C:\WINDOWS\system32\sdra64.exe mit TR/Spy.ZBot.ahgi infiziert

elvislevis · 16.04.2010, 17:13

hallo,

habe schon zweimal mein system mit antivir geprüft ; bereits beim ersten scan wurde der trojaner TR/Spy.ZBot.ahgi gefunden und gelöscht ; beim zweiten scan war er jedoch - unter anderem namen , wieder im system32-ordner - wieder da ; kann mir jemand sagen, ob der trojaner nun entfernt wurde oder nicht???

vielen dank für die hilfe!

habe CCleaner laufen lassen , anschließend RSIT ; hier die logs:

log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by KUCHENK at 2010-04-16 18:06:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (26%) free of 50 GB
Total RAM: 1023 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:33, on 16.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Avira\AntiVir Desktop\avmailc.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\Cyberlink\Shared Files\brs.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programme\avira\antivir desktop\avcenter.exe
C:\Programme\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\CCleaner\ccleaner.exe
D:\EIGEN\Downloads\RSIT.exe
C:\Dokumente und Einstellungen\KUCHENK\Desktop\KUCHENK.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - C:\Programme\WinSweep\SurfBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264717359505
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - hxxp://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9a48b84f4c16) (gupdate1c9a48b84f4c16) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 10639 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{E915E62E-41DA-40D0-8106-3438B4D24394} - &WINSWEEP Toolbar - C:\Programme\WinSweep\SurfBar.dll [2006-04-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-30 344064]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Acrobat Assistant 8.0"=C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-10 110592]
"BDRegion"=C:\Programme\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Programme\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"IntelZeroConfig"=C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe [2008-10-16 1368064]
"IntelWireless"=C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe [2008-10-16 1191936]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-04-02 282792]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-06 73728]
"Adobe Acrobat Speed Launcher"=C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\SoulseekNS\slsk.exe"="C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\QuickTime\QuickTimePlayer.exe"="C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*

isabled:Microsoft Office Groove"
"C:\Programme\eMule\emule.exe"="C:\Programme\eMule\emule.exe:*:Enabled:eMule"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*

isabled:VLC media player"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{386f6efe-c3ec-11de-9789-000e35e07900}]
shell\AutoRun\command - H:\Menu.exe

======List of files/folders created in the last 1 months======

2010-04-16 18:06:25 ----D---- C:\rsit
2010-04-16 17:04:18 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\TrojanHunter
2010-04-16 16:01:16 ----R---- C:\WINDOWS\system32\streamhlp.dll
2010-04-16 16:01:15 ----D---- C:\Programme\TrojanHunter 5.3
2010-04-16 11:37:17 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-14 17:22:47 ----SHD---- C:\WINDOWS\system32\lowsec
2010-04-14 17:22:37 ----A---- C:\WINDOWS\system32\stu2.exe
2010-04-09 22:54:47 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\dBpoweramp
2010-04-09 19:06:09 ----D---- C:\Programme\WindSolutions
2010-04-09 19:06:05 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\WindSolutions
2010-04-09 19:06:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
2010-04-09 19:04:17 ----D---- C:\Programme\iDump (Freeware)
2010-04-07 00:19:10 ----D---- C:\Programme\PC Inspector File Recovery
2010-04-05 20:24:56 ----D---- C:\WINDOWS\Minidump
2010-03-31 17:04:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch
2010-03-31 16:32:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZoomBrowser

======List of files/folders modified in the last 1 months======

2010-04-16 18:03:59 ----D---- C:\WINDOWS\Debug
2010-04-16 18:03:59 ----D---- C:\WINDOWS
2010-04-16 18:03:52 ----D---- C:\WINDOWS\Temp
2010-04-16 18:00:32 ----D---- C:\Programme\Mozilla Thunderbird
2010-04-16 17:53:51 ----D---- C:\WINDOWS\system32
2010-04-16 17:10:59 ----RD---- C:\Programme
2010-04-16 17:10:48 ----D---- C:\WINDOWS\Prefetch
2010-04-16 17:10:42 ----D---- C:\Programme\Gemeinsame Dateien\SureThing Shared
2010-04-16 17:10:08 ----SHD---- C:\WINDOWS\Installer
2010-04-16 17:10:08 ----HD---- C:\Config.Msi
2010-04-16 17:09:38 ----HD---- C:\WINDOWS\inf
2010-04-16 17:09:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-16 15:53:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-16 11:37:17 ----D---- C:\WINDOWS\repair
2010-04-16 11:37:15 ----D---- C:\WINDOWS\Registration
2010-04-16 09:45:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 22:48:54 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-15 12:44:48 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Adobe
2010-04-14 17:22:41 ----D---- C:\Programme\Mozilla Firefox
2010-04-12 15:20:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
2010-04-11 17:08:04 ----A---- C:\WINDOWS\winamp.ini
2010-04-11 17:03:52 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\uTorrent
2010-04-10 17:53:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-09 23:27:43 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\vlc
2010-04-09 22:53:30 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\AccurateRip
2010-04-07 00:19:10 ----HD---- C:\Programme\InstallShield Installation Information
2010-04-02 12:53:35 ----D---- C:\Programme\iTunes
2010-04-01 14:20:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-31 17:08:25 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Canon
2010-03-31 16:34:09 ----D---- C:\Programme\Canon
2010-03-31 16:30:49 ----RSD---- C:\WINDOWS\assembly
2010-03-31 16:30:29 ----D---- C:\WINDOWS\system32\mui
2010-03-31 16:23:10 ----D---- C:\Programme\Gemeinsame Dateien\CANON
2010-03-28 23:07:16 ----D---- C:\Programme\uTorrent
2010-03-28 14:55:37 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\dvdcss
2010-03-27 19:15:59 ----D---- C:\WINDOWS\system32\Restore
2010-03-26 16:28:24 ----D---- C:\WINDOWS\Lhsp
2010-03-23 01:14:49 ----D---- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-04-02 124784]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-08-03 33408]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-01 28520]
R1 uiwbrdr;uiwbrdr; C:\WINDOWS\System32\DRIVERS\uiwbrdr.sys [2008-07-29 149120]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-12-31 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Programme\CyberLink\PowerDVD\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-04-02 60936]
R2 ghaio;ghaio; \??\C:\Programme\ASUS\NB Probe\SPM\ghaio.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-09-15 13059]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-06 2284864]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-16 873984]
R3 Cam5603C;BisonCam, USB2.0; C:\WINDOWS\System32\Drivers\Bs350u2.sys [2004-10-15 621056]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-15 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-09-15 200064]
R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-18 5632]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-22 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-15 685056]
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2006-02-16 29184]
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-04-14 13696]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CyUsbNT;Cypress Manufacturing Driver; C:\WINDOWS\System32\Drivers\CyUsbNT.sys [2005-02-16 28800]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-04-14 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 susbser;BenQ Siemens USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\susbser.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-07-18 15264]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-07-18 47744]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [2010-04-02 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-04-02 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-02 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-02 405672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-12-16 425984]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2009-08-03 145504]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programme\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [2008-10-16 905216]
R2 spmgr;spmgr; C:\Programme\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-17 651720]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 gupdate1c9a48b84f4c16;Google Update Service (gupdate1c9a48b84f4c16); C:\Programme\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
S2 NMSAccess;NMSAccess; C:\Programme\Blaze Media Pro\NMSAccess32.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.06 2010-04-16 18:06:35

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9B5AAC6D-AF21-4034-AF1D-A28274180BA6}\SETUP.EXE" -l0x7 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
AC3Filter 1.61b-->"C:\Programme\AC3Filter\unins000.exe"
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{84D58782-A2F0-47D4-A557-3041363893CF}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Soundbooth CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\a2d19e6e015da53f697cb97ae89ca85\Setup.exe
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
Audacity 1.3.11 (Unicode)-->"C:\Programme\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Premium-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
BisonCam, USB2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9E3ACAB-1A3B-4B67-A653-916F250ABAD4}\SETUP.EXE" -l0x7
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CSCLIB\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator EX 2.1-->"C:\Programme\Canon\MP Navigator EX 2.1\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.1\uninst.ini
Canon MP830-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\DelDrv.exe" /U:{0D25F7CC-B99C-44ee-9945-B14532B2BB7B} /L0x0007
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.6-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities EOS Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3/E4 Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX MCU\Uninst.ini"
CanoScan LiDE 700F Scanner Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601 /L0x0007
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDCover Cover Druckprogramm von Ulf Kiener Version 2.6-->C:\Programme\CDCover\unins000.exe
CD-LabelPrint-->"C:\Programme\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Comical 0.8-->"C:\Programme\Comical\unins000.exe"
ConvertXtoDVD 2.2.3.258-->"C:\Programme\VSO\ConvertXtoDVD\unins000.exe"
Cool FLAC To MP3 Converter 1.0-->"C:\Programme\Cool FLAC To MP3 Converter\unins000.exe"
dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVDFab Platinum 3.0.8.0 Ghosthunter release-->"C:\Programme\DVDFab Platinum 3\unins000.exe"
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Final Draft 5-->C:\WINDOWS\unvise32.exe C:\Programme\Final Draft 5\uninstal.log
Free Video Converter V 2.5-->"C:\Programme\Free Video Converter\unins000.exe"
Free Video to Mp3 Converter version 3.2-->"C:\Programme\Free Video to Mp3 Converter\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\KUCHENK\Desktop\HijackThis.exe" /uninstall
HP PSC & OfficeJet 6.1.A-->"C:\Programme\HP\Digital Imaging\{27555031-A116-4EC6-9991-7B400142A936}\setup\hpzscr01.exe" -datfile hposcr08.dat
iDump (Build: 28)-->"C:\Programme\EscSoft\iDump\uninstall.exe"
iDump (Freeware) Build:31-->"C:\Programme\iDump (Freeware)\unins000.exe"
Intel PROSet Wireless-->Intel PROSet Wireless
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
IsoBuster 2.5-->"C:\Programme\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
IZArc 3.81-->"C:\Programme\IZArc\unins000.exe"
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) SE Development Kit 6 Update 12-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160120}
jetAudio Basic VX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x7 -removeonly
KC Softwares VideoInspector-->"C:\Programme\KC Softwares\VideoInspector\unins000.exe"
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musitek SmartScore X Professional Edition v10.0.1-->"C:\Programme\Musitek\SmartScore X Professional Edition\Uninstall\unins000.exe"
NB Probe-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nur Deinstallierung der CopyTrans Suite möglich.-->C:\Programme\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
OnlineFotoservice-->"C:\Programme\OnlineFotoservice\uninstall.exe"
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD Ultra-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000407 /z-uninstall
Protected Music Converter 1.0.0.21-->"C:\Programme\Protected Music Converter\unins000.exe"
QuarkXPress-->MsiExec.exe /I{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975254)-->"C:\WINDOWS\$NtUninstallKB975254$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_18261043\HXFSETUP.EXE -U -Iaus1826k.inf
SoulSeek 157 NS 13c-->"C:\Programme\SoulseekNS\uninstall.exe"
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\SUPER\Setup.exe /remove /q0
TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{3E9F2540-DD55-42FB-8EB6-5508EEC54013}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 1.0.0-->C:\Programme\VideoLAN\VLC\uninstall.exe
WEB.DE Club SmartFax-->C:\Programme\WEB.DE\WEB.DE Club SmartFax\uninst.exe
WEB.DE SmartDrive Manager-->C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\uninst.exe
Winamp (nur entfernen)-->"C:\Programme\Winamp\deinstwa.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Messenger 5.1-->MsiExec.exe /I{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR-->C:\Programme\WinRAR\uninstall.exe
WINSWEEP 4.03-->"C:\Programme\WinSweep\unins000.exe"
Xilisoft iPod to PC Copy-->C:\Programme\Xilisoft\iPod to PC Copy\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: JETZTT
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{590C1D65-F74F-4DB0-B808-50BE74602677}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 51928
Source Name: Tcpip
Time Written: 20100402121131.000000+120
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{590C1D65-F74F-4DB0-B808-50BE74602677}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 51927
Source Name: Tcpip
Time Written: 20100402121041.000000+120
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{590C1D65-F74F-4DB0-B808-50BE74602677}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 51926
Source Name: Tcpip
Time Written: 20100402121036.000000+120
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{590C1D65-F74F-4DB0-B808-50BE74602677}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 51925
Source Name: Tcpip
Time Written: 20100402121011.000000+120
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{590C1D65-F74F-4DB0-B808-50BE74602677}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 51924
Source Name: Tcpip
Time Written: 20100402120641.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: JETZTT
Event Code: 1
Message:
Record Number: 10661
Source Name: Bonjour Service
Time Written: 20100105093202.000000+060
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 0
Message:
Record Number: 10660
Source Name: EvtEng
Time Written: 20100105093202.000000+060
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 0
Message: Service started

Record Number: 10659
Source Name: bgsvcgen
Time Written: 20100105093202.000000+060
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 0
Message:
Record Number: 10658
Source Name: iPod Service
Time Written: 20100104212203.000000+060
Event Type: Informationen
User:

Computer Name: JETZTT
Event Code: 101
Message: wuauclt (168) Das Datenbankmodul wurde beendet.

Record Number: 10657
Source Name: ESENT
Time Written: 20100104094436.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\PC Connectivity Solution\;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\IsoBuster;C:\Programme\Intel\WiFi\bin\;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

elvislevis · 17.04.2010, 10:15

hallo alle ;

soeben hat mein virenprogramm den trojaner in einer weiteren datei entdekct :

Beginne mit der Suche in 'C:\System Volume Information\_restore{B0F7F075-13DD-45A0-BC04-995D10A4BCEF}\RP117\A0016745.exe'
C:\System Volume Information\_restore{B0F7F075-13DD-45A0-BC04-995D10A4BCEF}\RP117\A0016745.exe
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.ahgi
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b2dab6.qua' verschoben!

KANN MIR JEMAND HELFEN???

elvislevis · 17.04.2010, 11:30

und jetzt schon wieder ; kurz nach einer systemüberprüfung , die als SAUBER endete , entdeckte antivir schon wieder einen (neuen?) trojaner ...

Suche in 'C:\System Volume Information\_restore{B0F7F075-13DD-45A0-BC04-995D10A4BCEF}\RP117\A0016746.exe'
C:\System Volume Information\_restore{B0F7F075-13DD-45A0-BC04-995D10A4BCEF}\RP117\A0016746.exe
[FUND] Ist das Trojanische Pferd TR/Kryptik.cwg.5360
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b22c54.qua' verschoben!

KANN MIR NIEMAND HELFEN??

elvislevis · 17.04.2010, 19:15

hab ich irgendwas falsch gemacht, oder warum antwortet mir niemand???

lg,

elvislevis

ps: fsecure online-scan entdeckte nun auch noch W32/Malware!Gemini ; konnte es leider bei 24 (!) dateien NICHT entfernen ...

Sion · 17.04.2010, 19:23

Wurdest wohl übersehen.

1. http://www.trojaner-board.de/51187-a...i-malware.html
Log posten.

2. http://www.trojaner-board.de/74908-a...t-scanner.html
Log posten.

3. Hol dir OTL
Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt

Chris4You · 17.04.2010, 19:24

Doppelpost...

elvislevis · 18.04.2010, 13:21

@Chris4You :
wieso doppelpost?

@Sion :
danke für die antwort ; hat 1 bißchen gedauert, die ganzen scans zu machen.
hier die log-files in der von dir genannten reihenfolge / OTL kommt hinterher (sonst sind s zu viele zeichen ...)

ps: dank dir für deine hilfe . . . .

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4002

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.04.2010 21:05:35
mbam-log-2010-04-17 (21-05-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 206059
Laufzeit: 55 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-18 13:36:02
Windows 5.1.2600 Service Pack 3
Running: wgi4kmc3.exe; Driver: C:\DOKUME~1\KUCHENK\LOKALE~1\Temp\fwtdypoc.sys

---- System - GMER 1.0.15 ----

SSDT F7D1B49E ZwCreateKey
SSDT F7D1B494 ZwCreateThread
SSDT F7D1B4A3 ZwDeleteKey
SSDT F7D1B4AD ZwDeleteValueKey
SSDT F7D1B4CB ZwLoadDriver
SSDT F7D1B4B2 ZwLoadKey
SSDT F7D1B480 ZwOpenProcess
SSDT F7D1B485 ZwOpenThread
SSDT F7D1B4BC ZwReplaceKey
SSDT F7D1B4B7 ZwRestoreKey
SSDT F7D1B4D0 ZwSetSystemInformation
SSDT F7D1B4A8 ZwSetValueKey
SSDT F7D1B48F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

C:\Programme\CyberLink\PowerDVD\000.fcl entry point in "" section [0xB81C2000]
.clc C:\Programme\CyberLink\PowerDVD\000.fcl unknown last section [0xB81C3000, 0x1000, 0x00000000]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

elvislevis · 18.04.2010, 13:30

OTL-log nummer1:

OTL logfile created on: 18.04.2010 14:05:29 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\EIGEN\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 538,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 12,85 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 16,07 Gb Free Space | 32,91% Space Free | Partition Type: NTFS
Drive E: | 30,34 Gb Total Space | 1,41 Gb Free Space | 4,66% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 21,05 Gb Total Space | 0,87 Gb Free Space | 4,15% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 30,34 Mb Total Space | 18,75 Mb Free Space | 61,80% Space Free | Partition Type: FAT
Drive M: | 3,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JETZTT
Current User Name: KUCHENK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.17 20:27:28 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\EIGEN\Downloads\OTL.exe
PRC - [2010.04.02 19:14:56 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.04.02 19:14:55 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.04.02 19:14:55 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.04.02 19:14:55 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.04.02 19:14:54 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.02 19:14:54 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.08.03 20:46:03 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009.03.26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.01.17 19:27:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 18:14:56 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008.10.16 18:05:38 | 000,905,216 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008.10.16 17:55:42 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.16 21:20:26 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared files\brs.exe
PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2006.08.10 23:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006.08.10 17:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2005.03.14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004.11.06 14:57:00 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010.04.17 20:27:28 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\EIGEN\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - [2010.04.02 19:14:56 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.04.02 19:14:55 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.04.02 19:14:55 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.04.02 19:14:54 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.08.03 20:46:03 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009.03.26 15:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.01.17 19:27:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 18:05:38 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Programme\WinSweep\ws.js

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.01.18 19:57:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.13 12:00:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.02 14:39:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.19 01:34:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.07.23 19:20:52 | 000,000,000 | ---D | M]

[2009.01.17 11:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Extensions
[2010.04.18 13:47:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\p0fb7ady.default\extensions
[2009.12.12 19:48:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\p0fb7ady.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.07 13:31:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\p0fb7ady.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.03 11:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\extensions
[2009.01.17 12:44:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.01.17 12:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009.01.17 12:44:07 | 000,000,000 | ---D | M] (Adblock Plus [de]) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.01.17 12:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.10.03 11:30:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\extensions\searchrecs@veoh.com
[2008.01.24 12:15:00 | 000,001,097 | ---- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Mozilla\Firefox\Profiles\vy9xk1qa.default\searchplugins\imdb.xml
[2010.04.18 13:47:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.02.10 17:01:44 | 000,292,224 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&WINSWEEP Toolbar) - {E915E62E-41DA-40D0-8106-3438B4D24394} - C:\Programme\WinSweep\SurfBar.dll (Software-Entwicklung Frank-Oliver Dzewas)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [mount.exe] C:\Programme\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (hxxp://www.gibinsoft.net))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264717359505 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} hxxp://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.17 11:22:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{386f6efe-c3ec-11de-9789-000e35e07900}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.28 23:59:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 14 Days ==========

[2010.04.18 13:51:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\Neuer Ordner
[2010.04.18 11:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Gibinsoft Shared
[2010.04.18 11:47:46 | 000,000,000 | ---D | C] -- C:\Programme\GiPo@Utilities
[2010.04.18 11:44:41 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.04.17 23:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010.04.17 19:58:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Malwarebytes
[2010.04.17 19:58:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.17 19:58:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.17 19:58:21 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.17 19:58:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.17 14:07:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.04.17 12:31:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Recent
[2010.04.16 18:06:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.16 17:04:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\TrojanHunter
[2010.04.16 16:01:15 | 000,000,000 | ---D | C] -- C:\Programme\TrojanHunter 5.3
[2010.04.16 14:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.04.16 14:33:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.04.16 11:37:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.04.15 10:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\Neuer Ordner (2)
[2010.04.09 22:54:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\dBpoweramp
[2010.04.09 19:06:09 | 000,000,000 | ---D | C] -- C:\Programme\WindSolutions
[2010.04.09 19:06:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\WindSolutions
[2010.04.09 19:06:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2010.04.09 19:04:17 | 000,000,000 | ---D | C] -- C:\Programme\iDump (Freeware)
[2010.04.07 00:19:10 | 000,000,000 | ---D | C] -- C:\Programme\PC Inspector File Recovery
[2010.04.05 20:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.01.04 14:38:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2009.05.07 18:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.04.14 22:11:12 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.03.15 09:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.03.14 11:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.02.15 12:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Intel
[2009.02.15 12:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Intel
[2009.01.22 14:42:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\pcouffin.sys
[2009.01.17 11:22:47 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 D:\EIGEN\*.tmp files -> D:\EIGEN\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.04.18 13:19:06 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.18 11:49:57 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.18 11:49:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.18 11:49:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.18 11:48:38 | 013,631,488 | -H-- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\NTUSER.DAT
[2010.04.18 11:48:38 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\ntuser.ini
[2010.04.17 23:14:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.17 19:58:27 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.17 19:57:45 | 000,041,042 | ---- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\fsonlinescanner_report.html
[2010.04.17 13:43:36 | 000,015,152 | ---- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\DER FETISCHCHARAKTER DER WARE UND SEIN GEHEIMNIS.docx
[2010.04.17 11:12:33 | 003,075,426 | ---- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\capture_17042010_111233.tif
[2010.04.16 18:04:55 | 000,070,516 | ---- | M] () -- D:\EIGEN\cc_20100416_180445.reg
[2010.04.16 16:01:24 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2010.04.11 17:08:04 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.04.10 20:08:18 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.04.10 17:53:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.10 11:03:10 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\KUCHENK\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 D:\EIGEN\*.tmp files -> D:\EIGEN\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.17 23:02:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.04.17 19:58:27 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.17 19:57:45 | 000,041,042 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\fsonlinescanner_report.html
[2010.04.17 13:43:36 | 000,015,152 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\DER FETISCHCHARAKTER DER WARE UND SEIN GEHEIMNIS.docx
[2010.04.17 11:12:33 | 003,075,426 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Desktop\capture_17042010_111233.tif
[2010.04.16 18:04:50 | 000,070,516 | ---- | C] () -- D:\EIGEN\cc_20100416_180445.reg
[2010.04.16 16:01:16 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2010.04.07 00:19:11 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010.03.13 18:43:57 | 000,000,334 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2010.03.13 18:43:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010.03.10 12:59:08 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2010.02.23 17:19:48 | 000,034,308 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mazuki.dll
[2010.01.23 18:43:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2010.01.22 17:03:29 | 000,000,062 | ---- | C] () -- C:\WINDOWS\SSB2.ini
[2010.01.17 21:56:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.17 11:01:15 | 000,001,023 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\DVDSubEdit.ini
[2009.12.17 10:59:28 | 000,029,665 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\DVDSubEditLastFile0.txt
[2009.12.16 18:42:18 | 000,000,568 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\AutoGK.ini
[2009.12.13 14:03:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMessenger.INI
[2009.12.11 18:57:13 | 000,916,208 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009.08.11 19:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.07.08 23:54:04 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\NMM-MetaData.db
[2009.04.18 23:26:06 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini
[2009.04.10 17:55:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.03.26 10:49:57 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009.03.12 09:27:42 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009.03.12 09:27:42 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009.03.12 09:27:42 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009.03.12 09:27:42 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009.03.12 09:27:42 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009.03.12 09:27:42 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009.03.12 09:27:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009.03.12 09:27:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009.03.12 09:27:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009.03.12 09:27:42 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009.03.12 09:27:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009.03.12 09:27:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009.03.12 09:27:42 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009.03.12 09:27:42 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009.03.12 09:27:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.03.12 09:27:42 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009.03.12 09:27:42 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009.03.12 09:27:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.12 09:27:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.02.12 20:38:41 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2009.02.12 20:37:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLbNL.DLL
[2009.01.22 14:42:20 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\pcouffin.log
[2009.01.22 14:42:07 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\ezpinst.exe
[2009.01.22 14:42:07 | 000,007,824 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\pcouffin.cat
[2009.01.22 14:42:07 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\pcouffin.inf
[2009.01.20 18:03:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2009.01.20 11:53:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\bindll.dll
[2009.01.19 10:35:28 | 000,002,822 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\_GEAREXT.WO_IDENT.TXT
[2009.01.19 00:11:29 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.17 18:24:35 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.01.17 18:24:33 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2009.01.17 11:53:40 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.01.17 11:53:34 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.01.17 11:29:27 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\ntuser.ini
[2009.01.17 11:29:26 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\ntuser.dat.LOG
[2009.01.17 11:29:24 | 013,631,488 | -H-- | C] () -- C:\Dokumente und Einstellungen\KUCHENK\NTUSER.DAT
[2007.03.29 23:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.07.18 16:34:22 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys
[2005.07.18 16:34:18 | 000,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys

========== LOP Check ==========

[2009.01.17 18:41:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2009.08.18 11:50:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2009.07.03 12:20:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2010.04.17 14:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2009.01.18 19:55:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.12.06 15:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2009.07.24 18:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2009.07.15 09:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.04.06 12:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch
[2009.05.18 14:49:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Quark
[2009.12.13 19:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.04.12 15:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
[2009.06.11 14:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2010.01.28 21:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.08.14 12:22:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE
[2010.04.09 19:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2009.04.11 10:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.01.02 17:35:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.01.02 17:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Amazon
[2010.02.23 22:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Ashampoo Cover Studio 2
[2010.01.27 20:20:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Audacity
[2010.03.31 17:08:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Canon
[2009.01.20 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\CD-LabelPrint
[2009.02.11 21:11:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\COWON
[2010.04.09 22:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\dBpoweramp
[2010.03.10 12:59:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\FreeVideoConverter
[2010.02.22 13:19:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\GARMIN
[2009.12.01 16:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\GrabPro
[2009.08.03 20:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\LEAPS
[2009.12.07 11:30:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\NCH Swift Sound
[2009.02.20 18:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Nokia
[2009.07.14 14:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\ODF
[2009.12.01 16:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Orbit
[2009.05.09 22:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\PC Suite
[2009.08.03 20:47:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Pegasys Inc
[2009.05.18 14:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Quark
[2009.01.17 11:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Thunderbird
[2009.12.09 13:06:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Tonium
[2010.04.16 17:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\TrojanHunter
[2010.01.02 17:36:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\TuneUp Software
[2010.04.17 00:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\uTorrent
[2010.03.16 13:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\Vso
[2009.08.14 12:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\WEB.DE
[2010.04.09 19:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\WindSolutions
[2009.12.13 19:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KUCHENK\Anwendungsdaten\XCPCSync.OEM

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2002.12.31 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002.12.31 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002.12.31 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2002.12.31 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2002.12.31 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2002.12.31 11:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.01.29 00:39:58 | 003,407,872 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.01.28 23:29:16 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.01.29 00:39:58 | 033,816,576 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.01.29 00:39:58 | 005,505,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:94A19129
< End of report >

elvislevis · 18.04.2010, 13:31

und die extras:

OTL Extras logfile created on: 18.04.2010 14:05:29 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\EIGEN\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 538,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 12,85 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 16,07 Gb Free Space | 32,91% Space Free | Partition Type: NTFS
Drive E: | 30,34 Gb Total Space | 1,41 Gb Free Space | 4,66% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 21,05 Gb Total Space | 0,87 Gb Free Space | 4,15% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 30,34 Mb Total Space | 18,75 Mb Free Space | 61,80% Space Free | Partition Type: FAT
Drive M: | 3,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JETZTT
Current User Name: KUCHENK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Programme\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\SoulseekNS\slsk.exe" = C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*

isabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*

isabled:VLC media player -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601" = CanoScan LiDE 700F Scanner Driver
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAA27B6-F39E-490B-8D41-84A32D234D70}" = GiPo@FileUtilities 3.2
"{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java(TM) SE Development Kit 6 Update 12
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3E9F2540-DD55-42FB-8EB6-5508EEC54013}" = TMPGEnc DVD Author 3 with DivX Authoring
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9E3ACAB-1A3B-4B67-A653-916F250ABAD4}" = BisonCam, USB2.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a2d19e6e015da53f697cb97ae89ca85" = Adobe Soundbooth CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"CDCover" = CDCover Cover Druckprogramm von Ulf Kiener Version 2.6
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_18261043" = SoftV92 Data Fax Modem with SmartCP
"Comical_is1" = Comical 0.8
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.6
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.8.0 Ghosthunter release
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Final Draft 5" = Final Draft 5
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.2
"HControl" = ATK0100 ACPI UTILITY
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"Musitek SmartScore X Professional Edition_is1" = Musitek SmartScore X Professional Edition v10.0.1
"MyCamera" = Canon Utilities MyCamera
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nokia PC Suite" = Nokia PC Suite
"OnlineFotoservice" = OnlineFotoservice
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"Protected Music Converter_is1" = Protected Music Converter 1.0.0.21
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Soulseek2" = SoulSeek 157 NS 13c
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VLC media player" = VLC media player 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WEB.DE SmartDrive Manager" = WEB.DE SmartDrive Manager
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Winamp" = Winamp (nur entfernen)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WINSWEEP Anonym surfen und Surfspuren vernichten_is1" = WINSWEEP 4.03
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xilisoft iPod Manager" = Xilisoft iPod to PC Copy
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16.04.2010 09:19:08 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

Error - 16.04.2010 15:19:05 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

Error - 18.04.2010 03:19:12 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

Error - 18.04.2010 04:19:07 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

Error - 18.04.2010 05:19:05 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

Error - 18.04.2010 05:45:11 | Computer Name = JETZTT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung unlocker.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00bb1102.

Error - 18.04.2010 05:45:32 | Computer Name = JETZTT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung unlocker.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00bb128c.

Error - 18.04.2010 05:46:21 | Computer Name = JETZTT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung unlocker.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00bb128c.

Error - 18.04.2010 06:19:06 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

Error - 18.04.2010 07:19:05 | Computer Name = JETZTT | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 17.08.2009 17:15:14 | Computer Name = JETZTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46928
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.02.2010 06:35:13 | Computer Name = JETZTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 261
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17.04.2010 15:08:22 | Computer Name = JETZTT | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde

Error - 17.04.2010 15:08:33 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 17.04.2010 15:08:34 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 17.04.2010 15:08:34 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 18.04.2010 02:20:21 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 18.04.2010 02:20:22 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 18.04.2010 02:20:22 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 18.04.2010 05:50:31 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 18.04.2010 05:50:31 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 18.04.2010 05:50:31 | Computer Name = JETZTT | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

< End of report >

Sion · 18.04.2010, 16:03

1. Starte OTL.
Kopiere unten in das Skript-Feld rein:

Zitat:

:OTL
O33 - MountPoints2\{386f6efe-c3ec-11de-9789-000e35e07900}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:94A19129

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Programme\eMule\emule.exe" =-

:Commands
[emptytemp]
[resethosts]

Klicke auf Run Fix.
Neustart zulassen, wenn gefragt.
Poste das Fix Log. Zu finden unter c:\_OTL

2. http://www.trojaner-board.de/51871-a...tispyware.html
Log posten

elvislevis · 18.04.2010, 23:07

jetzt scheint s - laut superantispyware - sauber zu sein . . . ?

hier die posts:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{386f6efe-c3ec-11de-9789-000e35e07900}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386f6efe-c3ec-11de-9789-000e35e07900}\ not found.
File H:\Menu.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:9AEE100C deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:94A19129 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: DANNKE
->Temp folder emptied: 71009 bytes
->Temporary Internet Files folder emptied: 700011 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: KUCHENK
->Temp folder emptied: 1132107683 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 59126 bytes
->FireFox cache emptied: 80233850 bytes
->Flash cache emptied: 519 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4268666 bytes
%systemroot%\System32 .tmp files removed: 2841479 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2202611 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.166,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04182010_184043

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 04/18/2010 bei 09:00 PM

Version der Applikation : 4.35.1002

Version der Kern-Datenbank : 4820
Version der Spur-Datenbank : 2632

Scan Art : kompletter Scann
Totale Scann-Zeit : 02:09:44

Gescannte Speicherelemente : 583
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 6545
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 125990
Erfasste Datei-Elemente : 0

Sion · 19.04.2010, 12:24

Jo. Wenn der Rechner keine Probleme mehr macht, können wir aufräumen:

1. Starte OTL.
Klicke auf CleanUp.
OTL entfernt sich daraufhin selbst.

2. http://www.trojaner-board.de/51464-a...-ccleaner.html

3. Hol dir Secunia PSI und bringe damit deinen PC auf den neuesten Stand.

Fertig

elvislevis · 19.04.2010, 16:38

lieber sion : vielen dank!

bis zum nächsten mal (hoffentlich nicht so bald!),

DANNKE

C:\WINDOWS\system32\sdra64.exe mit TR/Spy.ZBot.ahgi infiziert

Log-Analyse und Auswertung: C:\WINDOWS\system32\sdra64.exe mit TR/Spy.ZBot.ahgi infiziert