möglicherweise Rootkit?

#0
04.09.2010, 19:51
Member

Beiträge: 135
#1 siehe ganz unten...was bedeuten diese Alternativen Data Streams ?


Zitat

OTL logfile created on: 04.09.2010 19:26:17 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\andi.k\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 567,00 Mb Available Physical Memory | 55,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 3,83 Gb Free Space | 3,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASDSAFDS-5F59FB
Current User Name: andi.k
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.09.04 19:24:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andi.k\Desktop\OTL.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006.02.19 02:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2002.11.21 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.09.04 19:24:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andi.k\Desktop\OTL.exe
MOD - [2008.04.14 08:52:20 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008.04.14 08:51:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2002.11.21 10:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2002.11.21 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\LgWndHk.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\uzqwodiy.sys -- (uzqwodiy)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - [2010.08.07 23:53:29 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010.02.22 18:28:52 | 005,862,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.02.11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008.04.14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.05.02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.07.29 11:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.07.29 11:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.03.09 16:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2002.11.08 11:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002.11.08 11:50:00 | 000,041,420 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2002.11.08 11:50:00 | 000,023,838 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.01 00:36:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.01 00:36:12 | 000,000,000 | ---D | M]

[2010.02.27 20:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Mozilla\Extensions
[2010.08.24 22:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Mozilla\Firefox\Profiles\2nhvmw1s.default\extensions
[2010.07.20 21:21:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Mozilla\Firefox\Profiles\2nhvmw1s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.21 19:45:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Mozilla\Firefox\Profiles\2nhvmw1s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.08.24 22:51:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.21 23:41:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 23:55:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.05.21 23:41:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.08.24 22:32:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.20 15:34:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010.09.04 19:25:37 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\andi.k\Recent
[2010.09.04 19:25:16 | 000,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\RootRepeal.exe
[2010.09.04 19:24:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andi.k\Desktop\OTL.exe
[2010.09.04 19:17:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Desktop\backups
[2010.09.04 18:45:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.09.04 18:32:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.09.04 18:26:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Desktop\avz4
[2010.08.08 11:42:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.08 11:42:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.08 11:42:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.07 23:54:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2010.08.07 23:53:59 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.08.07 23:53:29 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.08.05 22:18:52 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\mbam-setup-1.46.exe
[2010.07.31 23:41:43 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010.07.31 23:41:43 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010.07.31 23:41:42 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010.07.31 23:41:41 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.07.31 23:40:46 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010.07.31 23:40:46 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010.07.31 23:40:45 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010.07.31 23:40:45 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010.07.31 23:40:45 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010.07.31 23:40:45 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010.07.31 23:40:45 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010.07.31 23:40:45 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010.07.31 23:40:44 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010.07.31 23:40:44 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010.07.31 23:40:44 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010.07.31 23:40:44 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010.07.31 23:39:56 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2010.07.31 23:35:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Desktop\Downloads
[2010.07.31 23:35:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\GetRightToGo
[2010.07.31 23:32:57 | 000,487,479 | ---- | C] (Appspeed Inc.) -- C:\WINDOWS\System32\SkinMagic.dll
[2010.07.31 23:32:56 | 000,000,000 | ---D | C] -- C:\Programme\FLV2all
[2010.07.31 23:25:54 | 004,394,586 | ---- | C] (www.appfree.net ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\flv2all.exe
[2010.07.23 13:17:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Desktop\laufwerk
[2010.07.23 13:15:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Inspector File Recovery
[2010.07.05 13:23:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Desktop\me
[2010.07.04 19:52:11 | 000,000,000 | ---D | C] -- C:\Programme\Sophos
[2010.06.10 23:28:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Lokale Einstellungen\Anwendungsdaten\Google
[2010.06.10 23:28:47 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.06.10 23:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Picasa3
[2010.06.09 20:20:01 | 008,528,000 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\ashampoo_clipfinder_hd_2.07_sm.exe
[2010.06.07 00:06:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\dvdcss

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010.09.04 19:24:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andi.k\Desktop\OTL.exe
[2010.09.04 19:21:56 | 000,501,736 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\LopSD.exe
[2010.09.04 18:47:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.04 18:47:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.04 18:45:42 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\andi.k\ntuser.dat
[2010.09.04 18:45:42 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\andi.k\ntuser.ini
[2010.09.04 18:37:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.04 18:32:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.09.04 18:26:04 | 006,175,589 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Eigene Dateien\avz4.zip
[2010.09.03 23:32:25 | 000,103,424 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 12:44:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.24 22:32:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.18 22:17:01 | 009,263,238 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\pidgin-2.7.3.exe
[2010.08.16 23:18:36 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.08.08 11:42:53 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 11:41:44 | 000,000,781 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ashampoo ClipFinder HD.lnk
[2010.08.08 01:11:23 | 000,002,341 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.08.08 00:14:40 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.08.08 00:14:39 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.08.07 23:53:29 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.08.05 22:20:14 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\mbam-setup-1.46.exe
[2010.07.31 23:40:46 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER © Uninstall.lnk
[2010.07.31 23:40:46 | 000,001,629 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2010.07.31 23:26:39 | 004,394,586 | ---- | M] (www.appfree.net ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\flv2all.exe
[2010.07.23 13:48:01 | 000,018,496 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.07.23 13:47:40 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.23 13:15:14 | 000,001,525 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.07.22 12:53:26 | 009,376,815 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\pidgin-2.7.2.exe
[2010.07.20 21:31:12 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Eigene Dateien\todo.rtf
[2010.07.20 21:29:47 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\bqsjpu39.exe
[2010.07.17 00:41:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\andi.k\Desktop\HijackThis.exe
[2010.07.17 00:24:26 | 000,004,604 | ---- | M] () -- C:\Dokumente und Einstellungen\andi.k\Eigene Dateien\1234.jpg
[2010.07.06 22:09:07 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.07.06 01:04:53 | 001,008,668 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.06 01:04:53 | 000,453,064 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.06 01:04:53 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.06 01:04:53 | 000,082,280 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.06 01:04:53 | 000,069,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.21 22:57:37 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\sdsetup.exe
[2010.06.10 23:30:01 | 000,000,638 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk
[2010.06.09 20:20:30 | 008,528,000 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Dokumente und Einstellungen\andi.k\Desktop\ashampoo_clipfinder_hd_2.07_sm.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.09.04 19:21:55 | 000,501,736 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\LopSD.exe
[2010.09.04 18:32:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.09.04 18:32:27 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2010.09.04 18:25:23 | 006,175,589 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Eigene Dateien\avz4.zip
[2010.08.16 23:18:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.08.11 23:27:57 | 009,263,238 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\pidgin-2.7.3.exe
[2010.08.08 11:42:53 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 11:41:44 | 000,000,781 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ashampoo ClipFinder HD.lnk
[2010.08.07 23:55:37 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.08.07 23:55:37 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.07.31 23:40:46 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER © Uninstall.lnk
[2010.07.31 23:40:46 | 000,001,629 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2010.07.31 23:40:45 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010.07.31 23:40:45 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010.07.31 23:40:45 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010.07.31 23:40:45 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010.07.31 23:40:44 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010.07.31 23:40:44 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010.07.31 23:40:43 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010.07.23 13:15:17 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010.07.23 13:15:14 | 000,001,525 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.07.22 12:53:26 | 009,376,815 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\pidgin-2.7.2.exe
[2010.07.20 21:29:47 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Desktop\bqsjpu39.exe
[2010.07.20 21:22:53 | 000,001,576 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Eigene Dateien\todo.rtf
[2010.07.17 00:24:25 | 000,004,604 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Eigene Dateien\1234.jpg
[2010.06.10 23:30:01 | 000,000,638 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk
[2010.06.01 00:36:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.01 00:36:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.06.01 00:36:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.06.01 00:35:59 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.01 00:35:59 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.05.17 00:23:50 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.04.19 14:49:51 | 000,000,095 | ---- | C] () -- C:\WINDOWS\qjrs.ini
[2010.04.19 14:49:51 | 000,000,095 | ---- | C] () -- C:\WINDOWS\pjsqs.ini
[2010.04.07 20:41:09 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat
[2010.03.17 23:05:03 | 000,001,004 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Svclog.log
[2010.02.28 02:28:30 | 000,103,424 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.27 23:10:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.27 20:32:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.02.27 20:11:57 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\andi.k\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.02.20 19:51:26 | 000,021,357 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2010.02.20 19:20:54 | 000,004,201 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.02.20 19:20:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.01.05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2006.05.16 08:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.03.02 02:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2010.03.13 01:18:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.04.25 17:12:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.02.20 19:50:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2010.02.20 19:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.06.25 00:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.05.08 18:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.02.28 00:36:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.08.24 23:09:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\.purple
[2010.08.08 11:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Ashampoo
[2010.03.13 01:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Canneverbe Limited
[2010.07.31 23:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\GetRightToGo
[2010.05.13 01:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\gtk-2.0
[2010.03.03 02:24:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\InfraRecorder
[2010.05.21 20:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Panda Security
[2010.03.01 19:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Samsung
[2010.04.28 19:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\Subversion
[2010.05.21 19:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andi.k\Anwendungsdaten\T-Online

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >
Seitenanfang Seitenende
04.09.2010, 19:53
Member

Themenstarter

Beiträge: 135
#2 hier noch die Extras List


Zitat

OTL Extras logfile created on: 04.09.2010 19:26:17 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\andi.k\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 567,00 Mb Available Physical Memory | 55,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 3,83 Gb Free Space | 3,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASDSAFDS-5F59FB
Current User Name: andi.k
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\aMSN\bin\wish.exe" = C:\Programme\aMSN\bin\wish.exe:*;)isabled:Wish Application -- (ActiveState Corporation)
"C:\Programme\Pidgin\pidgin.exe" = C:\Programme\Pidgin\pidgin.exe:*;)isabled:pidgin -- (The Pidgin developer community)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3EEF7D9E-9650-4335-A41B-A693CB57A496}" = Foxit Reader
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (deu)
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Able Video Snapshot_is1" = Able Video Snapshot 1.6.5.22
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"aMSN" = aMSN 0.98.3
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.07
"Ashampoo Magical Snap FREE_is1" = Ashampoo Magical Snap FREE
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"InfraRecorder" = InfraRecorder
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"KaloMa_is1" = KaloMa 4.80
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"QuickShot_is1" = QuickShot 3.0.2
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 08.08.2010 17:43:18 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00004e46.

Error - 11.08.2010 18:13:42 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00004e46.

Error - 21.08.2010 17:18:12 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 21.08.2010 17:19:39 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 28.08.2010 12:28:54 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 12:28:54 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 12:48:48 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 12:48:49 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 13:08:57 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 13:08:57 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

[ Application Events ]
Error - 08.08.2010 17:43:18 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00004e46.

Error - 11.08.2010 18:13:42 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00004e46.

Error - 21.08.2010 17:18:12 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 21.08.2010 17:19:39 | Computer Name = ASDSAFDS-5F59FB | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 28.08.2010 12:28:54 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 12:28:54 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 12:48:48 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 12:48:49 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 13:08:57 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

Error - 28.08.2010 13:08:57 | Computer Name = ASDSAFDS-5F59FB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger
zur Verfügung. .

[ System Events ]
Error - 03.09.2010 08:01:39 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccess" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 03.09.2010 08:01:43 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 04.09.2010 06:02:43 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccess" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 04.09.2010 06:03:06 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 04.09.2010 08:40:34 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccess" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 04.09.2010 08:40:54 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 04.09.2010 10:23:20 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccess" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 04.09.2010 10:23:38 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 04.09.2010 12:48:29 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMSAccess" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 04.09.2010 12:48:50 | Computer Name = ASDSAFDS-5F59FB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE


< End of report >
Seitenanfang Seitenende
04.09.2010, 19:55
Member

Themenstarter

Beiträge: 135
#3 Rootrepeal Log-->

Zitat

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/04 19:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAD986000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B22000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA5EA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d58c

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18de0c

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18e922

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ee94

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18e0ee

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c436

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ed6c

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d192

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ec28

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d34e

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18efc6

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190c08

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18daaa

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ecca

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae1905fa

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c9fa

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18cd88

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18e576

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae1915ca

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ceca

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18cf74

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18e382

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19068c

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c412

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c424

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190cbc

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d0c0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ef36

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18de8e

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c5dc

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18ee04

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d792

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190c32

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18f068

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d6b6

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d01e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18cc46

#: 167 Function Name: NtQuerySection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190fd4

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c896

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190922

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18cb0e

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c2b0

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18f3f2

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18f2b8

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19039a

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae193e2c

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae1914ac

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c248

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18e65c

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18dcc8

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18fc4a

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190786

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae191114

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18c71e

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae1911f8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae191320

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190526

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d90a

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d860

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae190e8a

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae18d9ea

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19eca6

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19ed70

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19edda

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19ed0a

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e8ba

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19ec72

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19eaa8

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e822

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19ebaa

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e86e

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e9fa

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e950

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e9a4

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19eb3a

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19ea5a

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e772

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xae19e7c8

==EOF==
Seitenanfang Seitenende
05.09.2010, 15:21
Member

Themenstarter

Beiträge: 135
#4 hat sich erledigt...lag wohl an Kaspersky.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: