9700 Car Paint Demo v1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B747E7F6-7A2B-4E57-B6A5-AFF21325EE2D}" = ATI RADEON 9700 Bear Demo v1.1
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C1939820-A945-11D4-86F6-0001031E5712}" = ASUSTek ASUSDVD
"{C6ADEAB6-AEF6-49D5-816E-102DA2620646}" =
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC379A36-DB26-4A29-877B-B6CE813FDDD5}" = ATI RADEON 9700 Debevec RNL Demo v1.1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E24D73DA-FC53-47CC-9112-CA98986B88AA}" = Pinnacle InstantCD/DVD Suite Update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6B9D9AC-E9DA-4EB9-85BC-34457A28B63F}" = Cloudmark SpamNet 1.0 Beta 10f
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% (Trial Version)
"{EF1DD862-1F5C-4BC8-B3B6-BBB5AD3B460E}" = Motorola Handset USB Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"8461-7759-5462-8226" = Vuze
"Add/Remove Pro" = Add/Remove Pro
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen)
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AnyDVD" = AnyDVD
"AOL Instant Messenger" = AOL Instant Messenger
"ArcView Districting Extension" = ArcView Districting Extension
"ASAPI Update" = ASAPI Update
"a-squared Free_is1" = a-squared Free 2.1
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Biet-O-Matic v2.0.13" = Biet-O-Matic v2.0.13
"CDex" = CDex extraction audio
"CDXtract v4.1.5" = CDXtract v4.1.5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CombiMovie (Freeware)_is1" = CombiMovie Version 1.31
"Digital Video Repair" = Digital Video Repair 2.1
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD-lab PRO_is1" = DVD-lab PRO 1.00
"DVD-Patcher 1.06" = DVD-Patcher 1.06
"EarMaster Pro 4_is1" = EarMaster Pro 4
"FLAC" = FLAC 1.2.1b (remove only)
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge VCD Convert/Burn Utility" = Hauppauge VCD Convert/Burn Utility
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers
"Hauppauge WinTV PVR (Model 45xxx)" = Hauppauge WinTV PVR (Model 45xxx)
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HDD Health_is1" = HDD Health v2.1 Beta
"HijackThis" = HijackThis 2.0.2
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InternetDeinstKey" = ArcView Internet Map Server
"IsoBuster_is1" = IsoBuster 1.9.1
"Magic ISO Maker v5.1 (build 0185)" = Magic ISO Maker v5.1 (build 0185)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.44
"MVApplication1" = SureThing CD Labeler Deluxe 4
"nanoPEG-Editor 2.2 Hauppauge Edition_is1" = nanoPEG-Editor 2.2 Hauppauge Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"OnlineControl_is1" = OnlineControl 1.1
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"Postpaket Ausfüllhilfe 2.2" = Postpaket Ausfüllhilfe 2.2
"Q903235" = Internet Explorer Q903235
"QCDrivers" = QuickCam Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"Security Task Manager" = Security Task Manager 1.7h
"SiSoftware Sandra Lite 2005.SR3_is1" = SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
"SopCast" = SopCast 3.2.8
"ST6UNST #1" = ZIP_Code_Business_Patterns
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"StreamTorrent 1.0" = StreamTorrent 1.0
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.38
"Veetle TV" = Veetle TV 0.9.16
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3DDeinstKey" = ArcView 3D Analyst
"ArcView GIS 3.2" = ArcView GIS 3.2a
"ArcView Image Analysis" = ArcView Image Analysis
"ArcView Network Analyst" = ArcView Network Analyst
"ArcView Spatial Analyst" = ArcView Spatial Analyst
"Renatager" = Mp3 Renatager

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30.11.2009 23:34:46 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner
Fehler aufgetreten. .

Error - 04.12.2009 08:41:22 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner
Fehler aufgetreten. .

Error - 11.07.2010 03:10:16 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 11.07.2010 03:10:17 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 14.07.2010 18:07:15 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:16 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:17 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:17 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:17 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:20 | Computer Name = PAULCHEN | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor

[ System Events ]
Error - 16.07.2010 11:43:17 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 16.07.2010 12:47:58 | Computer Name = PAULCHEN | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 16.07.2010 12:47:58 | Computer Name = PAULCHEN | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 16.07.2010 12:48:26 | Computer Name = PAULCHEN | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 16.07.2010 12:48:27 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3

Error - 16.07.2010 12:48:27 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
oreans32 Pcmcia ppa3 Sparrow sr

Error - 16.07.2010 12:48:27 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 16.07.2010 12:52:19 | Computer Name = PAULCHEN | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 16.07.2010 12:52:19 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3

Error - 16.07.2010 12:52:19 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2


< End of report >
[\Code]
__________
"The rug really tied the room together."
Seitenanfang Seitenende
16.07.2010, 22:16
Member

Themenstarter

Beiträge: 12
#6 Und hier nun der letzte Teil meines Postings:

4. Hijackthis-Logfile
[Code]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:11, on 16.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\a-squared Free\a2service.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Diskeeper Professional Premier\DkService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\UPHClean\uphclean.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Jaws PDF Creator\PDFClient.exe
C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\wscntfy.exe
G:\HiJackThis\HJT.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YSearchProtection] "C:\Programme\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.de/common/asusTek_sys_ctrl.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://204.49.60.246/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CAE1438-109A-4E23-B938-6CEABEC7ABDC}: NameServer = 192.168.2.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Diskeeper Professional Premier\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Programme\NDAS\System\ndassvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12039 bytes
[\Code]

5. Hijackthis-Uninstall-Liste
[Code]
Acronis True Image
Add/Remove Pro
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Nur entfernen)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8 - Deutsch
AOL Instant Messenger
Apple Application Support
Apple Software Update
ArcView Districting Extension
ArcView Internet Map Server
ASAPI Update
a-squared Free 2.1
ASUSTek ASUSDVD
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
ATI RADEON 9700 Bear Demo v1.1
ATI RADEON 9700 Car Paint Demo v1.1
ATI RADEON 9700 Debevec RNL Demo v1.1
ATI RADEON 9700 NPR Hatching Demo v1.1
ATI RADEON 9700 Pipe Dream Demo v1.1
Avanquest update
Avira AntiVir Personal - Free Antivirus
Canon CanoScan Toolbox 4.6
CDex extraction audio
CDXtract v4.1.5
CHIPDRIVE - Gerätetreiber V2.14.38
Compatibility Pack für 2007 Office System
Cuttermaran 1.65
DCS - DVD Copy Suite
DH Driver Cleaner Professional Edition
Digital Video Repair 2.1
Diskeeper Professional Premier Edition
DivX Codec
DivX Player
DVD Decrypter (Remove Only)
DVD-Patcher 1.06
FLAC 1.2.1b (remove only)
FW LiveUpdate
Hauppauge German Help Files and Resources
Hauppauge VCD Convert/Burn Utility
Hauppauge WinTV Infrared Remote
Hauppauge WinTV NT4/Win2000 Drivers
Hauppauge WinTV PVR (Model 45xxx)
Hauppauge WinTV Radio
Hauppauge WinTV2000
HDD Health v2.1 Beta
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix für Windows XP (KB904412)
Hotfix für Windows XP (KB914440)
Huffyuv AVI lossless video codec (Remove Only)
Indeo® software
Internet Explorer Q903235
InterVideo FilterSDK
J2SE Runtime Environment 5.0 Update 5
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Manual CanoScan 4200F
MetaBench 0.93 BETA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 German Language Pack
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional mit FrontPage
Microsoft Producer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Moorhuhn Total
Motorola Driver Installation 3.7.0
Motorola Handset USB Driver
Motorola Phone Tools
Motorola PST
Motorola Software Update
Mozilla Firefox (3.6.3)
Mp3tag v2.44
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
nanoPEG-Editor 2.2 Hauppauge Edition
NDAS Software 3.11.1328
NVIDIA nForce Drivers
OmniPage SE 2.0
OnlineControl 1.1
Parrot Software Update Tool
PC-Linq
Pinnacle InstantCD/DVD Suite
Pinnacle InstantCD/DVD Suite Update
Pinnacle TRex
Postpaket Ausfüllhilfe 2.2
PowerQuest PartitionMagic 8.0
QuickCam Drivers
QuickTime
RealPlayer Basic
Remote Control USB Driver
Samsung CLP-300 Series
Security Task Manager 1.7h
Security Update für Microsoft .NET Framework 2.0 (KB928365)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows Media Player 9 (KB936782)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893066)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896422)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB908531)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913446)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB914388)
Sicherheitsupdate für Windows XP (KB914389)
Sicherheitsupdate für Windows XP (KB917344)
Sicherheitsupdate für Windows XP (KB917422)
Sicherheitsupdate für Windows XP (KB917953)
Sicherheitsupdate für Windows XP (KB918118)
Sicherheitsupdate für Windows XP (KB919007)
Sicherheitsupdate für Windows XP (KB920213)
Sicherheitsupdate für Windows XP (KB920670)
Sicherheitsupdate für Windows XP (KB920683)
Sicherheitsupdate für Windows XP (KB920685)
Sicherheitsupdate für Windows XP (KB921398)
Sicherheitsupdate für Windows XP (KB921503)
Sicherheitsupdate für Windows XP (KB921883)
Sicherheitsupdate für Windows XP (KB922616)
Sicherheitsupdate für Windows XP (KB922819)
Sicherheitsupdate für Windows XP (KB923191)
Sicherheitsupdate für Windows XP (KB923414)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB923980)
Sicherheitsupdate für Windows XP (KB924191)
Sicherheitsupdate für Windows XP (KB924270)
Sicherheitsupdate für Windows XP (KB924496)
Sicherheitsupdate für Windows XP (KB924667)
Sicherheitsupdate für Windows XP (KB925902)
Sicherheitsupdate für Windows XP (KB926255)
Sicherheitsupdate für Windows XP (KB926436)
Sicherheitsupdate für Windows XP (KB927779)
Sicherheitsupdate für Windows XP (KB927802)
Sicherheitsupdate für Windows XP (KB928255)
Sicherheitsupdate für Windows XP (KB928843)
Sicherheitsupdate für Windows XP (KB929123)
Sicherheitsupdate für Windows XP (KB930178)
Sicherheitsupdate für Windows XP (KB931261)
Sicherheitsupdate für Windows XP (KB931784)
Sicherheitsupdate für Windows XP (KB932168)
Sicherheitsupdate für Windows XP (KB935839)
Sicherheitsupdate für Windows XP (KB935840)
Sicherheitsupdate für Windows XP (KB936021)
Sicherheitsupdate für Windows XP (KB937143)
Sicherheitsupdate für Windows XP (KB938127)
Sicherheitsupdate für Windows XP (KB938829)
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
SopCast 3.2.8
Spybot - Search & Destroy
TMPGEnc MPEG Editor
TVAnts 1.0
TVUPlayer 2.5.2.2
Ulead FilmBrennerei 2 Deluxe
Universal SCSI Controller
Update für Windows XP (KB898461)
Update für Windows XP (KB900485)
Update für Windows XP (KB904942)
Update für Windows XP (KB910437)
Update für Windows XP (KB911280)
Update für Windows XP (KB916595)
Update für Windows XP (KB920342)
Update für Windows XP (KB920872)
Update für Windows XP (KB922582)
Update für Windows XP (KB925720)
Update für Windows XP (KB925876)
Update für Windows XP (KB927891)
Update für Windows XP (KB930916)
Update für Windows XP (KB938828)
USB Dual Vibration Joystick - Twin
User Profile Hive Cleanup Service
Veetle TV 0.9.16
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VTPlus32 für WinTV (German)
Vuze
WIDCOMM Bluetooth Software
WildTangent Web Driver
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 9-Hotfix [Weitere Informationen finden Sie unter KB885492.]
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (DEU)
Windows Workflow Foundation
Windows Workflow Foundation DE Language Pack
Windows XP Service Pack 2
Windows XP-Hotfix - KB873333
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885222
Windows XP-Hotfix - KB885250
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB885884
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887472
Windows XP-Hotfix - KB888113
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB890047
Windows XP-Hotfix - KB890175
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB891781
Windows XP-Hotfix - KB893086
WingMan Software
XML Paper Specification Shared Components Language Pack 1.0
XviD MPEG-4 Codec
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zoom Player (remove only)
[\Code]


So, ich hoffe dass ich nichts vergessen habe.
Ich würde mich sehr freuen, wenn sich einer von Euch, trotz des momentan tollen Wetter,
meines Problems annehmen würde. So dass ich vielleicht doch noch um das Neuaufsetzten
herumkomme.
Ich bedanke mich im Voraus und grüsse Euch herzlich.

Euer
Dude
__________
"The rug really tied the room together."
Seitenanfang Seitenende
17.07.2010, 15:54
Member

Beiträge: 420
#7 Hallo Dude,

1. Hol Dir bitte RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme, schalte AV-Wächter ab.
Gehe auf Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Poste das Log.

2. Erneuter Scan mit OTL
Starte bitte OTL, stelle sicher, dass überall "Use Safe List" ausgewählt ist (Services, Drivers, etc.) und rechts bei File Age 30 Days eingestellt ist. Du hast bei dem vorherigem Scan "All" und 360 Tage ausgewählt, das war zwar gut gemeint, erschwert aber die Auswertung.
Klicke nun auf Run Scan und poste die OTL.txt und Extras.txt
Seitenanfang Seitenende
18.07.2010, 01:39
Member

Themenstarter

Beiträge: 12
#8 Hallo gangren,

erstmal vielen Dank, dass Du Dich meines Problems annimmst.
Ich hoffe, dass sich alles noch zum Guten wendet.
Unten findest Du die gewünschten Logs.

Nochmals vielen Dank,
Dude

1. Root Repeal Log

[Code]
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/18 00:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7482000 Size: 95360 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA39FC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xA396C000 Size: 8960 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7a8ca76

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7a8ca6c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7a8ca7b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7a8ca85

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7a8ca8a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7a8ca58

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7a8ca5d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7a8ca94

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7a8ca8f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7a8ca80

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7a8ca67

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xa396c6d0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a5390d0 Size: 459

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a67db80 Size: 10

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a4d42c8 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a66f228 Size: 1218

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a4d5550 Size: 99

Object: Hidden Code [Driver: TwkMs, IRP_MJ_POWER]
Process: System Address: 0x00000000 Size: 4096

Object: Hidden Code [Driver: TwkMs, IRP_MJ_PNP]
Process: System Address: 0x00000000 Size: 4096

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CLOSE]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_READ]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_WRITE]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_EA]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a543640 Size: 2497

Object: Hidden Code [Driver: VOBID, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CLEANUP]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_POWER]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a552dd8 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_PNP]
Process: System Address: 0x8a552dd8 Size: 99

==EOF==
[\Code]

2. OTL Logs
OTL

[Code]
OTL logfile created on: 18.07.2010 01:09:58 - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS
Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,44% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Paulchen
Current User Name: Fritzle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
PRC - [2010.07.13 10:57:25 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- D:\a-squared Free\a2service.exe
PRC - [2009.08.14 12:51:34 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.23 15:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.06.15 01:07:50 | 000,220,672 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndasmgmt.exe
PRC - [2006.06.15 01:07:42 | 000,305,664 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe
PRC - [2005.11.23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Diskeeper Professional Premier\DkService.exe
PRC - [2005.10.14 21:00:38 | 000,172,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2005.07.22 17:50:16 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe
PRC - [2003.12.09 12:11:08 | 000,315,392 | ---- | M] (Global Graphics Software Ltd.) -- D:\Jaws PDF Creator\PDFClient.exe
PRC - [2003.12.09 11:48:40 | 000,139,264 | ---- | M] (Global Graphics Software Ltd) -- C:\WINDOWS\system32\PDFCreatorMessages.exe
PRC - [2003.11.12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.09.06 22:20:53 | 000,286,720 | ---- | M] (Towitoko AG) -- C:\WINDOWS\SCARDS32.EXE
PRC - [2003.06.17 18:18:46 | 000,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe
PRC - [2003.05.15 16:41:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\point32.exe
PRC - [2003.04.23 03:06:54 | 000,417,871 | ---- | M] (Microsoft Corporation) -- D:\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2001.08.18 05:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
MOD - [2004.08.04 09:54:27 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 08:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.13 10:57:25 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\a-squared Free\a2service.exe -- (a2free)
SRV - [2009.08.14 12:51:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.06.15 01:07:42 | 000,305,664 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2005.11.23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- D:\Diskeeper Professional Premier\DkService.exe -- (Diskeeper)
SRV - [2005.10.14 21:00:38 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.10.09 22:33:00 | 001,079,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2005.10.09 22:32:52 | 000,170,536 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.12.09 11:48:40 | 000,139,264 | ---- | M] (Global Graphics Software Ltd) [Auto | Running] -- C:\WINDOWS\system32\PDFCreatorMessages.exe -- (PDFCreatorMessages)
SRV - [2003.11.12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.09.06 22:20:53 | 000,286,720 | ---- | M] (Towitoko AG) [Auto | Running] -- C:\WINDOWS\SCARDS32.EXE -- (TWKSCARDSRV)
SRV - [2001.08.18 05:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\SystemRoot\System32\DRIVERS\sr.sys -- (sr)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\oreans32.sys -- (oreans32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ)
DRV - [2009.12.20 19:27:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.01.23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006.11.22 23:48:18 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2006.06.15 01:08:18 | 000,140,416 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2006.06.15 01:07:30 | 000,130,560 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2006.06.15 01:07:30 | 000,061,952 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2006.06.15 01:07:30 | 000,044,288 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2006.06.12 19:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.05.01 21:28:31 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2006.01.20 15:26:14 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006.01.20 15:26:14 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.01.20 15:26:08 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005.12.30 02:41:33 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005.07.22 17:35:28 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.07.22 17:34:02 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.07.22 17:33:58 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.07.22 17:33:00 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.07.22 17:31:10 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.07.22 17:31:00 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005.07.22 17:30:34 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.07.22 17:27:42 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.12.18 20:32:32 | 000,038,229 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004.10.25 03:00:00 | 000,796,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfhubase.sys -- (bfhubase) Eumex C 200 data (WinXP/2000)
DRV - [2004.10.25 03:00:00 | 000,374,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\capi_cip.sys -- (CAPI_CIP)
DRV - [2004.10.25 03:00:00 | 000,061,056 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtser.sys -- (AVMBTSERIAL)
DRV - [2004.10.25 03:00:00 | 000,060,288 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtpar.sys -- (AVMBTPARALLEL)
DRV - [2004.10.25 03:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2004.10.25 03:00:00 | 000,049,664 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtsnd.sys -- (AVMBTSND)
DRV - [2004.10.25 03:00:00 | 000,031,818 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netbfpan.sys -- (NETBFPAN)
DRV - [2004.08.04 08:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2004.08.04 08:03:35 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.04 08:00:16 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2004.06.09 00:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004.02.20 12:03:18 | 000,187,392 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004.02.03 16:04:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2004.01.27 22:56:58 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.12.09 03:00:00 | 000,741,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfubase.sys -- (bfubase) BlueFRITZ! USB (WinXP/2000)
DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003.11.17 06:04:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003.10.15 14:59:54 | 000,055,552 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2003.10.15 14:59:44 | 000,041,856 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2003.10.05 11:41:14 | 000,123,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sojubus.sys -- (sojubus)
DRV - [2003.09.28 11:57:52 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sojuscsi.sys -- (sojuscsi)
DRV - [2003.08.01 15:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vobid.sys -- (VOBID)
DRV - [2003.06.17 17:24:00 | 000,286,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2003.06.17 17:24:00 | 000,030,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003.04.08 14:14:50 | 000,038,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k)
DRV - [2003.03.19 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003.03.09 19:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 19:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2002.11.28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002.11.27 21:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002.11.27 02:00:00 | 000,503,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) BlueFRITZ! AP-X (WinXP/2000)
DRV - [2002.11.27 02:00:00 | 000,038,608 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2002.09.16 18:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2002.06.20 18:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002.06.20 18:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002.06.20 18:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.06.20 18:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002.06.17 03:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2002.06.17 03:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TWKMS.SYS -- (TwkMs)
DRV - [2002.06.17 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TWKPNP.SYS -- (TWKPNP)
DRV - [2002.05.13 20:07:06 | 000,423,712 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) TV-Station (SAA7134Capture with MK3-Tuner)
DRV - [2002.05.13 19:16:44 | 000,019,520 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002.04.17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2002.01.07 16:28:54 | 000,023,552 | ---- | M] (Hauppauge Computer Works) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\bt878.sys -- (BT878)
DRV - [2001.10.04 12:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)
DRV - [2001.09.14 09:19:58 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)
DRV - [2001.08.18 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.18 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 14:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001.08.17 14:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001.08.17 14:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001.08.17 14:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001.03.09 15:53:06 | 000,138,932 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCW848NT.sys -- (HCW848NT)
DRV - [2001.01.08 10:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "engine://D%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Torrent-Search Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.de"
FF - prefs.js..browser.startup.homepage: "http://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "Google"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010.06.26 19:36:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.06.26 19:36:08 | 000,000,000 | ---D | M]

[2008.06.27 20:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions
[2010.07.15 15:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions
[2010.04.21 19:42:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.03.14 23:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com
[2008.10.18 15:28:48 | 000,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\searchplugins\conduit.xml

O1 HOSTS File: ([2006.02.11 05:36:59 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-583907252-492894223-725345543-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe ()
O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-583907252-492894223-725345543-1004..\Run: [H/PC Connection Agent] D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-583907252-492894223-725345543-1004..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://204.49.60.246/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.1427893518 (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontech.ltd.uk/software/download/IEPrint.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2003.01.16 06:38:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.19 00:58:16 | 000,169,504 | ---- | M] () - E:\Auto Kaufberatung.mht -- [ NTFS ]
O32 - AutoRun File - [2007.11.19 00:59:29 | 000,276,766 | ---- | M] () - E:\Auto-Kauf -- Rabatt für Bar-Zahler spart oft mehr als günstiges Finanzierungsangebot.mht -- [ NTFS ]
O32 - AutoRun File - [2009.10.16 13:50:05 | 000,852,681 | ---- | M] () - E:\Autobatterie aufladen-wechselnbei heimwerker_de.mht -- [ NTFS ]
O32 - AutoRun File - [2007.09.10 00:55:02 | 000,006,346 | ---- | M] () - E:\automatische Seitenweiterleitung.mht -- [ NTFS ]
O32 - AutoRun File - [2007.11.12 04:59:26 | 000,513,453 | ---- | M] () - E:\Autotteilestore.com -- Auspuffanlage komplett.mht -- [ NTFS ]
O32 - AutoRun File - [2008.06.23 16:43:43 | 000,365,621 | ---- | M] () - E:\Autozine - Autotest Chevrolet Captiva.mht -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 18:26:08 | 000,033,488 | ---- | M] () - F:\Autoversicherung_Bus.pdf -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 17:39:03 | 000,035,391 | ---- | M] () - F:\Autoversicherung_Golf.pdf -- [ NTFS ]
O32 - AutoRun File - [2009.12.15 04:35:34 | 000,033,990 | ---- | M] () - F:\Autoversicherung_Golf_Version2.pdf -- [ NTFS ]
O32 - AutoRun File - [2008.09.16 00:17:56 | 000,372,517 | ---- | M] () - G:\Autovermietung#Hertz_Amerika#buchen.pdf -- [ NTFS ]
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell - "" = AutoRun
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell - "" = AutoRun
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun\command - "" = M:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.07.18 00:56:46 | 000,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\RootRepeal.exe
[2010.07.16 22:17:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fritzle\Recent
[2010.07.16 20:47:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
[2010.07.16 18:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Malwarebytes
[2010.07.16 18:36:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.16 18:36:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.16 18:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ProcessExplorer
[2010.07.15 19:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.07.14 23:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.07.14 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.07.14 16:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn
[2010.07.13 16:28:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM
[2010.07.13 16:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.07.13 16:25:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.13 16:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.13 15:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\a-squared Free
[2010.07.12 22:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server
[2003.10.05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003.09.28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2003.03.09 19:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 19:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 19:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
[2003.02.12 08:37:16 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.07.18 00:57:18 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\settings.dat
[2010.07.18 00:54:31 | 000,000,378 | ---- | M] () -- C:\WINDOWS\SCARDSRV.INI
[2010.07.18 00:54:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 00:54:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.18 00:54:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.18 00:54:01 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.16 22:17:28 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat
[2010.07.16 22:17:28 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.ini
[2010.07.16 21:02:59 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\.exe
[2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
[2010.07.16 19:33:31 | 000,147,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe
[2010.07.16 18:36:20 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 17:37:22 | 000,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe
[2010.07.15 18:59:40 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe
[2010.07.15 16:18:35 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
[2010.07.15 14:03:26 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk
[2010.07.15 13:27:55 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 04:43:36 | 000,001,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.15 04:43:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.15 04:43:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.15 02:38:54 | 000,018,254 | ---- | M] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010.07.15 02:25:50 | 000,000,032 | ---- | M] () -- C:\WINDOWS\HCWBTDLG.INI
[2010.07.15 02:25:30 | 000,001,249 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2010.07.14 16:51:26 | 000,000,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
[2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job
[2010.06.24 07:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.07.18 00:57:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\settings.dat
[2010.07.16 19:40:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com
[2010.07.16 19:33:31 | 000,147,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe
[2010.07.16 18:36:20 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 17:37:22 | 000,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe
[2010.07.15 19:09:28 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\.exe
[2010.07.15 19:02:59 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe
[2010.07.15 16:18:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.07.15 16:18:06 | 000,003,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\iisagx.dll
[2010.07.15 14:03:26 | 000,000,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk
[2010.07.15 02:21:16 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.14 16:51:26 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.06.24 01:30:52 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat
[2010.01.29 08:14:57 | 002,065,696 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc.dll
[2010.01.29 08:14:57 | 002,060,288 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc(2).dll
[2010.01.29 08:14:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009.09.14 22:18:51 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.09.14 22:18:44 | 000,020,179 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.14 22:18:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007.11.08 13:23:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006.12.31 12:12:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006.06.04 20:32:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2006.02.24 13:18:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005.10.31 18:44:31 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2005.10.27 14:43:21 | 000,000,963 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2005.07.22 17:38:48 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.01.18 11:55:24 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005.01.15 17:12:45 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2005.01.13 16:40:47 | 000,001,779 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2005.01.13 16:22:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI
[2005.01.13 16:18:15 | 000,020,425 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2005.01.13 16:14:49 | 000,001,249 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005.01.12 13:55:55 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005.01.12 13:53:22 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.11.25 19:07:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.10.15 12:30:57 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\niknakXML.dll
[2004.10.15 12:30:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2004.10.15 12:30:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EventConsumer.dll
[2004.10.15 12:30:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PDFMacroUtils.dll
[2004.05.21 07:25:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\b2020.ini
[2004.05.14 12:53:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2004.04.30 04:16:21 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2004.01.27 22:55:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.25 03:31:04 | 000,018,254 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003.11.17 16:00:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2003.11.11 01:06:20 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003.11.11 01:06:20 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003.11.11 01:06:20 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003.11.11 01:06:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003.11.11 01:06:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2003.10.10 21:38:52 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Prof.ini
[2003.10.01 03:29:11 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2003.07.24 01:57:10 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2003.06.13 02:29:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2003.04.08 18:33:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2003.04.07 12:07:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.02.24 14:01:16 | 000,000,541 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2003.02.19 21:05:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini
[2003.02.19 20:58:38 | 000,000,387 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2003.02.18 13:27:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2003.02.18 13:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2003.02.12 08:37:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003.01.29 09:17:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SCARDSRV.INI
[2003.01.29 09:17:32 | 000,000,396 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2003.01.28 21:50:52 | 000,001,052 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.01.27 16:52:55 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2003.01.19 13:19:29 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.01.18 00:11:11 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2003.01.18 00:11:11 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003.01.17 16:38:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002.03.25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(3).DLL
[2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(2).DLL
[2001.01.22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(3).DLL
[1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1998.12.14 19:00:00 | 000,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini
[1996.06.07 21:07:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[1996.06.07 21:07:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[1996.06.07 21:07:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[1996.06.07 21:07:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[1996.06.07 21:07:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[1996.06.07 21:07:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[1996.06.07 21:07:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[1996.06.07 21:07:08 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[1996.06.07 21:07:08 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[1996.06.07 21:07:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[1996.06.07 21:07:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[1996.06.07 21:07:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[1996.06.07 21:07:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll

[color=#E56717]========== LOP Check ==========[/color]

[2006.02.02 16:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2005.12.30 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software
[2010.04.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2008.02.05 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2005.12.30 02:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.11.10 03:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2005.09.02 13:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2005.01.12 14:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.07.15 03:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2005.01.12 14:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2005.01.12 14:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2005.01.15 19:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2005.04.13 01:31:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.01.29 06:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.29 09:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005.02.27 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Aim
[2010.07.11 19:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Azureus
[2010.07.11 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Canon
[2003.04.16 13:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\EverAd
[2003.01.21 14:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\FileMaker
[2003.01.17 14:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterTrust
[2003.01.23 12:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterVideo
[2006.01.17 16:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Leadertech
[2009.03.21 02:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mp3tag
[2009.08.10 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip
[2005.03.27 14:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Pegasys Inc
[2005.01.12 13:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\ScanSoft
[2009.01.06 18:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\SharePod
[2006.05.08 16:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Steinberg
[2009.09.12 23:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall
[2005.01.15 15:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Ulead Systems
[2007.04.01 17:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Viewpoint
[2005.04.14 18:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WeatherBug
[2010.01.29 07:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions
[2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
[2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
[2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
[\Code]

Extras

[Code]
OTL Extras logfile created on: 18.07.2010 01:09:58 - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS
Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,44% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Paulchen
Current User Name: Fritzle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6969:TCP" = 6969:TCP:*:Enabled:Azureus
"52525:TCP" = 52525:TCP:*:Enabled:Azureus
"6969:UDP" = 6969:UDP:*:Enabled:Azureus
"52525:UDP" = 52525:UDP:*:Enabled:Azureus
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Microsoft ActiveSync\WCESCOMM.EXE" = D:\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"D:\Azureus\Azureus.exe" = D:\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Messenger-Software\AIM95\aim.exe" = D:\Messenger-Software\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"D:\Messenger-Software\Yahoo-Messenger\YPager.exe" = D:\Messenger-Software\Yahoo-Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"D:\Microsoft ActiveSync\WCESMGR.EXE" = D:\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"D:\RealPlayer\realplay.exe" = D:\RealPlayer\realplay.exe:*;)isabled:RealPlayer -- (RealNetworks, Inc.)
"D:\WS_FTP\WS_FTP95.exe" = D:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe" = D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\SopCast\SopCast.exe" = D:\SopCast\SopCast.exe:*;)isabled:SopCast Main Application -- (www.sopcast.com)
"D:\SopCast\adv\SopAdver.exe" = D:\SopCast\adv\SopAdver.exe:*;)isabled:SopCast Adver -- (www.sopcast.com)
"D:\TVAnts\Tvants.exe" = D:\TVAnts\Tvants.exe:*;)isabled:TVAnts -- (Zhejiang University)
"D:\TVUPlayer\TVUPlayer.exe" = D:\TVUPlayer\TVUPlayer.exe:*;)isabled:TVUPlayer Component -- (TVU networks)
"C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe" = C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe:*:Enabled:Win32load -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04277B8F-9663-43DA-BA52-69A11AE28440}" = StarMoney
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = USB Dual Vibration Joystick - Twin
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead FilmBrennerei 2 Deluxe
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{253A8DF7-72F1-4643-A7DB-830F42F4D471}_is1" = MetaBench 0.93 BETA
"{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total
"{27DCB0FF-E8D8-44DE-9725-A7C96CC3FEB6}" = DCS - DVD Copy Suite
"{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A501AD-C538-4286-9A45-AAF5514A482D}" = Universal SCSI Controller
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{53480350-2D1F-461C-9214-3AEC993DD4A1}" = O&O UnErase
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A73544A-0FD4-4529-9420-CB1D6322BB50}" = FW LiveUpdate
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FDCF790-49AF-4E3B-8EB2-C07E2DBA55EA}" = StarMoney 5.0 S-Edition
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7BC42D2B-A730-43B4-8057-9B9946DF1031}" = Microsoft Producer
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9313E9A6-03DF-11D5-88F8-005004361016}" = Pinnacle TRex
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F13B93-1892-4C55-B709-995BBB730F33}" = ATI RADEON 9700 NPR Hatching Demo v1.1
"{A12A36EC-ACB7-11D9-8E75-000D614181EB}" = NDAS Software 3.11.1328
"{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator
"{A45302B5-1842-4B7A-92FC-53F618882BF1}" = Cuttermaran 1.65
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AD6B62AC-18A2-4632-86D0-7962E2ECB9D5}" = Pinnacle InstantCD/DVD Suite
"{ADAF6BDD-EC42-4239-B191-FDE6FFD6E1D6}" = ATI RADEON 9700 Car Paint Demo v1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B747E7F6-7A2B-4E57-B6A5-AFF21325EE2D}" = ATI RADEON 9700 Bear Demo v1.1
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C1939820-A945-11D4-86F6-0001031E5712}" = ASUSTek ASUSDVD
"{C6ADEAB6-AEF6-49D5-816E-102DA2620646}" =
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = AcronisTrueImage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC379A36-DB26-4A29-877B-B6CE813FDDD5}" = ATI RADEON 9700 Debevec RNL Demo v1.1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E24D73DA-FC53-47CC-9112-CA98986B88AA}" = Pinnacle InstantCD/DVD Suite Update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6B9D9AC-E9DA-4EB9-85BC-34457A28B63F}" = Cloudmark SpamNet 1.0 Beta 10f
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% (Trial Version)
"{EF1DD862-1F5C-4BC8-B3B6-BBB5AD3B460E}" = Motorola Handset USB Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"8461-7759-5462-8226" = Vuze
"Add/Remove Pro" = Add/Remove Pro
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen)
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AnyDVD" = AnyDVD
"AOL Instant Messenger" = AOL Instant Messenger
"ArcView Districting Extension" = ArcView Districting Extension
"ASAPI Update" = ASAPI Update
"a-squared Free_is1" = a-squared Free 2.1
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Biet-O-Matic v2.0.13" = Biet-O-Matic v2.0.13
"CDex" = CDex extraction audio
"CDXtract v4.1.5" = CDXtract v4.1.5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CombiMovie (Freeware)_is1" = CombiMovie Version 1.31
"Digital Video Repair" = Digital Video Repair 2.1
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD-lab PRO_is1" = DVD-lab PRO 1.00
"DVD-Patcher 1.06" = DVD-Patcher 1.06
"EarMaster Pro 4_is1" = EarMaster Pro 4
"FLAC" = FLAC 1.2.1b (remove only)
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge VCD Convert/Burn Utility" = Hauppauge VCD Convert/Burn Utility
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers
"Hauppauge WinTV PVR (Model 45xxx)" = Hauppauge WinTV PVR (Model 45xxx)
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HDD Health_is1" = HDD Health v2.1 Beta
"HijackThis" = HijackThis 2.0.2
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InternetDeinstKey" = ArcView Internet Map Server
"IsoBuster_is1" = IsoBuster 1.9.1
"Magic ISO Maker v5.1 (build 0185)" = Magic ISO Maker v5.1 (build 0185)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.44
"MVApplication1" = SureThing CD Labeler Deluxe 4
"nanoPEG-Editor 2.2 Hauppauge Edition_is1" = nanoPEG-Editor 2.2 Hauppauge Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"OnlineControl_is1" = OnlineControl 1.1
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"Postpaket Ausfüllhilfe 2.2" = Postpaket Ausfüllhilfe 2.2
"Q903235" = Internet Explorer Q903235
"QCDrivers" = QuickCam Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"Security Task Manager" = Security Task Manager 1.7h
"SiSoftware Sandra Lite 2005.SR3_is1" = SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
"SopCast" = SopCast 3.2.8
"ST6UNST #1" = ZIP_Code_Business_Patterns
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"StreamTorrent 1.0" = StreamTorrent 1.0
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.38
"Veetle TV" = Veetle TV 0.9.16
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3DDeinstKey" = ArcView 3D Analyst
"ArcView GIS 3.2" = ArcView GIS 3.2a
"ArcView Image Analysis" = ArcView Image Analysis
"ArcView Network Analyst" = ArcView Network Analyst
"ArcView Spatial Analyst" = ArcView Spatial Analyst
"Renatager" = Mp3 Renatager

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30.11.2009 23:34:46 | Computer Name = Paulchen | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner
Fehler aufgetreten. .

Error - 04.12.2009 08:41:22 | Computer Name = Paulchen | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner
Fehler aufgetreten. .

Error - 11.07.2010 03:10:16 | Computer Name = Paulchen | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 11.07.2010 03:10:17 | Computer Name = Paulchen | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 14.07.2010 18:07:15 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:16 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:17 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:17 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:17 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 14.07.2010 18:07:20 | Computer Name = Paulchen | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor

[ System Events ]
Error - 16.07.2010 12:52:19 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 17.07.2010 18:54:29 | Computer Name = Paulchen | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 17.07.2010 18:54:29 | Computer Name = Paulchen | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
oreans32 sr

Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3

Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2

Error - 17.07.2010 18:55:15 | Computer Name = Paulchen | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 17.07.2010 18:55:15 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3

Error - 17.07.2010 18:55:15 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2


< End of report >
[\Code]
__________
"The rug really tied the room together."
Seitenanfang Seitenende
18.07.2010, 17:23
Member

Beiträge: 420
#9 Mhm,

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\oreans32.sys -- (oreans32)
O3 - HKU\S-1-5-21-583907252-492894223-725345543-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontech.ltd.uk/software/download/IEPrint.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell - "" = AutoRun
O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell - "" = AutoRun
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun\command - "" = M:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010.07.14 16:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn


:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" =-
"445:TCP" =-
"137:UDP" =-
"138:UDP" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" =-
"445:TCP" =-
"137:UDP" =-
"138:UDP" =-
"135:TCP" =-
"5000:TCP" =-
"5001:TCP" =-
"5002:TCP" =-
"5003:TCP" =-
"5004:TCP" =-
"5005:TCP" =-
"5006:TCP" =-
"5007:TCP" =-
"5008:TCP" =-
"5009:TCP" =-
"5010:TCP" =-
"5011:TCP" =-
"5012:TCP" =-
"5013:TCP" =-
"5014:TCP" =-
"5015:TCP" =-
"5016:TCP" =-
"5017:TCP" =-
"5018:TCP" =-
"5019:TCP" =-
"5020:TCP" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe" =-

:Commands
[purity]
[emptytemp]
[emptyflash]
und klicke auf Run Fix. Ein Neustart wird unter Umständen benötigt. Bitte das Fix Log posten.

2. Hol Dir bitte den TDSSKiller
http://support.kaspersky.com/de/downloads/utils/tdsskiller.zip
Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner).
Starte tdsskiller.exe
Wenn der Scan fertig ist, drücke eine beliebige Taste um fortzufahren.
Das Log ist unter c:\TDSSKiller....._log.txt zu finden.
Poste bitte dieses Log.

3. Arbeite bitte diese Anleitung ab:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
Anschließend bitte das Log posten.
Seitenanfang Seitenende
19.07.2010, 01:11
Member

Themenstarter

Beiträge: 12
#10 Hallo gangren,

hier nun die Logs.

1. OTL (nach Fix mit dem von Dir genannten Skript)
[code]All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll not found.
Service oreans32 stopped successfully!
Service oreans32 deleted successfully!
File C:\WINDOWS\System32\drivers\oreans32.sys not found.
Registry value HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
Starting removal of ActiveX control IEPrint
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEPrint\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEPrint\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\IEPrint\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found.
File M:\DPFMate.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5000:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5001:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5002:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5003:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5004:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5005:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5006:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5007:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5008:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5009:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5010:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5011:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5012:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5013:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5014:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5015:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5016:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5017:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5018:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5019:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5020:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 7058 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes

User: IBM Customer
->Temp folder emptied: 3156 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Flash cache emptied: 2167 bytes

User: Susanne
->Temp folder emptied: 69519 bytes
->Flash cache emptied: 499 bytes

User: Fritzle
->Temp folder emptied: 9056 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34105568 bytes
->Flash cache emptied: 8855 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 609187 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Gast

User: IBM Customer

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Susanne
->Flash cache emptied: 0 bytes

User: Fritzle
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07182010_232943

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[\code]

2. TDSSKiller

[code]23:36:32:156 4040 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
23:36:32:156 4040 ================================================================================
23:36:32:156 4040 SystemInfo:

23:36:32:156 4040 OS Version: 5.1.2600 ServicePack: 2.0
23:36:32:156 4040 Product type: Workstation
23:36:32:156 4040 ComputerName: Paulchen
23:36:32:156 4040 UserName: Fritzle
23:36:32:156 4040 Windows directory: C:\WINDOWS
23:36:32:156 4040 System windows directory: C:\WINDOWS
23:36:32:156 4040 Processor architecture: Intel x86
23:36:32:156 4040 Number of processors: 1
23:36:32:156 4040 Page size: 0x1000
23:36:32:156 4040 Boot type: Normal boot
23:36:32:156 4040 ================================================================================
23:36:33:859 4040 Initialize success
23:36:33:859 4040
23:36:33:859 4040 Scanning Services ...
23:36:34:171 4040 Raw services enum returned 408 services
23:36:34:187 4040
23:36:34:187 4040 Scanning Drivers ...
23:36:34:734 4040 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:36:34:781 4040 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:36:34:828 4040 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:36:34:859 4040 AFD (d2855e5fdb877adca2db689c1a054dba) C:\WINDOWS\System32\drivers\afd.sys
23:36:34:859 4040 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: d2855e5fdb877adca2db689c1a054dba, Fake md5: 5ac495f4cb807b2b98ad2ad591e6d92e
23:36:34:859 4040 File "C:\WINDOWS\System32\drivers\afd.sys" infected by TDSS rootkit ... 23:36:36:109 4040 Backup copy found, using it..
23:36:36:140 4040 will be cured on next reboot
23:36:36:296 4040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:36:36:343 4040 AmdK7 (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:36:36:375 4040 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys
23:36:36:406 4040 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:36:36:437 4040 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
23:36:36:453 4040 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
23:36:36:515 4040 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
23:36:36:546 4040 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
23:36:36:578 4040 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:36:36:593 4040 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:36:36:656 4040 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:36:36:687 4040 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:36:36:718 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:36:36:750 4040 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira\AntiVir Desktop\avgio.sys
23:36:36:781 4040 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:36:36:812 4040 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:36:36:906 4040 AVMBTPARALLEL (6867c7b9d7beca1859c15f6730fd067a) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys
23:36:37:234 4040 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys
23:36:37:281 4040 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys
23:36:37:328 4040 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys
23:36:37:359 4040 AVMWAN (398eb38f388ce7aeee34132aefb590ef) C:\WINDOWS\system32\DRIVERS\avmwan.sys
23:36:37:375 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:36:37:421 4040 bfhubase (68be923a2f6b6a52f16a0d564b7fc318) C:\WINDOWS\system32\DRIVERS\bfhubase.sys
23:36:37:484 4040 bfubase (45f341d5fd3afc002650c28ad447530d) C:\WINDOWS\system32\DRIVERS\bfubase.sys
23:36:37:531 4040 BT878 (72c98b32df52a641338a1599f6fc7ca8) C:\WINDOWS\system32\DRIVERS\BT878.sys
23:36:37:562 4040 btaudio (711442f5953966b14299b4b0404ec073) C:\WINDOWS\system32\drivers\btaudio.sys
23:36:37:593 4040 BTDriver (409f48dc4d505559043acbbf6095768a) C:\WINDOWS\system32\DRIVERS\btport.sys
23:36:37:687 4040 BTKRNL (03664bb96504c81b02f58c0eade8a464) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:36:37:718 4040 BTSERIAL (873f58c0fde879b53b468b65e39549c5) C:\WINDOWS\system32\drivers\btserial.sys
23:36:37:750 4040 BTSLBCSP (df810d392af466ff76cb6bf55c6c86af) C:\WINDOWS\system32\drivers\btslbcsp.sys
23:36:37:765 4040 BTWDNDIS (4223556c93871a4cbd68d0585f5e5dc9) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:36:37:796 4040 btwmodem (c525d186182b7a4e0f428f98b400e4e7) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
23:36:37:828 4040 BTWUSB (2054534e921359af42875ed825fa075f) C:\WINDOWS\system32\Drivers\btwusb.sys
23:36:37:890 4040 Cap7134 (fc766cfbd052e41ff71921b8fc9ffc30) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
23:36:37:968 4040 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys
23:36:38:031 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:36:38:125 4040 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:36:38:171 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:36:38:187 4040 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:36:38:234 4040 cdrdrv (6110b5c478a0da030be698edd362658f) C:\WINDOWS\system32\Drivers\Cdrdrv.sys
23:36:38:250 4040 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:36:38:343 4040 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
23:36:38:375 4040 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:36:38:421 4040 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
23:36:38:468 4040 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
23:36:38:500 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:36:38:531 4040 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:36:38:546 4040 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:36:38:593 4040 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
23:36:38:609 4040 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:36:38:625 4040 ElbyDelay (0b15894b0698abcac9f19d060119d1d0) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
23:36:38:671 4040 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:36:38:703 4040 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:36:38:718 4040 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
23:36:38:734 4040 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:36:38:781 4040 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
23:36:38:796 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:36:38:812 4040 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:36:38:890 4040 fxusbase (54c9e5685a08dd6abddb48069640a948) C:\WINDOWS\system32\DRIVERS\fxusbase.sys
23:36:38:937 4040 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:36:38:984 4040 HCW848NT (f22207841d5958d5185392a4fa485885) C:\WINDOWS\system32\DRIVERS\hcw848nt.sys
23:36:39:015 4040 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:36:39:046 4040 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
23:36:39:109 4040 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:36:39:125 4040 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:36:39:171 4040 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:36:39:203 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:36:39:218 4040 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:36:39:265 4040 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:36:39:281 4040 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:36:39:312 4040 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:36:39:328 4040 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:36:39:359 4040 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:36:39:375 4040 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:36:39:406 4040 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
23:36:39:437 4040 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:36:39:500 4040 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:36:39:546 4040 lfsfilt (8bcee40af7eb561ac3f89aabd346fbd1) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
23:36:39:562 4040 lpx (de577aa0f1bee59b2970a2dab9aeb236) C:\WINDOWS\system32\DRIVERS\lpx.sys
23:36:39:578 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:36:39:609 4040 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
23:36:39:625 4040 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:36:39:656 4040 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:36:39:703 4040 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:36:39:750 4040 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:36:39:781 4040 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:36:39:828 4040 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:36:39:859 4040 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:36:39:906 4040 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:36:39:937 4040 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:36:39:984 4040 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:36:40:015 4040 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:36:40:031 4040 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:36:40:078 4040 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:36:40:093 4040 ndasbus (fa353a92a5440a12954c0c474f979335) C:\WINDOWS\system32\DRIVERS\ndasbus.sys
23:36:40:109 4040 ndasscsi (0b9140cd7aaac9fb36c2406d4f99a844) C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
23:36:40:156 4040 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:36:40:187 4040 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:36:40:234 4040 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:36:40:265 4040 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:36:40:296 4040 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:36:40:343 4040 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:36:40:375 4040 NETBFPAN (1f6b0c9c8b89f64eeb37ef8181ae1452) C:\WINDOWS\system32\DRIVERS\netbfpan.sys
23:36:40:390 4040 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:36:40:406 4040 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:36:40:453 4040 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:36:40:484 4040 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:36:40:531 4040 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
23:36:40:578 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:36:40:593 4040 nvax (3de144bf9844a8073098f3c35bcf659a) C:\WINDOWS\system32\drivers\nvax.sys
23:36:40:625 4040 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
23:36:40:671 4040 nvnforce (cac8337fb6eb6911c47e43526f6a2397) C:\WINDOWS\system32\drivers\nvapu.sys
23:36:40:703 4040 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
23:36:40:750 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:36:40:781 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:36:40:875 4040 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:36:40:906 4040 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:36:40:921 4040 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:36:40:953 4040 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:36:41:000 4040 ousb2hub (d237306f0ed07a7e2962310eba3039a7) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
23:36:41:046 4040 ousbehci (2ca5cd35d957edfea159e08360ee0d9b) C:\WINDOWS\system32\Drivers\ousbehci.sys
23:36:41:093 4040 P2k (bf99865064a3c4c498d48d781aa32167) C:\WINDOWS\system32\DRIVERS\P2k.sys
23:36:41:125 4040 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
23:36:41:171 4040 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:36:41:375 4040 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:36:41:531 4040 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
23:36:41:765 4040 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:36:41:796 4040 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:36:41:906 4040 PhTVTune (e5e6dec6764d74e045033e957b191968) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
23:36:41:921 4040 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
23:36:41:953 4040 ppa3 (1023fc75551b2d8bc0aca99d9c1c5d63) C:\WINDOWS\system32\DRIVERS\ppa3.sys
23:36:41:984 4040 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:36:42:015 4040 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys
23:36:42:031 4040 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
23:36:42:046 4040 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:36:42:062 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:36:42:093 4040 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
23:36:42:187 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:36:42:203 4040 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:36:42:250 4040 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:36:42:265 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:36:42:296 4040 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:36:42:312 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:36:42:359 4040 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:36:42:406 4040 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:36:42:453 4040 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:36:42:500 4040 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
23:36:42:515 4040 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:36:42:546 4040 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:36:42:578 4040 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
23:36:42:609 4040 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:36:42:656 4040 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:36:42:687 4040 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
23:36:42:703 4040 sojubus (218bfa61acdc109df7df6c8aaed1422c) C:\WINDOWS\system32\DRIVERS\sojubus.sys
23:36:42:718 4040 sojuscsi (122fbabc9af1ab0a1a5394945c2e36a7) C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
23:36:42:750 4040 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:36:42:781 4040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:36:42:812 4040 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:36:42:859 4040 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
23:36:42:890 4040 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:36:42:937 4040 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys
23:36:42:953 4040 StMp3Rec (1c9ee2c640b6f899cc3d84bcd1ea526f) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
23:36:43:000 4040 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:36:43:015 4040 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:36:43:046 4040 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:36:43:125 4040 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:36:43:156 4040 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
23:36:43:203 4040 Tcpip (8d8949936913b041c6a0e184fbf1030b) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:36:43:265 4040 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:36:43:312 4040 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:36:43:359 4040 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:36:43:390 4040 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
23:36:43:406 4040 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
23:36:43:437 4040 TwkMs (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys
23:36:43:468 4040 TwkPCSC (9c88dcfdf817f6541a61d789360e6964) C:\WINDOWS\system32\drivers\TwkPCSC.sys
23:36:43:484 4040 TWKPNP (85acf8cd52b3b488ff58f1f25509ca5f) C:\WINDOWS\system32\DRIVERS\TWKPNP.SYS
23:36:43:500 4040 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:36:43:546 4040 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:36:43:640 4040 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
23:36:43:671 4040 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:36:43:703 4040 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:36:43:750 4040 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:36:43:781 4040 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:36:43:828 4040 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:36:43:859 4040 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:36:43:890 4040 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
23:36:43:937 4040 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
23:36:43:968 4040 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:36:44:000 4040 uscbs108 (23313e2a5020dca0671bc182e86a74e6) C:\WINDOWS\system32\DRIVERS\uscbs108.sys
23:36:44:031 4040 uscsc108 (3ff8c7648593dce2592ca180d149c59a) C:\WINDOWS\system32\DRIVERS\uscsc108.sys
23:36:44:078 4040 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:36:44:140 4040 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
23:36:44:171 4040 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
23:36:44:218 4040 vobcom (705c36bc6e13fdb304486898d6d8512b) C:\WINDOWS\system32\drivers\vobcom.sys
23:36:44:234 4040 VOBID (9695e4a37e61355f2eb9c7ea65502738) C:\WINDOWS\system32\DRIVERS\vobid.sys
23:36:44:265 4040 vobiw (ae5f53ad03038dfbcb47d80e484e789b) C:\WINDOWS\system32\drivers\vobiw.sys
23:36:44:296 4040 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
23:36:44:312 4040 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
23:36:44:343 4040 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
23:36:44:375 4040 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:36:44:421 4040 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:36:44:453 4040 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
23:36:44:500 4040 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:36:44:531 4040 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys
23:36:44:562 4040 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys
23:36:44:578 4040 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys
23:36:44:593 4040 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys
23:36:44:640 4040 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:36:44:671 4040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:36:44:718 4040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:36:44:718 4040 Reboot required for cure complete..
23:36:44:968 4040 Cure on reboot scheduled successfully
23:36:44:968 4040
23:36:44:968 4040 Completed
23:36:44:968 4040
23:36:44:968 4040 Results:
23:36:44:968 4040 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:36:44:968 4040 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:36:44:968 4040
23:36:44:968 4040 KLMD(ARK) unloaded successfully
[\code]

3. Combofix

[code]ComboFix 10-07-16.02 - Fritzle 19.07.2010 0:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2047.1634 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Fritzle\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Fritzle\.exe
c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server
c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\config.data
c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\flags.ini
c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\thread.xml
c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\worker.info
c:\windows\system32\hlp.dat
c:\windows\system32\sstray.exe

Infizierte Kopie von c:\windows\system32\ws2_32.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\$NtServicePackUninstall$\ws2_32.dll wurde wiederhergestellt

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR


((((((((((((((((((((((( Dateien erstellt von 2010-06-18 bis 2010-07-18 ))))))))))))))))))))))))))))))
.

2010-07-18 22:20 . 2010-07-18 22:20 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-07-18 21:29 . 2010-07-18 21:29 -------- d-----w- C:\_OTL
2010-07-16 16:36 . 2010-07-16 16:36 -------- d-----w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Malwarebytes
2010-07-16 16:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 16:36 . 2010-07-16 16:44 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-07-16 16:36 . 2010-07-16 16:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-16 16:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 17:15 . 2010-07-15 17:25 -------- d-----w- c:\windows\BDOSCAN8
2010-07-15 12:03 . 2010-07-15 16:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-07-15 12:03 . 2010-07-15 13:46 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-07-13 14:28 . 2010-07-13 14:28 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\AdobeUM
2010-07-13 14:27 . 2010-07-13 14:27 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-06-26 17:36 . 2010-06-26 17:36 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 21:38 . 2002-08-29 01:01 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-07-18 21:31 . 2010-07-18 21:31 0 ----a-w- c:\windows\SCARDSRV.TMP
2010-07-15 01:50 . 2010-07-14 21:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-07-14 21:39 . 2010-07-14 21:23 -------- d-----w- c:\programme\Security Task Manager
2010-07-11 17:10 . 2005-10-28 23:02 -------- d-----w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Azureus
2010-07-11 16:45 . 2005-01-12 12:04 -------- d-----w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Canon
2010-04-21 17:42 . 2010-04-21 17:42 52224 ----a-w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-04-21 17:42 . 2010-04-21 17:42 101376 ----a-w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2003-09-06 18:44 . 2001-01-22 09:28 100864 ----a-w- c:\programme\Win2000PPAHotfix.exe
.

------- Sigcheck -------

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2ad3df909e43001c668b20ec211136d0\sp2gdr\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2ad3df909e43001c668b20ec211136d0\sp2qfe\tcpip.sys
[-] 2007-08-27 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2007-08-27 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[7] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB913446_0$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys

[7] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\ws2help.dll
[-] 2004-08-04 . 2F4CE68209B23B173DCD91CE8829BC6B . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2001-08-18 . 17ED93B7DA379EE57C481A35E24F2973 . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\programme\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
"PDFCreatorClient"="d:\jaws pdf creator\PDFClient.exe" [2003-12-09 315392]
"hcwPVRReset"="d:\wintv\hcwP1Utl.exe" [2001-06-21 45056]
"YSearchProtection"="c:\programme\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-7-22 577597]
NDAS Device Management.lnk - c:\programme\NDAS\System\ndasmgmt.exe [2006-6-15 220672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OnlineControl.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk
backup=c:\windows\pss\OnlineControl.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PlexTools Professional XL.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\PlexTools Professional XL.lnk
backup=c:\windows\pss\PlexTools Professional XL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Fritzle^Startmenü^Programme^Autostart^Registration-Studio 8 SE.lnk]
path=c:\dokumente und einstellungen\Fritzle\Startmenü\Programme\Autostart\Registration-Studio 8 SE.lnk
backup=c:\windows\pss\Registration-Studio 8 SE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2002-11-02 06:33 45056 ----a-w- d:\clonecd\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 07:57 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2003-04-23 01:06 417871 ----a-w- d:\microsoft activesync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2003-09-06 18:42 102400 ----a-w- c:\programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\programme\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 09:29 729088 ----a-r- d:\omnipagese\EregGer\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ----a-w- d:\omnipagese\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 10:34 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-26 16:14 36975 ----a-w- c:\programme\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-11 04:15 111816 ----a-w- c:\programme\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2004-05-21 23:12 64512 ----a-w- c:\programme\WildTangent\Apps\CDA\CDAEngine0400.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspimgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"d:\\Azureus\\Azureus.exe"=
"d:\\Messenger-Software\\AIM95\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"d:\\RealPlayer\\realplay.exe"=
"d:\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\Messenger-Software\\Yahoo-Messenger\\YahooMessenger.exe"=
"d:\\SopCast\\SopCast.exe"=
"d:\\SopCast\\adv\\SopAdver.exe"=
"d:\\TVAnts\\Tvants.exe"=
"d:\\TVUPlayer\\TVUPlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6969:TCP"= 6969:TCP:Azureus
"52525:TCP"= 52525:TCP:Azureus
"6969:UDP"= 6969:UDP:Azureus
"52525:UDP"= 52525:UDP:Azureus

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [05.10.2003 11:41 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.09.2003 11:57 5504]
R0 TwkMs;CHIPDRIVE Maus Adapter;c:\windows\system32\drivers\TWKMS.SYS [29.01.2003 09:17 4828]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01.08.2003 15:47 29239]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [04.10.2001 12:53 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [20.02.2004 12:03 187392]
R2 a2free;a-squared Free Service;d:\a-squared free\a2service.exe [09.11.2007 22:10 1872320]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\avira\AntiVir Desktop\sched.exe [24.07.2009 23:45 108289]
R2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [13.01.2005 15:46 23552]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [26.01.2004 01:04 41856]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [24.07.2009 22:00 5120]
R2 TwkPCSC;CHIPDRIVE PC/SC Drivers;c:\windows\system32\drivers\TWKPCSC.SYS [29.01.2003 09:17 11676]
R2 TWKSCARDSRV;CHIPDRIVE SCARD Service;c:\windows\SCARDS32.EXE [29.01.2003 09:17 286720]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03.02.2004 16:04 62976]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\HCW848NT.sys [13.01.2005 15:17 138932]
R3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\system32\drivers\ousb2hub.sys [26.01.2004 01:04 55552]
R3 TWKPNP;CHIPDRIVE Plug and Play driver;c:\windows\system32\drivers\TWKPNP.SYS [18.01.2003 00:11 5550]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [09.03.2003 19:41 102336]
S1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [26.10.2005 10:37 11264]
S3 AVMBTPARALLEL;Bluetooth Druckeranschluss;c:\windows\system32\drivers\avmbtpar.sys [25.10.2004 03:00 60288]
S3 AVMBTSERIAL;Bluetooth Kommunikationsanschluss;c:\windows\system32\drivers\avmbtser.sys [25.10.2004 03:00 61056]
S3 AVMBTSND;Bluetooth Audio Driver;c:\windows\system32\drivers\avmbtsnd.sys [25.10.2004 03:00 49664]
S3 AVMCOWAN;ISDN CoNDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmcowan.sys [25.10.2004 03:00 53248]
S3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [27.11.2002 02:00 38608]
S3 bfhubase;Eumex C 200 data (WinXP/2000);c:\windows\system32\drivers\bfhubase.sys [25.10.2004 03:00 796352]
S3 bfubase;BlueFRITZ! USB (WinXP/2000);c:\windows\system32\drivers\bfubase.sys [09.12.2003 03:00 741600]
S3 CAPI_CIP;Bluetooth CAPI-Controller;c:\windows\system32\drivers\capi_cip.sys [25.10.2004 03:00 374144]
S3 fxusbase;BlueFRITZ! AP-X (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [27.11.2002 02:00 503600]
S3 NETBFPAN;Bluetooth Netzwerkadapter;c:\windows\system32\drivers\netbfpan.sys [25.10.2004 03:00 31818]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\DRIVERS\NETFRITZ.SYS --> c:\windows\system32\DRIVERS\NETFRITZ.SYS [?]
S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [31.01.2004 03:14 19520]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [24.07.2003 01:57 19968]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [18.01.2003 00:11 15576]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - uphcleanhlp
.
Inhalt des "geplante Tasks" Ordners

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-07-15 c:\windows\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
- c:\windows\system32\mobsync.exe [2001-08-18 07:58]

2010-07-13 c:\windows\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
- c:\windows\system32\mobsync.exe [2001-08-18 07:58]

2010-06-25 c:\windows\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job
- c:\windows\system32\mobsync.exe [2001-08-18 07:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.unc.edu/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Nach Microsoft &Excel exportieren - d:\micros~1\Office10\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - {361D6100-9833-4ABA-BB50-7015F325BBF0} - c:\windows\Downloaded Program Files\IEPrint.dll
TCP: {2CAE1438-109A-4E23-B938-6CEABEC7ABDC} = 192.168.2.1
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
FF - ProfilePath - c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - Google
FF - plugin: c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: d:\acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\acrobatreader\Reader\Browser\nppdf32.dll
FF - plugin: d:\veetle\Player\npvlc.dll
FF - plugin: d:\veetle\plugins\npVeetle.dll
FF - plugin: d:\veetle\VLCBroadcast\npvbp.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - trued:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
d:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-nForce Tray Options - sstray.exe
SafeBoot-klmdb.sys
MSConfigStartUp-Agent - d:\powervcrii\Agent.exe
MSConfigStartUp-AVMBLUEOBEX - c:\programme\avmclient\AvmObex.exe
MSConfigStartUp-Iomega Drive Icons - d:\iomega\DriveIcons\ImgIcon.exe
MSConfigStartUp-Iomega Startup Options - d:\iomega\Common\ImgStart.exe
MSConfigStartUp-iTunesHelper - d:\ipod\iTunes\iTunesHelper.exe
MSConfigStartUp-IW Controlcenter - d:\instan~1\INSTAN~1\IWCTRL.EXE
MSConfigStartUp-LogitechGalleryRepair - d:\logitech-imagestudio\ISStart.exe
MSConfigStartUp-LogitechImageStudioTray - d:\logitech-imagestudio\LogiTray.exe
MSConfigStartUp-Omnipage - d:\omnipagese\opware32.exe
MSConfigStartUp-QuickTime Task - d:\quicktime\qttask.exe
MSConfigStartUp-Remote_Agent - d:\powervcrii\RemoteAgent.exe
MSConfigStartUp-Yahoo! Pager - d:\messenger-software\Yahoo-Messenger\ypager.exe
ActiveSetup-{2F40BE49-2DD4-EA31-0400-030604050203} - c:\windows\System32\dllrun32.exe
AddRemove-HijackThis - c:\programme\HiJackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 00:28
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A216C20]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf766bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75adcb8
\Driver\atapi -> 0x8a216c20
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf796fba0
PacketIndicateHandler -> NDIS.sys @ 0xf797cb21
SendHandler -> NDIS.sys @ 0xf795a87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\Software\Zepter Software\RegLib*8c2f294c\AnyDVD/1]
"1"=dword:4549e8b7
"2"=dword:456b0256
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2352)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
d:\avira\AntiVir Desktop\avguard.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\diskeeper professional premier\DkService.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\NDAS\System\ndassvc.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\PDFCreatorMessages.exe
c:\programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
c:\programme\UPHClean\uphclean.exe
c:\programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-19 00:33:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-18 22:33

Vor Suchlauf: 11 Verzeichnis(se), 12.341.235.712 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.235.309.056 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 34D496DF2CC816EDCA7A4AD7957B436C
[\code]

Scheinbar wurden ein bzw. mehrere Rootkit(s) gefunden.
Ich habe nun, nachdem ich diese Schritte durchgeführt habe, ein kleines bisschen
herumprobiert, und es scheint, als wären alle Probleme gelöst.
Ist das nun wirklich so, oder muss ich weiteres unternehmen?

Das wäre ja wirklich toll, wenn es das jetzt gewesen wäre.
Viele Grüsse,
The Dude
__________
"The rug really tied the room together."
Dieser Beitrag wurde am 19.07.2010 um 12:05 Uhr von The Dude editiert.
Seitenanfang Seitenende
19.07.2010, 12:22
Member

Beiträge: 420
#11 Sieht schon ganz gut aus, aber wir sollten sicherstellen, dass nichts übriggeblieben ist, sonst könnte das Ganze von Vorne losgehen.
Systemwiederherstellung funktioniert auch wieder? Da fehlte nämlich ein Treiber.

1. Starte bitte OTL, kopiere unten in das Script-Feld rein

Zitat

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspimgr"=-
und klicke auf Run Fix. Unter Umständen wird ein Neustart benötigt.

2. Lasse bitte TDSSKiller erneut scannen und poste das (neue) Log.

3. Lasse bitte RootRepeal erneut scannen und poste das Log.
Seitenanfang Seitenende
19.07.2010, 13:26
Member

Themenstarter

Beiträge: 12
#12 Also weiter gehts,

1. OTL
Meldung:
Registry Value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\aspimgr
deleted successfully.

2. TDSSKiller Log:
[Code]
12:55:46:468 2132 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
12:55:46:468 2132 ================================================================================
12:55:46:468 2132 SystemInfo:

12:55:46:468 2132 OS Version: 5.1.2600 ServicePack: 2.0
12:55:46:468 2132 Product type: Workstation
12:55:46:468 2132 ComputerName: Paulchen
12:55:46:468 2132 UserName: Fritzle
12:55:46:468 2132 Windows directory: C:\WINDOWS
12:55:46:468 2132 System windows directory: C:\WINDOWS
12:55:46:468 2132 Processor architecture: Intel x86
12:55:46:468 2132 Number of processors: 1
12:55:46:468 2132 Page size: 0x1000
12:55:46:468 2132 Boot type: Normal boot
12:55:46:468 2132 ================================================================================
12:55:48:187 2132 Initialize success
12:55:48:187 2132
12:55:48:187 2132 Scanning Services ...
12:55:48:500 2132 Raw services enum returned 412 services
12:55:48:500 2132
12:55:48:500 2132 Scanning Drivers ...
12:55:49:031 2132 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:55:49:062 2132 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:55:49:109 2132 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
12:55:49:171 2132 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
12:55:49:234 2132 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:55:49:281 2132 AmdK7 (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys
12:55:49:328 2132 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys
12:55:49:359 2132 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:55:49:390 2132 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
12:55:49:406 2132 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
12:55:49:484 2132 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
12:55:49:500 2132 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
12:55:49:531 2132 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:55:49:625 2132 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:55:49:718 2132 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:55:49:750 2132 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:55:49:781 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:55:49:828 2132 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira\AntiVir Desktop\avgio.sys
12:55:49:859 2132 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:55:49:921 2132 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:55:49:953 2132 AVMBTPARALLEL (6867c7b9d7beca1859c15f6730fd067a) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys
12:55:49:984 2132 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys
12:55:50:000 2132 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys
12:55:50:031 2132 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys
12:55:50:046 2132 AVMWAN (398eb38f388ce7aeee34132aefb590ef) C:\WINDOWS\system32\DRIVERS\avmwan.sys
12:55:50:062 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:55:50:125 2132 bfhubase (68be923a2f6b6a52f16a0d564b7fc318) C:\WINDOWS\system32\DRIVERS\bfhubase.sys
12:55:50:234 2132 bfubase (45f341d5fd3afc002650c28ad447530d) C:\WINDOWS\system32\DRIVERS\bfubase.sys
12:55:50:312 2132 BT878 (72c98b32df52a641338a1599f6fc7ca8) C:\WINDOWS\system32\DRIVERS\BT878.sys
12:55:50:343 2132 btaudio (711442f5953966b14299b4b0404ec073) C:\WINDOWS\system32\drivers\btaudio.sys
12:55:50:375 2132 BTDriver (409f48dc4d505559043acbbf6095768a) C:\WINDOWS\system32\DRIVERS\btport.sys
12:55:50:437 2132 BTKRNL (03664bb96504c81b02f58c0eade8a464) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:55:50:468 2132 BTSERIAL (873f58c0fde879b53b468b65e39549c5) C:\WINDOWS\system32\drivers\btserial.sys
12:55:50:515 2132 BTSLBCSP (df810d392af466ff76cb6bf55c6c86af) C:\WINDOWS\system32\drivers\btslbcsp.sys
12:55:50:531 2132 BTWDNDIS (4223556c93871a4cbd68d0585f5e5dc9) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:55:50:546 2132 btwmodem (c525d186182b7a4e0f428f98b400e4e7) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
12:55:50:562 2132 BTWUSB (2054534e921359af42875ed825fa075f) C:\WINDOWS\system32\Drivers\btwusb.sys
12:55:50:609 2132 Cap7134 (fc766cfbd052e41ff71921b8fc9ffc30) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
12:55:50:656 2132 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys
12:55:50:703 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:55:50:750 2132 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:55:50:812 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:55:50:859 2132 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:55:50:890 2132 cdrdrv (6110b5c478a0da030be698edd362658f) C:\WINDOWS\system32\Drivers\Cdrdrv.sys
12:55:50:953 2132 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:55:51:062 2132 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
12:55:51:109 2132 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:55:51:453 2132 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
12:55:51:687 2132 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
12:55:51:718 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:55:51:750 2132 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:55:51:765 2132 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:55:51:812 2132 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
12:55:51:828 2132 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
12:55:51:859 2132 ElbyDelay (0b15894b0698abcac9f19d060119d1d0) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
12:55:51:906 2132 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:55:51:937 2132 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:55:51:953 2132 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
12:55:52:015 2132 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:55:52:062 2132 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
12:55:52:093 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:55:52:140 2132 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:55:52:187 2132 fxusbase (54c9e5685a08dd6abddb48069640a948) C:\WINDOWS\system32\DRIVERS\fxusbase.sys
12:55:52:234 2132 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:55:52:265 2132 HCW848NT (f22207841d5958d5185392a4fa485885) C:\WINDOWS\system32\DRIVERS\hcw848nt.sys
12:55:52:312 2132 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:55:52:375 2132 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
12:55:52:437 2132 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:55:52:468 2132 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:55:52:531 2132 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
12:55:52:562 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:55:52:609 2132 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:55:52:640 2132 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:55:52:703 2132 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:55:52:734 2132 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:55:52:765 2132 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:55:52:812 2132 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:55:52:843 2132 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:55:52:875 2132 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
12:55:52:906 2132 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
12:55:52:937 2132 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
12:55:53:015 2132 lfsfilt (8bcee40af7eb561ac3f89aabd346fbd1) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
12:55:53:046 2132 lpx (de577aa0f1bee59b2970a2dab9aeb236) C:\WINDOWS\system32\DRIVERS\lpx.sys
12:55:53:078 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:55:53:109 2132 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
12:55:53:156 2132 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:55:53:171 2132 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:55:53:218 2132 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:55:53:265 2132 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:55:53:343 2132 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:55:53:406 2132 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:55:53:453 2132 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:55:53:484 2132 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:55:53:515 2132 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:55:53:562 2132 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:55:53:609 2132 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
12:55:53:625 2132 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:55:53:656 2132 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:55:53:718 2132 ndasbus (fa353a92a5440a12954c0c474f979335) C:\WINDOWS\system32\DRIVERS\ndasbus.sys
12:55:53:750 2132 ndasscsi (0b9140cd7aaac9fb36c2406d4f99a844) C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
12:55:53:781 2132 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:55:53:812 2132 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:55:53:843 2132 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:55:53:859 2132 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:55:53:875 2132 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:53:921 2132 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:55:53:937 2132 NETBFPAN (1f6b0c9c8b89f64eeb37ef8181ae1452) C:\WINDOWS\system32\DRIVERS\netbfpan.sys
12:55:53:968 2132 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:55:54:015 2132 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:55:54:062 2132 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:55:54:109 2132 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:55:54:156 2132 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
12:55:54:218 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:55:54:265 2132 nvax (3de144bf9844a8073098f3c35bcf659a) C:\WINDOWS\system32\drivers\nvax.sys
12:55:54:328 2132 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
12:55:54:375 2132 nvnforce (cac8337fb6eb6911c47e43526f6a2397) C:\WINDOWS\system32\drivers\nvapu.sys
12:55:54:421 2132 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
12:55:54:453 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:55:54:484 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:55:54:515 2132 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:55:54:531 2132 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:55:54:562 2132 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:55:54:609 2132 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:55:54:656 2132 ousb2hub (d237306f0ed07a7e2962310eba3039a7) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
12:55:54:671 2132 ousbehci (2ca5cd35d957edfea159e08360ee0d9b) C:\WINDOWS\system32\Drivers\ousbehci.sys
12:55:54:703 2132 P2k (bf99865064a3c4c498d48d781aa32167) C:\WINDOWS\system32\DRIVERS\P2k.sys
12:55:54:734 2132 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
12:55:54:750 2132 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:55:54:781 2132 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:55:54:828 2132 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
12:55:54:875 2132 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:55:54:937 2132 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:55:55:078 2132 PhTVTune (e5e6dec6764d74e045033e957b191968) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
12:55:55:109 2132 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
12:55:55:140 2132 ppa3 (1023fc75551b2d8bc0aca99d9c1c5d63) C:\WINDOWS\system32\DRIVERS\ppa3.sys
12:55:55:187 2132 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:55:55:218 2132 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys
12:55:55:234 2132 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
12:55:55:265 2132 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:55:55:281 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:55:55:312 2132 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
12:55:55:390 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:55:421 2132 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:55:55:484 2132 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:55:500 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:55:55:562 2132 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:55:593 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:55:55:625 2132 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
12:55:55:671 2132 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:55:55:703 2132 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:55:55:765 2132 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:55:55:812 2132 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:55:55:859 2132 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:55:55:906 2132 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
12:55:55:921 2132 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:55:55:968 2132 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:55:56:046 2132 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
12:55:56:078 2132 sojubus (218bfa61acdc109df7df6c8aaed1422c) C:\WINDOWS\system32\DRIVERS\sojubus.sys
12:55:56:109 2132 sojuscsi (122fbabc9af1ab0a1a5394945c2e36a7) C:\WINDOWS\system32\DRIVERS\sojuscsi.sys
12:55:56:140 2132 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:55:56:171 2132 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:55:56:203 2132 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
12:55:56:234 2132 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
12:55:56:281 2132 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:56:312 2132 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:55:56:343 2132 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys
12:55:56:390 2132 StMp3Rec (1c9ee2c640b6f899cc3d84bcd1ea526f) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
12:55:56:421 2132 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:55:56:500 2132 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:55:56:546 2132 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:55:56:625 2132 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:55:56:640 2132 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
12:55:56:703 2132 Tcpip (8d8949936913b041c6a0e184fbf1030b) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:56:750 2132 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:55:56:781 2132 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:55:56:812 2132 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:55:56:843 2132 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
12:55:56:890 2132 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
12:55:56:937 2132 TwkMs (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys
12:55:56:968 2132 TwkPCSC (9c88dcfdf817f6541a61d789360e6964) C:\WINDOWS\system32\drivers\TwkPCSC.sys
12:55:57:015 2132 TWKPNP (85acf8cd52b3b488ff58f1f25509ca5f) C:\WINDOWS\system32\DRIVERS\TWKPNP.SYS
12:55:57:031 2132 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:55:57:093 2132 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:55:57:156 2132 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
12:55:57:187 2132 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:55:57:218 2132 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:55:57:250 2132 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:55:57:265 2132 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:55:57:312 2132 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:55:57:343 2132 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:55:57:375 2132 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:55:57:406 2132 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
12:55:57:437 2132 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:55:57:453 2132 uscbs108 (23313e2a5020dca0671bc182e86a74e6) C:\WINDOWS\system32\DRIVERS\uscbs108.sys
12:55:57:484 2132 uscsc108 (3ff8c7648593dce2592ca180d149c59a) C:\WINDOWS\system32\DRIVERS\uscsc108.sys
12:55:57:515 2132 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:55:57:562 2132 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
12:55:57:640 2132 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
12:55:57:750 2132 vobcom (705c36bc6e13fdb304486898d6d8512b) C:\WINDOWS\system32\drivers\vobcom.sys
12:55:57:781 2132 VOBID (9695e4a37e61355f2eb9c7ea65502738) C:\WINDOWS\system32\DRIVERS\vobid.sys
12:55:57:843 2132 vobiw (ae5f53ad03038dfbcb47d80e484e789b) C:\WINDOWS\system32\drivers\vobiw.sys
12:55:57:859 2132 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
12:55:57:937 2132 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
12:55:58:000 2132 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
12:55:58:046 2132 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:58:078 2132 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
12:55:58:125 2132 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
12:55:58:171 2132 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
12:55:58:203 2132 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys
12:55:58:234 2132 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys
12:55:58:265 2132 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys
12:55:58:265 2132 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys
12:55:58:312 2132 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:55:58:390 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:55:58:421 2132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:55:58:421 2132
12:55:58:421 2132 Completed
12:55:58:421 2132
12:55:58:421 2132 Results:
12:55:58:421 2132 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:55:58:421 2132 File objects infected / cured / cured on reboot: 0 / 0 / 0
12:55:58:421 2132
12:55:58:421 2132 KLMD(ARK) unloaded successfully
[\Code]

3. RootRepeal Log:
[Code]
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/19 13:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7482000 Size: 95360 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA4129000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA3497000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xA3956000 Size: 8960 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xb867b0ee

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb867b0e4

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xb867b0f3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xb867b0fd

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xb867b102

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb867b0d0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb867b0d5

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xb867b10c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xb867b107

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xb867b0f8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xb867b0df

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xa39566d0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a41db10 Size: 1264

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a41da88 Size: 1400

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a578f00 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5163f0 Size: 734

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a4a9da0 Size: 99

Object: Hidden Code [Driver: TwkMs, IRP_MJ_POWER]
Process: System Address: 0x00000000 Size: 4096

Object: Hidden Code [Driver: TwkMs, IRP_MJ_PNP]
Process: System Address: 0x00000000 Size: 4096

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CLOSE]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_READ]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_WRITE]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_EA]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a519ad8 Size: 37

Object: Hidden Code [Driver: VOBID, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CLEANUP]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_POWER]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a477bb0 Size: 99

Object: Hidden Code [Driver: VOBID, IRP_MJ_PNP]
Process: System Address: 0x8a477bb0 Size: 99

==EOF==
[\Code]

Zu Deiner Frage:
Ja, die Systemwiederherstellung funktioniert wieder.
Im Unterschied zu früher wird beim Booten irgendwann ganz kurz ein schwarzer Screen
mit Systemwiederherstellungsoptionen eingeblendet. Aber nur für ca. eine halbe Sekunde,
so dass ich praktisch nichts darauf erkennen kann. Ich glaube, bei der ComboFix-Anleitung
wird auch darauf hingewiesen, dass dieser Screen kommt. Ist kein Problem, oder?

Ich hätte noch eine Frage:
Mein System ist folgendermassen in Partitionen organisiert: C: System, D: Programme
E,F,G : verschiedene User-Dateien
Ich habe, gleich nachdem ich den Befall festgellt habe, die wichtigen Daten meiner Partitionen
E,F,G auf einer externen Platte gesichert. Wie soll ich nun damit umgehen?
Ich dachte mir, es wäre vielleicht eine gute Idee die Partionen E,F,G von Windows aus zu formatieren, oder?.
Aber was mache ich mit den Daten auf der externen Platte? AntiVir habe ich schon drüber laufen lassen. Aber das heisst ja nicht viel. Welche Tools kann ich für die externe Platte verwenden, um sicher zu stellen, dass ich mir auf diese Weise nicht wieder einen erneuten Viren/Trojaner/Rootkit -Befall einfange?

Viele Grüsse und schonmal ganz ganz vielen Dank bis hierher,
The Dude
__________
"The rug really tied the room together."
Seitenanfang Seitenende
19.07.2010, 14:30
Member

Beiträge: 420
#13 Der schwarze Screen beim Booten ist die Wiederherstellungskonsole, die vom ComboFix installiert wurde. Falls sie nicht stört, kann sie ruhig bleiben.

Zu den Partitionen: Formatieren ist immer gut. Die externe Platte können wir mit einem Online-Scanner überprüfen (Punkt 2)

1. Lasse bitte Malwarebytes erneut scannen, Aktualisierung nicht vergessen.

2. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In:). Den Inhalt der Datei bitte posten.

Für die Überprüfung der externen Platte (zweiter Scan):
Schließe nun bitte die externe Festplatte an (shift-Taste beim Anschließen gedrückt halten)

Klicke auf Scan your PC now

Wähle zunächst Andere Scans, klicke dann ganz unten bei Andere Scans auf Scannen. Es öffnet sich ein Fenster, markiere dort bitte die externe Platte, klicke auf OK und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In:). Den Inhalt der Datei bitte posten.

3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt)
Seitenanfang Seitenende
20.07.2010, 11:46
Member

Themenstarter

Beiträge: 12
#14

Zitat

gangren postete
Der schwarze Screen beim Booten ist die Wiederherstellungskonsole, die vom ComboFix installiert wurde. Falls sie nicht stört, kann sie ruhig bleiben.

Naja, so ein bisschen nervt der schwarze Screen schon. Gibt es eine Möglichkeit, ihn zu entfernen,
ohne das die Wiederherstellungskonsole dann wieder weg ist?

Hier nun die Ergebnisse der Scans bzw. die Logs:
1. Malwarebytes: Keine Funde

2.A. Panda (PC)
[Code]
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-07-19 15:38:16
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop 9.0.1.32 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@atdmt[2].txt
00147020 Cookie/Lop TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@mp3search[1].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@kinghost[2].txt
00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@fe.lea.lycos[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@overture[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@target[1].txt
00248517 Cookie/Advnt TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@www.advnt01[2].txt
00263700 Cookie/E-eliminator TrackingCookie No 0 Yes No c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@evidence-eliminator[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
221290 HIGH MS10-035
221289 HIGH MS10-034
221287 HIGH MS10-032
219830 HIGH MS10-029
219822 HIGH MS10-021
219821 HIGH MS10-020
219647 HIGH MS10-018
217842 HIGH MS10-015
217839 HIGH MS10-012
217838 HIGH MS10-011
217834 HIGH MS10-008
217832 HIGH MS10-006
217831 HIGH MS10-005
217169 HIGH MS10-002
216839 HIGH MS10-001
215938 HIGH MS09-072
215935 HIGH MS09-069
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
205735 HIGH MS09-002
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194861 HIGH MS08-031
194860 HIGH MS08-030
191618 HIGH MS08-025
191617 HIGH MS08-024
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187735 HIGH MS08-010
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
176382 HIGH MS07-057
120815 HIGH MS06-022
;===================================================================================================================================================================================
[\Code]

Soll ich die als Malaware angezeigten Cookies am besten einfach löschen?
Die "Vulnerabilities" gehen wahrscheinlich auf auf Windows-Patches etc. zurück, die ich mal dringend installieren sollte, oder?

2.B. Panda (externe Platte):
Keine Funde (ausser den identischen Vulnerabilities wie oben).
Das Anschliessen der Platte bei gedrückter Shift-Taste hat nicht geklappt.
Die Platte wurde nur gefunden, wenn ich die Shift-Taste nicht gedrückt hatte.

3. OTL
[Code]
OTL logfile created on: 19.07.2010 16:54:10 - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 21,50 Gb Total Space | 11,29 Gb Free Space | 52,50% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS
Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive F: | 24,42 Gb Total Space | 0,36 Gb Free Space | 1,46% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 465,76 Gb Total Space | 125,09 Gb Free Space | 26,86% Space Free | Partition Type: NTFS

Computer Name: Paulchen
Current User Name: Fritzle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
PRC - [2010.07.13 10:57:25 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- D:\a-squared Free\a2service.exe
PRC - [2009.08.14 12:51:34 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.23 15:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.06.15 01:07:50 | 000,220,672 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndasmgmt.exe
PRC - [2006.06.15 01:07:42 | 000,305,664 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe
PRC - [2005.11.23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Diskeeper Professional Premier\DkService.exe
PRC - [2005.10.14 21:00:38 | 000,172,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2005.07.22 17:50:16 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe
PRC - [2003.12.09 12:11:08 | 000,315,392 | ---- | M] (Global Graphics Software Ltd.) -- D:\Jaws PDF Creator\PDFClient.exe
PRC - [2003.12.09 11:48:40 | 000,139,264 | ---- | M] (Global Graphics Software Ltd) -- C:\WINDOWS\system32\PDFCreatorMessages.exe
PRC - [2003.11.12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.09.06 22:20:53 | 000,286,720 | ---- | M] (Towitoko AG) -- C:\WINDOWS\SCARDS32.EXE
PRC - [2003.05.15 16:41:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\point32.exe
PRC - [2003.04.23 03:06:54 | 000,417,871 | ---- | M] (Microsoft Corporation) -- D:\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2001.08.18 05:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
MOD - [2004.08.04 09:54:27 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 08:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.07.13 10:57:25 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\a-squared Free\a2service.exe -- (a2free)
SRV - [2009.08.14 12:51:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.06.15 01:07:42 | 000,305,664 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2005.11.23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- D:\Diskeeper Professional Premier\DkService.exe -- (Diskeeper)
SRV - [2005.10.14 21:00:38 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.10.09 22:33:00 | 001,079,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2005.10.09 22:32:52 | 000,170,536 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.12.09 11:48:40 | 000,139,264 | ---- | M] (Global Graphics Software Ltd) [Auto | Running] -- C:\WINDOWS\system32\PDFCreatorMessages.exe -- (PDFCreatorMessages)
SRV - [2003.11.12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.09.06 22:20:53 | 000,286,720 | ---- | M] (Towitoko AG) [Auto | Running] -- C:\WINDOWS\SCARDS32.EXE -- (TWKSCARDSRV)
SRV - [2001.08.18 05:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009.12.20 19:27:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.01.23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006.11.22 23:48:18 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2006.06.15 01:08:18 | 000,140,416 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2006.06.15 01:07:30 | 000,130,560 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2006.06.15 01:07:30 | 000,061,952 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2006.06.15 01:07:30 | 000,044,288 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2006.06.12 19:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.05.01 21:28:31 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2006.01.20 15:26:14 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006.01.20 15:26:14 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.01.20 15:26:08 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005.12.30 02:41:33 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005.07.22 17:35:28 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.07.22 17:34:02 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.07.22 17:33:58 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.07.22 17:33:00 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.07.22 17:31:10 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.07.22 17:31:00 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005.07.22 17:30:34 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.07.22 17:27:42 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.12.18 20:32:32 | 000,038,229 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004.10.25 03:00:00 | 000,796,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfhubase.sys -- (bfhubase) Eumex C 200 data (WinXP/2000)
DRV - [2004.10.25 03:00:00 | 000,374,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\capi_cip.sys -- (CAPI_CIP)
DRV - [2004.10.25 03:00:00 | 000,061,056 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtser.sys -- (AVMBTSERIAL)
DRV - [2004.10.25 03:00:00 | 000,060,288 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtpar.sys -- (AVMBTPARALLEL)
DRV - [2004.10.25 03:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2004.10.25 03:00:00 | 000,049,664 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtsnd.sys -- (AVMBTSND)
DRV - [2004.10.25 03:00:00 | 000,031,818 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netbfpan.sys -- (NETBFPAN)
DRV - [2004.08.04 08:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2004.08.04 08:03:35 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.04 08:00:16 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2004.06.09 00:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004.02.20 12:03:18 | 000,187,392 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004.02.03 16:04:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2004.01.27 22:56:58 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.12.09 03:00:00 | 000,741,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfubase.sys -- (bfubase) BlueFRITZ! USB (WinXP/2000)
DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003.11.17 06:04:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003.10.15 14:59:54 | 000,055,552 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2003.10.15 14:59:44 | 000,041,856 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2003.10.05 11:41:14 | 000,123,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sojubus.sys -- (sojubus)
DRV - [2003.09.28 11:57:52 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sojuscsi.sys -- (sojuscsi)
DRV - [2003.08.01 15:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vobid.sys -- (VOBID)
DRV - [2003.06.17 17:24:00 | 000,286,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2003.06.17 17:24:00 | 000,030,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003.04.08 14:14:50 | 000,038,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k)
DRV - [2003.03.19 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003.03.09 19:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108)
DRV - [2003.03.09 19:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108)
DRV - [2002.11.28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002.11.27 21:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002.11.27 02:00:00 | 000,503,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) BlueFRITZ! AP-X (WinXP/2000)
DRV - [2002.11.27 02:00:00 | 000,038,608 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2002.09.16 18:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2002.06.20 18:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002.06.20 18:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002.06.20 18:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.06.20 18:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002.06.17 03:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2002.06.17 03:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TWKMS.SYS -- (TwkMs)
DRV - [2002.06.17 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TWKPNP.SYS -- (TWKPNP)
DRV - [2002.05.13 20:07:06 | 000,423,712 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) TV-Station (SAA7134Capture with MK3-Tuner)
DRV - [2002.05.13 19:16:44 | 000,019,520 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002.04.17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2002.01.07 16:28:54 | 000,023,552 | ---- | M] (Hauppauge Computer Works) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\bt878.sys -- (BT878)
DRV - [2001.10.04 12:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)
DRV - [2001.09.14 09:19:58 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)
DRV - [2001.08.18 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.18 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 14:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001.08.17 14:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001.08.17 14:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001.08.17 14:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001.03.09 15:53:06 | 000,138,932 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCW848NT.sys -- (HCW848NT)
DRV - [2001.01.08 10:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "engine://D%3A%5CMozilla%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Torrent-Search Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.de"
FF - prefs.js..browser.startup.homepage: "http://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..keyword.URL: "Google"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010.06.26 19:36:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.06.26 19:36:08 | 000,000,000 | ---D | M]

[2008.06.27 20:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions
[2010.07.15 15:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions
[2010.04.21 19:42:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.03.14 23:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com
[2008.10.18 15:28:48 | 000,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\searchplugins\conduit.xml

O1 HOSTS File: ([2010.07.19 00:28:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe ()
O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://204.49.60.246/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.1427893518 (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.01.16 06:38:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.19 00:58:16 | 000,169,504 | ---- | M] () - E:\Auto Kaufberatung.mht -- [ NTFS ]
O32 - AutoRun File - [2007.11.19 00:59:29 | 000,276,766 | ---- | M] () - E:\Auto-Kauf -- Rabatt für Bar-Zahler spart oft mehr als günstiges Finanzierungsangebot.mht -- [ NTFS ]
O32 - AutoRun File - [2009.10.16 13:50:05 | 000,852,681 | ---- | M] () - E:\Autobatterie aufladen-wechseln bei heimwerker_de.mht -- [ NTFS ]
O32 - AutoRun File - [2007.09.10 00:55:02 | 000,006,346 | ---- | M] () - E:\automatische Seitenweiterleitung.mht -- [ NTFS ]
O32 - AutoRun File - [2007.11.12 04:59:26 | 000,513,453 | ---- | M] () - E:\Autotteilestore.com -- Auspuffanlage komplett.mht -- [ NTFS ]
O32 - AutoRun File - [2008.06.23 16:43:43 | 000,365,621 | ---- | M] () - E:\Autozine - Autotest Chevrolet Captiva.mht -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 18:26:08 | 000,033,488 | ---- | M] () - F:\Autoversicherung_Bus.pdf -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 17:39:03 | 000,035,391 | ---- | M] () - F:\Autoversicherung_Golf.pdf -- [ NTFS ]
O32 - AutoRun File - [2009.12.15 04:35:34 | 000,033,990 | ---- | M] () - F:\Autoversicherung_Golf_Version2.pdf -- [ NTFS ]
O32 - AutoRun File - [2008.09.16 00:17:56 | 000,372,517 | ---- | M] () - G:\Autovermietung#Hertz_Amerika#buchen.pdf -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010.07.19 15:26:06 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010.07.19 15:26:00 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.07.19 15:25:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.07.19 13:27:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fritzle\Recent
[2010.07.19 00:36:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.18 23:49:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.18 23:47:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.18 23:47:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.18 23:47:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.18 23:47:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.18 23:47:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.18 23:47:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.18 23:29:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.18 23:27:33 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\TDSSKiller.exe
[2010.07.18 00:56:46 | 000,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\RootRepeal.exe
[2010.07.16 20:47:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
[2010.07.16 18:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Malwarebytes
[2010.07.16 18:36:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.16 18:36:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.16 18:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ProcessExplorer
[2010.07.15 19:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.07.14 23:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.07.14 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.07.13 16:28:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM
[2010.07.13 16:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.07.13 16:25:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.13 16:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.13 15:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\a-squared Free
[2010.04.21 19:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.04.21 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.21 19:42:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Conduit
[2003.10.05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003.09.28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2003.03.09 19:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 19:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 19:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
[2003.02.12 08:37:16 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010.07.19 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
[2010.07.19 15:15:26 | 000,000,378 | ---- | M] () -- C:\WINDOWS\SCARDSRV.INI
[2010.07.19 15:15:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.19 15:15:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.19 15:14:58 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.19 13:27:54 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat
[2010.07.19 13:27:54 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.ini
[2010.07.19 12:58:28 | 000,000,015 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\settings.dat
[2010.07.19 00:29:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.19 00:28:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.19 00:20:55 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2010.07.18 23:49:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.18 23:38:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.18 23:12:48 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\TDSSKiller.exe
[2010.07.18 23:11:44 | 003,737,904 | R--- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ComboFix.exe
[2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe
[2010.07.16 19:33:31 | 000,147,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe
[2010.07.16 18:36:20 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 17:37:22 | 000,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe
[2010.07.15 16:18:35 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.07.15 14:03:26 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk
[2010.07.15 13:27:55 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 04:43:36 | 000,001,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.15 04:43:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.07.15 02:38:54 | 000,018,254 | ---- | M] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010.07.15 02:25:50 | 000,000,032 | ---- | M] () -- C:\WINDOWS\HCWBTDLG.INI
[2010.07.15 02:25:30 | 000,001,249 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2010.07.14 16:51:26 | 000,000,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
[2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job
[2010.06.24 07:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.21 19:43:20 | 000,000,505 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.07.19 00:20:55 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010.07.18 23:49:30 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.07.18 23:49:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.07.18 23:47:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.18 23:47:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.18 23:47:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.18 23:47:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.18 23:47:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.18 23:27:33 | 003,737,904 | R--- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ComboFix.exe
[2010.07.18 00:57:18 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\settings.dat
[2010.07.16 19:40:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com
[2010.07.16 19:33:31 | 000,147,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe
[2010.07.16 18:36:20 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.16 17:37:22 | 000,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe
[2010.07.15 16:18:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.07.15 14:03:26 | 000,000,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk
[2010.07.15 02:21:16 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.14 16:51:26 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.06.24 01:30:52 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat
[2010.04.21 19:43:20 | 000,000,505 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk
[2010.01.29 08:14:57 | 002,065,696 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc.dll
[2010.01.29 08:14:57 | 002,060,288 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc(2).dll
[2010.01.29 08:14:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009.09.14 22:18:51 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.09.14 22:18:44 | 000,020,179 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.14 22:18:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007.11.08 13:23:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006.12.31 12:12:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006.06.04 20:32:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2006.02.24 13:18:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005.10.31 18:44:31 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2005.10.27 14:43:21 | 000,000,963 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2005.07.22 17:38:48 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.01.18 11:55:24 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005.01.15 17:12:45 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2005.01.13 16:40:47 | 000,001,779 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2005.01.13 16:22:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI
[2005.01.13 16:18:15 | 000,020,425 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2005.01.13 16:14:49 | 000,001,249 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005.01.12 13:55:55 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005.01.12 13:53:22 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.11.25 19:07:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.10.15 12:30:57 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\niknakXML.dll
[2004.10.15 12:30:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2004.10.15 12:30:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EventConsumer.dll
[2004.10.15 12:30:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PDFMacroUtils.dll
[2004.05.21 07:25:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\b2020.ini
[2004.05.14 12:53:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2004.04.30 04:16:21 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2004.01.27 22:55:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.25 03:31:04 | 000,018,254 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003.11.17 16:00:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2003.11.11 01:06:20 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003.11.11 01:06:20 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003.11.11 01:06:20 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003.11.11 01:06:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003.11.11 01:06:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2003.10.10 21:38:52 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Prof.ini
[2003.10.01 03:29:11 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2003.07.24 01:57:10 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2003.06.13 02:29:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2003.04.08 18:33:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2003.04.07 12:07:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.02.24 14:01:16 | 000,000,541 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2003.02.19 21:05:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini
[2003.02.19 20:58:38 | 000,000,387 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2003.02.18 13:27:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2003.02.18 13:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2003.02.12 08:37:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003.01.29 09:17:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SCARDSRV.INI
[2003.01.29 09:17:32 | 000,000,396 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2003.01.28 21:50:52 | 000,001,052 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.01.27 16:52:55 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2003.01.19 13:19:29 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.01.18 00:11:11 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2003.01.18 00:11:11 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003.01.17 16:38:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002.03.25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(3).DLL
[2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(2).DLL
[2001.01.22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(3).DLL
[1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[1998.12.14 19:00:00 | 000,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini
[1996.06.07 21:07:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[1996.06.07 21:07:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[1996.06.07 21:07:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[1996.06.07 21:07:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[1996.06.07 21:07:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[1996.06.07 21:07:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[1996.06.07 21:07:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[1996.06.07 21:07:08 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[1996.06.07 21:07:08 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[1996.06.07 21:07:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[1996.06.07 21:07:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[1996.06.07 21:07:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[1996.06.07 21:07:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll

[color=#E56717]========== LOP Check ==========[/color]

[2006.02.02 16:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2005.12.30 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software
[2010.04.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2008.02.05 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2005.12.30 02:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.11.10 03:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2005.09.02 13:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2005.01.12 14:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.07.15 03:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2005.01.12 14:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2005.01.12 14:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2005.01.15 19:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2005.04.13 01:31:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.01.29 06:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.29 09:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005.02.27 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Aim
[2010.07.11 19:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Azureus
[2010.07.11 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Canon
[2003.04.16 13:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\EverAd
[2003.01.21 14:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\FileMaker
[2003.01.17 14:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterTrust
[2003.01.23 12:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterVideo
[2006.01.17 16:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Leadertech
[2009.03.21 02:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mp3tag
[2009.08.10 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip
[2005.03.27 14:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Pegasys Inc
[2005.01.12 13:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\ScanSoft
[2009.01.06 18:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\SharePod
[2006.05.08 16:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Steinberg
[2009.09.12 23:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall
[2005.01.15 15:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Ulead Systems
[2007.04.01 17:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Viewpoint
[2005.04.14 18:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WeatherBug
[2010.01.29 07:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions
[2010.07.19 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job
[2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job
[2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
[\Code]


Meinst Du es sieht gut aus? Muss ich noch irgendetwas machen?
Eine weitere Frage noch: Wird Java im Zuge von automatischen Windows-Updates eigentlich
auch gleich mit upgedated, oder soll ich es von Hand über die Systemsteueerung deeinstallieren
und die neueste Version aufspielen (ist ja auch irgendwie sicherheitsrelevant) ?

Danke und viele Grüße,
Der Dude

__________
"The rug really tied the room together."
Seitenanfang Seitenende
20.07.2010, 15:40
Member

Beiträge: 420
#15 Das sieht gut aus, falls keine Probleme mehr sind, kommen wir zum Abschluss.

Zitat

Gibt es eine Möglichkeit, ihn zu entfernen,
ohne das die Wiederherstellungskonsole dann wieder weg ist?
Ich weiß es nicht, noch nie versucht. Allerdings wird die Konsole zusammen mit OTL entfernt werden (Punkt 3 ). Normalerweise benötigt man sie nicht.

Zitat

Soll ich die als Malaware angezeigten Cookies am besten einfach löschen?
Ja. Falls das nicht geht, verwende folgenden OTL-Script (starten, reinkopieren, Run Fix):

Zitat

:Files
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@atdmt[2].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@mp3search[1].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@kinghost[2].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@fe.lea.lycos[1].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@overture[1].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@go[1].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@target[1].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@www.advnt01[2].txt
c:\dokumente und einstellungen\Firtzle\cookies\Firtzle@evidence-eliminator[2].txt

Zitat

Die "Vulnerabilities" gehen wahrscheinlich auf auf Windows-Patches etc. zurück, die ich mal dringend installieren sollte, oder?
Jepp, damit kommen wir zum ersten Punkt:

1. Installiere unbedingt SP3 für XP.
http://www.heise.de/software/download/windows_xp_service_pack_3_sp3/35572
(oder besuche mit dem IE www.update.microsoft.com)

Der Support seitens Microsoft für SP2 wurde am 13. Juli eingestellt.

2. Könntest Du bitte die Ordner C:\_OTL und C:\Qoobox zippen, die zip-Datei auf http://www.file-upload.net/ hochladen und mir den Downloadlink per PM schicken? Das sind die Quarantäne-Ordner. Ich würde mir die Sachen ansehen und ggf. an verschiedene AV-Hersteller schicken, um die Erkennung zu verbessern. Danke

Danach (sonst sind die Ordner weg):
3. Starte OTL und klicke bitte auf CleanUP

4. Hol Dir bitte http://secunia.com/vulnerability_scanning/personal/ und halte damit Dein System auf dem neuesten Stand. Damit werden auch installierte Programme auf Aktualität überprüft, wie z.B. Java (nein, Java wird nicht mit Windows-Updates aktualisiert)

5. Lies Dir bitte das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Wir sind fertig ;)

Gruß,
gangren
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: