| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anti-Malware Programme brechen abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.10.2010, 18:56
| #1 |
| |  Anti-Malware Programme brechen ab Hallo zusammen, bin grad am verzweifeln an einem Notebook von nem kumpel. irgendwas verdammt heikles hat er sich eingefangen. alle mir bekannten programme wie hijack, MalwareBytes, Spybot lassen sich zwar installieren aber brechen nach kurzem "anlaufen" und scannen ab. im abgesicherten modus ebenso... ich weiss mir fast kein rat mehr. hatte die festplatte auch schon an nem anderen PC hängen und hab gescannt, hat leider aber auch nichts gebracht... weiss jemand rat? (sorry, hatte auch nach so einem fehler gesucht, aber nix gefunden...) danke delv |
|
03.10.2010, 19:03
| #2 |
| /// Malware-holic   |  Anti-Malware Programme brechen ab ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste die beiden |
|
03.10.2010, 20:39
| #3 |
| | Anti-Malware Programme brechen ab OTL.txt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.10.2010 20:46:04 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\Neuer Ordner Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 429,00 Mb Available Physical Memory | 42,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 54,18 Gb Total Space | 7,32 Gb Free Space | 13,51% Space Free | Partition Type: FAT32 Drive D: | 54,66 Gb Total Space | 22,16 Gb Free Space | 40,55% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-1547BE99DA Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\Neuer Ordner\OTL.exe (OldTimer Tools) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\sp_rsser.exe (Crawler.com) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\EdgeCAM\Cam\edgecls.exe (Pathtrace) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (AOL LLC) PRC - C:\Programme\Gemeinsame Dateien\aol\1211041280\ee\aolsoftware.exe (America Online, Inc.) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe () PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd) PRC - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\Neuer Ordner\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (userinit) -- File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (sp_rssrv) -- C:\Programme\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MSSQL$ECSQLEXPRESS) SQL Server (ECSQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (AOL LLC) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys () DRV - (utizndu1) -- C:\WINDOWS\system32\drivers\utizndu1.sys () DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (mvb35316) -- C:\WINDOWS\System32\drivers\mvb35316.sys () DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (VF0470Vid) Live! Cam Notebook (VF0470) -- C:\WINDOWS\system32\drivers\V0470Vid.sys (Creative Technology Ltd.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (Politecnico di Torino) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys () DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (AVMUNET) -- C:\WINDOWS\system32\drivers\avmunet.sys (AVM GmbH) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (MarxDev2) -- C:\WINDOWS\System32\drivers\marxdev2.sys () DRV - (MarxDev1) -- C:\WINDOWS\System32\drivers\marxdev1.sys () DRV - (MarxDev3) -- C:\WINDOWS\System32\drivers\marxdev3.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.web.dego.web.de/homehxxp://www.web.de/ [binary data] IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-193253836-399394427-3863189977-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.03 19:14:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.03 19:14:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.10.03 09:35:08 | 000,000,000 | ---D | M] [2010.10.03 19:15:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2010.10.03 19:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pvvzljgn.default\extensions [2010.10.03 19:17:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pvvzljgn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.03 19:17:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pvvzljgn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.03 19:14:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.03 20:09:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.10.03 20:08:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.09.14 23:32:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.02 13:48:08 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-193253836-399394427-3863189977-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-193253836-399394427-3863189977-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-193253836-399394427-3863189977-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\aol\1211041280\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SpywareTerminator] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKU\S-1-5-21-193253836-399394427-3863189977-1005..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-193253836-399394427-3863189977-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-193253836-399394427-3863189977-1005..\Run: [SpywareTerminatorUpdate] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\S-1-5-21-193253836-399394427-3863189977-1005..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Programme\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ulead Photo Express SE Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe (Ulead Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EdgeCLS12.00.lnk = C:\Programme\EdgeCAM\Cam\edgecls.exe (Pathtrace) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\XXXX\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\XXXX\Startmenü\Programme\Autostart\reminder-ScanSoft Produkt Registrierung.lnk = C:\Programme\TextBridge Classic 2.0\Ereg\REMIND32.EXE () O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.75,93.188.166.225 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Eigene Dateien\Eigene Bilder\Ich weß net wos hikomt\Licher.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Eigene Dateien\Eigene Bilder\Ich weß net wos hikomt\Licher.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.15 19:02:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0\aoltray.exe - (America Online, Inc.) MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) MsConfig - StartUpReg: InstantAccess - hkey= - key= - C:\Programme\TextBridge Classic 2.0\Bin\InstantAccess.exe () MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\Arcade\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found MsConfig - StartUpReg: RegisterDropHandler - hkey= - key= - C:\Programme\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe () MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: V0470Mon.exe - hkey= - key= - C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.) MsConfig - StartUpReg: WEB.DE Update - hkey= - key= - C:\Programme\WEB.DE\LiveUpdate\m2LUTray.exe () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {222FB945-258A-4734-84EA-99E5B4EF4E00} - WEB.DE Browser Add-on ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {A477E148-6951-4E85-BB46-32845F242F0F} - WEB.DE Update ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{66F112D7-8426-4FD5-8F7A-EF2239E6DD98} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2010.10.03 19:45:27 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTH.scr [2010.10.03 19:40:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.03 19:40:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.03 19:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.10.03 19:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla [2010.10.03 19:14:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2010.10.03 14:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.10.03 14:26:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.10.03 12:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spyware Terminator [2010.10.03 12:26:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2010.10.03 12:26:53 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2010.10.03 12:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.10.03 12:17:18 | 000,000,000 | ---D | C] -- C:\Programme\SpywareBlaster [2010.10.03 11:42:44 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010.10.03 10:59:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2010.10.03 10:58:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.03 10:58:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.03 09:35:04 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2010.10.03 09:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2010.10.03 09:34:42 | 000,482,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010.10.03 09:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010.10.03 09:10:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files [2010.10.03 09:09:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent [2010.10.02 13:55:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.10.02 11:01:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3 [2010.09.29 05:54:26 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.09.29 05:54:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.09.28 18:37:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2007.12.26 09:39:30 | 025,842,736 | ---- | C] (Microsoft Corporation) -- C:\Programme\wmp11-windowsxp-x86-DE-DE.exe [2006.12.10 18:22:53 | 014,879,120 | ---- | C] (Macrovision Corporation) -- C:\Programme\GoogleEarthWin.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.03 21:10:38 | 012,058,624 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\NTUSER.DAT [2010.10.03 20:13:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.03 20:08:40 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010.10.03 20:08:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.03 20:06:38 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.03 20:06:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.03 20:06:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.03 20:05:58 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2010.10.03 19:51:52 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini [2010.10.03 19:44:24 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTH.scr [2010.10.03 19:40:54 | 000,000,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.03 19:14:42 | 000,001,474 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.10.03 14:27:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.03 14:27:00 | 000,008,840 | ---- | M] () -- C:\WINDOWS\SECDD.PNF [2010.10.03 14:25:38 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SECAB.PNF [2010.10.03 12:27:44 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2010.10.03 11:42:46 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010.10.03 11:38:38 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.10.03 11:09:16 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utizndu1.sys [2010.10.03 10:03:36 | 000,002,341 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.03 10:02:00 | 000,002,381 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.10.03 09:36:16 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2010.10.03 09:36:16 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2010.10.03 09:34:44 | 000,482,392 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010.10.03 09:09:18 | 000,000,143 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.03 09:04:04 | 000,041,472 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.02 14:04:20 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.10.02 13:58:26 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.02 13:57:16 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini [2010.10.02 13:57:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.10.02 13:57:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010.09.30 05:53:54 | 000,000,853 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav [2010.09.29 23:19:54 | 000,000,115 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz [2010.09.29 23:19:54 | 000,000,101 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll [2010.09.29 23:19:52 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2010.09.17 18:28:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.09.09 21:15:34 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\wacken2.doc [2010.09.09 21:09:28 | 000,037,888 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Wacken.doc [2010.09.09 21:00:02 | 000,017,323 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\wackenopenairfestival-300x200.jpg [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.03 19:40:52 | 000,000,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.03 19:14:41 | 000,001,474 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.10.03 14:31:21 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys [2010.10.03 14:26:58 | 000,008,840 | ---- | C] () -- C:\WINDOWS\SECDD.PNF [2010.10.03 14:25:37 | 000,002,948 | ---- | C] () -- C:\WINDOWS\SECAB.PNF [2010.10.03 12:27:42 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2010.10.03 11:38:36 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.10.03 11:08:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utizndu1.sys [2010.10.03 09:36:14 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010.10.03 09:36:14 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010.09.28 18:57:13 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.09.26 09:37:57 | 000,000,853 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav [2010.09.09 21:15:33 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\wacken2.doc [2010.09.09 21:09:26 | 000,037,888 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Wacken.doc [2010.09.09 21:05:50 | 000,017,323 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\wackenopenairfestival-300x200.jpg [2010.01.24 11:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2008.07.05 12:01:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.04.03 16:43:18 | 000,000,141 | ---- | C] () -- C:\WINDOWS\disney.ini [2008.04.03 16:43:10 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2008.01.06 00:00:39 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2008.01.05 06:12:51 | 000,000,143 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.12.25 17:32:21 | 000,000,805 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2007.12.25 17:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI [2007.12.25 17:20:05 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2007.12.25 17:17:50 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Tb98.ini [2007.12.25 17:17:42 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL [2007.12.25 17:17:42 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL [2007.12.25 17:17:42 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL [2007.12.25 17:17:42 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2007.05.12 20:07:59 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\marxdev3.sys [2007.05.12 20:07:59 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\marxdev2.sys [2007.05.12 20:07:59 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\marxdev1.sys [2007.05.12 20:07:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\Cbnvdd.dll [2007.05.12 20:06:30 | 000,000,125 | ---- | C] () -- C:\WINDOWS\festo.ini [2007.02.07 20:05:29 | 000,002,495 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2007.01.27 18:17:52 | 009,453,630 | ---- | C] () -- C:\Programme\vlc-0.8.6a-win32.exe [2007.01.04 20:14:20 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_7050.ini [2007.01.04 19:20:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007.01.04 19:20:48 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.01.04 19:20:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2006.12.14 21:19:00 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.14 21:14:43 | 014,464,888 | ---- | C] () -- C:\Programme\antivir_workstation_win7u703_de_h.exe [2006.11.26 16:34:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL [2006.11.23 19:02:35 | 000,000,141 | ---- | C] () -- C:\WINDOWS\JCMKR32.INI [2006.11.11 16:15:18 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\Tutil32.dll [2006.10.21 19:35:08 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.10.13 20:28:45 | 000,000,853 | ---- | C] () -- C:\WINDOWS\bb.ini [2006.09.15 16:15:54 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.08.19 20:22:38 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2006.08.19 20:14:00 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006.08.19 20:12:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2006.08.19 20:12:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2006.08.19 20:12:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2006.08.19 20:12:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2006.08.19 20:12:09 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2006.08.19 14:40:31 | 000,041,472 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.06.25 06:25:27 | 000,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI [2006.06.25 06:25:24 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI [2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005.03.31 09:45:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.03.31 09:33:38 | 000,000,321 | ---- | C] () -- C:\WINDOWS\uninstall.ini [2005.03.31 09:33:38 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005.03.31 02:18:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005.03.31 02:17:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005.03.31 02:17:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005.03.31 02:17:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005.03.31 02:17:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005.02.02 19:35:02 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.12.17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004.08.04 05:00:00 | 000,273,664 | ---- | C] () -- C:\WINDOWS\System32\msinxeiu.dll [2004.08.04 05:00:00 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\mvb35316.sys [2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\s5izvdv.dll [2004.08.04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2004.08.04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2004.08.04 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2004.08.04 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2004.08.04 05:00:00 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\aqdaum3.dll [2004.08.04 05:00:00 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2004.08.04 05:00:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\zn4okat.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\z339hu7.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ysar0jg.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\yrueeao.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\yldfsg1.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\wz3xoct.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\vomckvn.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\vecyew9.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\utf96is.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ty4byjd.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tbw0tvg.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\t5nm93i.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\t4e3e8v.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\sh3a4eq.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\s5eicwa.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\rtns0ea.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\raucwb4.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\r29gcf9.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\q6j3mhm.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\q3hlbbj.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\pyq0sbo.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\p5iizpc.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\obvy5dc.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\o4d6xfp.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\o2zz61w.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\nylsyxz.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ma12fl0.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\m97qpfb.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\km7pg83.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\js6gvbk.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\jh62xc2.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\jf5usru.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\jb9fixx.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\iaiul6y.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\hzgtwdv.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\gxpidyn.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\g37f0qk.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\g2g7avh.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\f0pjwm1.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\eybsele.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\eltczfh.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ejsx54c.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\eh922b4.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\e2za92e.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\dr8c620.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\cxiirly.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\cfaggj7.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\c4wp2gz.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\byk08e9.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\aj4nka4.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\agpa6du.dll [2004.08.04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\a1dlvap.dll [2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2005.03.31 17:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2006.08.19 20:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer [2008.01.06 18:49:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.12.15 19:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2009.11.08 09:13:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1 [2009.11.08 09:14:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4673A56-EF7C-40A4-9249-68BD43C997F7} [2010.02.27 17:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.05.19 18:20:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.05.19 18:30:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2010.05.19 18:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter [2010.05.19 18:31:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu [2010.10.03 09:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010.10.03 12:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.10.03 12:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2006.08.19 20:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Acer [2007.05.03 21:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Unigraphics Solutions [2009.12.14 19:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Dropbox [2010.05.19 18:39:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canon Easy-WebPrint EX [2006.08.19 14:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Acer [2006.10.21 19:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Unigraphics Solutions [2007.07.07 16:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\WEBDE [2010.05.19 18:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon Easy-WebPrint EX [2010.10.03 12:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spyware Terminator [2010.10.03 12:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Spyware Terminator [2010.10.02 14:04:20 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2005.03.31 01:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Identities [2005.03.31 17:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\You've Got Pictures Screensaver [2005.03.31 17:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AOL [2005.03.31 01:40:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft [2006.08.19 14:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Acer [2006.09.11 21:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Macromedia [2006.10.21 19:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Unigraphics Solutions [2006.11.26 16:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe [2006.11.26 16:15:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AdobeUM [2006.12.10 18:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Google [2007.01.04 20:12:54 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Brother [2007.01.27 18:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\vlc [2007.02.22 16:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Help [2007.07.07 16:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\WEBDE [2008.01.06 09:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ahead [2008.05.26 20:18:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\CyberLink [2008.08.13 17:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org2 [2008.08.13 18:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Sun [2008.12.16 17:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Skype [2008.12.16 17:37:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\skypePM [2010.03.14 10:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Apple Computer [2010.05.19 18:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon Easy-WebPrint EX [2010.10.02 11:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3 [2010.10.03 10:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2010.10.03 12:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spyware Terminator [2010.10.03 19:15:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla < %APPDATA%\*.exe /s > [2007.12.27 13:22:48 | 021,277,080 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe [2008.05.25 08:44:48 | 019,900,192 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe [2007.06.05 20:39:06 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft\Installer\{CB09F557-4821-46D0-BF86-8D1389AA6BC7}\ARPPRODUCTICON.exe [2007.06.05 20:39:06 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft\Installer\{CB09F557-4821-46D0-BF86-8D1389AA6BC7}\NewShortcut1_CB09F557482146D0BF868D1389AA6BC7_1.exe [2007.06.05 20:39:06 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft\Installer\{CB09F557-4821-46D0-BF86-8D1389AA6BC7}\NewShortcut2_CB09F557482146D0BF868D1389AA6BC7.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 05:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.10.03 09:34:44 | 000,482,392 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys [2010.05.07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys < %systemroot%\System32\config\*.sav > [2005.03.31 01:40:08 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [2005.03.31 01:40:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005.03.31 01:40:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.07.01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll [2008.04.14 04:22:18 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.10.2010 20:46:04 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\Neuer Ordner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 429,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,18 Gb Total Space | 7,32 Gb Free Space | 13,51% Space Free | Partition Type: FAT32
Drive D: | 54,66 Gb Total Space | 22,16 Gb Free Space | 40,55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-1547BE99DA
Current User Name: ****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-193253836-399394427-3863189977-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Programme\Gemeinsame Dateien\AOL\1211041280\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\AOL\1211041280\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\SightSpeed\SightSpeed.exe" = C:\Programme\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{113E1DFE-2399-4327-A76D-B1EB04E3B7D5}" = Solid Edge Standard Parts Administrator
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ECSQLEXPRESS)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{79ABDCBE-BFF4-4722-850F-D858C10580CE}" = Blizkrieg II: Liberation
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{835703C3-BA42-4AEC-821D-400EAFDCF793}" = EdgeCAM Part Modeler V12.00
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AD109A79-0842-4069-A7EC-AB321534D59D}" = EdgeCAM 12.00
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCBA1B06-0AB4-4FA8-8544-D174FC0B0B12}" = Solid Edge V18
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C110930F-F966-420C-B45C-C472A7A2A535}" = EdgeCAM CAD Link
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E32410AF-D57D-0FB2-F24F-36C70F2FA733}" = Antivirus 2010
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AOL Deinstallation" = AOL Deinstallation
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"ATI Display Driver" = ATI Display Driver
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam User's Guide" = Creative Live! Cam-Benutzerhandbuch
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0470" = Creative Live! Cam Notebook Driver (1.00.03.0000)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ePresentation" = Acer ePresentation Management
"Festo Fluidsim_is1" = Festo FluidSim 3.6
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer Basic
"SightSpeed" = SightSpeed (remove only)
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TaxMetall" = TaxMetall
"TaxMetall Feinwerkmechaniker" = TaxMetall Feinwerkmechaniker
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WEB.DE Update" = WEB.DE Update
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.10.2010 11:49:38 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 03.10.2010 11:49:43 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 03.10.2010 12:13:11 | Computer Name = ACER-1547BE99DA | Source = Google Update | ID = 20
Description =
Error - 03.10.2010 13:10:26 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 03.10.2010 13:25:53 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 03.10.2010 13:35:13 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 03.10.2010 13:50:17 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 03.10.2010 14:07:16 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 03.10.2010 14:07:16 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 03.10.2010 14:07:16 | Computer Name = ACER-1547BE99DA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
[ System Events ]
Error - 03.10.2010 13:53:54 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 03.10.2010 14:07:50 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kaspersky
Anti-Virus Service.
Error - 03.10.2010 14:07:50 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 03.10.2010 14:08:20 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 03.10.2010 14:16:00 | Computer Name = ACER-1547BE99DA | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 03.10.2010 14:16:00 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 03.10.2010 14:32:04 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 03.10.2010 14:53:37 | Computer Name = ACER-1547BE99DA | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 03.10.2010 14:53:37 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 03.10.2010 15:10:11 | Computer Name = ACER-1547BE99DA | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
< End of report >
|
|
03.10.2010, 20:42
| #4 |
| /// Malware-holic | Anti-Malware Programme brechen ab bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix bitte nen rechtsklick auf den download link in der anleitung, ziehl speichern unter. lösche combofix.exe und schreibe 2345.com dann programm wie beschrieben ausführen |
|
03.10.2010, 21:17
| #5 |
| | Anti-Malware Programme brechen ab Combofix Logfile: Code:
ATTFilter ComboFix 10-10-02.02 - **** 03.10.2010 22:01:51.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.553 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\.wtav
c:\dokumente und einstellungen\XXXX\Favoriten\Games.url
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Uninstall.ini
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USERINIT
-------\Service_NPF
-------\Service_userinit
((((((((((((((((((((((( Dateien erstellt von 2010-09-03 bis 2010-10-03 ))))))))))))))))))))))))))))))
.
2010-10-03 17:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 17:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 17:15 . 2010-10-03 17:15 -------- d-----w- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-10-03 12:26 . 2008-04-14 05:52 81920 ------w- c:\windows\system32\ieencode.dll
2010-10-03 10:56 . 2010-10-03 10:56 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Spyware Terminator
2010-10-03 10:55 . 2010-10-03 10:55 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2010-10-03 10:53 . 2010-10-03 10:53 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-10-03 10:27 . 2010-10-03 10:27 6144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator\sp_rsdel.exe
2010-10-03 10:27 . 2010-10-03 10:27 5632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator\fileobjinfo.sys
2010-10-03 10:27 . 2010-10-03 10:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-10-03 10:27 . 2010-10-03 10:27 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Spyware Terminator
2010-10-03 10:26 . 2010-10-03 10:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2010-10-03 10:26 . 2010-10-03 10:26 -------- d-----w- c:\programme\Spyware Terminator
2010-10-03 10:18 . 2010-10-03 10:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-10-03 10:17 . 2010-10-03 10:17 -------- d-----w- c:\programme\SpywareBlaster
2010-10-03 09:42 . 2010-10-03 09:42 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-03 09:08 . 2010-10-03 09:09 7168 ----a-w- c:\windows\system32\drivers\utizndu1.sys
2010-10-03 08:59 . 2010-10-03 08:59 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Malwarebytes
2010-10-03 08:58 . 2010-10-03 08:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-03 08:58 . 2010-10-03 08:58 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-03 07:25 . 2010-10-03 07:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-02 11:45 . 2007-10-23 07:27 110592 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\U3\temp\cleanup.exe
2010-10-02 11:44 . 2008-05-02 08:41 3493888 ---ha-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\U3\temp\Launchpad Removal.exe
2010-10-02 11:44 . 2010-10-02 11:44 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\U3
2010-10-02 09:01 . 2007-10-23 07:27 110592 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\U3\temp\cleanup.exe
2010-10-02 09:01 . 2008-05-02 08:41 3493888 ---ha-w- c:\dokumente und einstellungen\****\Anwendungsdaten\U3\temp\Launchpad Removal.exe
2010-10-02 09:01 . 2010-10-02 09:01 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\U3
2010-09-29 03:54 . 2010-09-29 03:54 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-09-29 03:54 . 2010-09-29 03:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-09-28 17:08 . 2010-09-28 17:08 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
2010-09-28 16:37 . 2010-09-28 16:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 15:33 . 2005-03-30 23:56 507686 ----a-w- c:\windows\system32\perfh007.dat
2010-08-13 15:33 . 2005-03-30 23:56 103426 ----a-w- c:\windows\system32\perfc007.dat
2010-08-02 18:08 . 2008-08-13 15:58 1 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2007-12-26 07:39 . 2007-12-26 07:39 25842736 ----a-w- c:\programme\wmp11-windowsxp-x86-DE-DE.exe
2007-01-27 16:17 . 2007-01-27 16:17 9453630 ----a-w- c:\programme\vlc-0.8.6a-win32.exe
2006-12-14 19:14 . 2006-12-14 19:14 14464888 ----a-w- c:\programme\antivir_workstation_win7u703_de_h.exe
2006-12-10 16:22 . 2006-12-10 16:22 14879120 ----a-w- c:\programme\GoogleEarthWin.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SpywareTerminatorUpdate"="c:\programme\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-10-03 3037696]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"LManager"="c:\programme\Launch Manager\QtZgAcer.EXE" [2006-04-13 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1211041280\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"SpywareTerminator"="c:\programme\Spyware Terminator\SpywareTerminatorShield.exe" [2010-10-03 2183680]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\****\Startmen\Programme\Autostart\
OpenOffice.org 2.4.lnk - c:\programme\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ulead Photo Express SE Calendar Checker.lnk - c:\programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-12-25 61440]
EdgeCLS12.00.lnk - c:\programme\EdgeCAM\Cam\edgecls.exe [2008-1-5 724992]
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-03-09 16:59 49152 ------w- c:\programme\Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
2007-04-11 16:00 32768 ----a-r- c:\windows\V0470Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEB.DE Update]
2009-10-16 12:15 2226056 ----a-w- c:\programme\WEB.DE\LiveUpdate\m2LUTray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\1211041280\\ee\\aolsoftware.exe"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Dokumente und Einstellungen\\XXXX\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [03.10.2010 12:27 142592]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\marxdev1.sys [12.05.2007 20:07 11296]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\marxdev2.sys [12.05.2007 20:07 11296]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\marxdev3.sys [12.05.2007 20:07 11296]
R2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 14:29 29178224]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [04.08.2004 05:00 12800]
S2 gupdate1c995d6a9798c28;Google Update Service (gupdate1c995d6a9798c28);c:\programme\Google\Update\GoogleUpdate.exe [23.02.2009 17:49 133104]
S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [13.08.2008 18:15 14976]
S3 utizndu1;AVZ Kernel Driver;c:\windows\system32\drivers\utizndu1.sys [03.10.2010 11:08 7168]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [15.12.2008 19:06 146368]
.
Inhalt des "geplante Tasks" Ordners
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
FF - ProfilePath - c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pvvzljgn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-03 22:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EvtEng]
"ImagePath"="c:\programme\Intel\Wireless\Bin\EvtEng.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1c995d6a9798c28]
"ImagePath"="\"c:\programme\Google\Update\GoogleUpdate.exe\" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hardlock]
"ImagePath"="\??\c:\windows\system32\drivers\hardlock.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Haspnt]
"ImagePath"="\??\c:\windows\system32\drivers\Haspnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWICH]
"ImagePath"="system32\DRIVERS\HSFHWICH.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DPV]
"ImagePath"="system32\DRIVERS\HSF_DPV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="system32\DRIVERS\ialmnt5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IJPLMSVC]
"ImagePath"="c:\programme\Canon\IJPLM\IJPLMSVC.EXE"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\int15.sys]
"ImagePath"="\??\c:\acer\Empowering Technology\eRecovery\int15.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="c:\programme\iPod\bin\iPodService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irda]
"ImagePath"="system32\DRIVERS\irda.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Irmon]
"ServiceDll"="%SystemRoot%\System32\irmon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\programme\Java\jre6\bin\jqs.exe\" -service -config \"c:\programme\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarxDev1]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarxDev2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarxDev3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]
"ImagePath"="system32\DRIVERS\mdmxsdk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSSQL$ECSQLEXPRESS]
"ImagePath"="\"c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe\" -sECSQLEXPRESS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSSQLServerADHelper]
"ImagePath"="\"c:\programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisFilt]
"ImagePath"="System32\Drivers\NdisFilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETMNT]
"ImagePath"="system32\DRIVERS\NETMNT.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSCIRDA]
"ImagePath"="system32\DRIVERS\nscirda.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIDrvr]
"ImagePath"="system32\DRIVERS\NTIDrvr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OsaFsLoc]
"ImagePath"="\??\c:\windows\system32\drivers\OsaFsLoc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osaio]
"ImagePath"="\??\c:\windows\system32\drivers\osaio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osanbm]
"ImagePath"="\??\c:\windows\system32\drivers\osanbm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="system32\drivers\pfc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasirda]
"ImagePath"="system32\DRIVERS\rasirda.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegSrvc]
"ImagePath"="c:\programme\Intel\Wireless\Bin\RegSrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rpcapd]
"ImagePath"="\"%ProgramFiles%\WinPcap\rpcapd.exe\" -d -f \"%ProgramFiles%\WinPcap\rpcapd.ini\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitor]
"ImagePath"="c:\programme\Intel\Wireless\Bin\S24EvMon.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s24trans]
"ImagePath"="system32\DRIVERS\s24trans.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sentinel]
"ImagePath"="\SystemRoot\System32\Drivers\SENTINEL.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rsdrv2]
"ImagePath"="\??\c:\windows\system32\drivers\sp_rsdrv2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rssrv]
"ImagePath"="\"c:\programme\Spyware Terminator\sp_rsser.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SQLBrowser]
"ImagePath"="\"c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SQLWriter]
"ImagePath"="\"c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{6A9E5209-6C23-42CA-8432-D765539D7540}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tifm21]
"ImagePath"="system32\drivers\tifm21.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UBHelper]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbser]
"ImagePath"="system32\DRIVERS\usbser.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utizndu1]
"ImagePath"="\??\c:\windows\system32\Drivers\utizndu1.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VF0470Vid]
"ImagePath"="system32\DRIVERS\V0470Vid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w29n51]
"ImagePath"="system32\DRIVERS\w29n51.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WANMiniportService]
"ImagePath"="\"c:\windows\wanmpsvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wceusbsh]
"ImagePath"="system32\DRIVERS\wceusbsh.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsf]
"ImagePath"="system32\DRIVERS\HSF_CNXT.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\programme\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{281976E5-2302-4B11-8066-1D1268734F7D}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{3BFFDACF-A153-4580-A10C-73754F1F85E9}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{53079F05-745F-468E-95EF-ACDE7C479348}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{8AAAC10E-2CFC-42B4-A76E-79706E35BB86}]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\programme\Gemeinsame Dateien\AOL\ACS\WLHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Microsoft ActiveSync\WCESCOMM.EXE
c:\programme\Spyware Terminator\sp_rsser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\wanmpsvc.exe
c:\programme\OpenOffice.org 2.4\program\soffice.exe
c:\programme\OpenOffice.org 2.4\program\soffice.BIN
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-03 22:13:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-03 20:13
Vor Suchlauf: 8.178.434.048 Bytes frei
Nach Suchlauf: 8.182.923.264 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 55198F5DF8B8532E9B189288B8487421
|
|
04.10.2010, 11:09
| #6 |
| /// Malware-holic | Anti-Malware Programme brechen ab deinstaliere spybot und spyware terminator, starte neu. Start programme zubehör editor, kopiere ein: Killall:: Rootkit:: c:\windows\system32\drivers\utizndu1.sys Datei speichern unter, typ alle, ort, dort wo sich combofix.exe befindet, name cfscript.txt ziehe cfscript auf combofix, programm startet, log posten |
|
04.10.2010, 19:12
| #7 |
| | Anti-Malware Programme brechen ab und hier das neue log. 1000dank übrigens schonmal!!! Combofix Logfile: Code:
ATTFilter ComboFix 10-10-02.02 - **** 04.10.2010 19:47:49.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.599 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\****\Desktop\cfscript.txt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_utizndu1
-------\Service_utizndu1
((((((((((((((((((((((( Dateien erstellt von 2010-09-04 bis 2010-10-04 ))))))))))))))))))))))))))))))
.
2010-10-04 16:38 . 2010-10-04 16:38 -------- d-----w- C:\FOUND.027
2010-10-03 17:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 17:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 17:15 . 2010-10-03 17:15 -------- d-----w- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-10-03 12:26 . 2008-04-14 05:52 81920 ------w- c:\windows\system32\ieencode.dll
2010-10-03 10:55 . 2010-10-03 10:55 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2010-10-03 10:53 . 2010-10-03 10:53 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-10-03 10:27 . 2010-10-03 10:27 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Spyware Terminator
2010-10-03 10:18 . 2010-10-03 10:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-10-03 10:17 . 2010-10-03 10:17 -------- d-----w- c:\programme\SpywareBlaster
2010-10-03 09:42 . 2010-10-03 09:42 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-03 09:08 . 2010-10-03 09:09 7168 ----a-w- c:\windows\system32\drivers\utizndu1.sys
2010-10-03 08:59 . 2010-10-03 08:59 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Malwarebytes
2010-10-03 08:58 . 2010-10-03 08:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-03 08:58 . 2010-10-03 08:58 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-03 07:25 . 2010-10-03 07:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-02 11:45 . 2007-10-23 07:27 110592 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\U3\temp\cleanup.exe
2010-10-02 11:44 . 2008-05-02 08:41 3493888 ---ha-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\U3\temp\Launchpad Removal.exe
2010-10-02 11:44 . 2010-10-02 11:44 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\U3
2010-10-02 09:01 . 2007-10-23 07:27 110592 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\U3\temp\cleanup.exe
2010-10-02 09:01 . 2008-05-02 08:41 3493888 ---ha-w- c:\dokumente und einstellungen\****\Anwendungsdaten\U3\temp\Launchpad Removal.exe
2010-10-02 09:01 . 2010-10-02 09:01 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\U3
2010-09-29 03:54 . 2010-09-29 03:54 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-09-29 03:54 . 2010-09-29 03:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-09-28 17:08 . 2010-09-28 17:08 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
2010-09-28 16:37 . 2010-09-28 16:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 20:11 . 2006-08-19 12:30 75576 ----a-w- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-13 15:33 . 2005-03-30 23:56 507686 ----a-w- c:\windows\system32\perfh007.dat
2010-08-13 15:33 . 2005-03-30 23:56 103426 ----a-w- c:\windows\system32\perfc007.dat
2010-08-02 18:08 . 2008-08-13 15:58 1 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2007-12-26 07:39 . 2007-12-26 07:39 25842736 ----a-w- c:\programme\wmp11-windowsxp-x86-DE-DE.exe
2007-01-27 16:17 . 2007-01-27 16:17 9453630 ----a-w- c:\programme\vlc-0.8.6a-win32.exe
2006-12-14 19:14 . 2006-12-14 19:14 14464888 ----a-w- c:\programme\antivir_workstation_win7u703_de_h.exe
2006-12-10 16:22 . 2006-12-10 16:22 14879120 ----a-w- c:\programme\GoogleEarthWin.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-03_20.09.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-04 17:54 . 2010-10-04 17:54 16384 c:\windows\temp\Perflib_Perfdata_250.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"LManager"="c:\programme\Launch Manager\QtZgAcer.EXE" [2006-04-13 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1211041280\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\****\Startmen\Programme\Autostart\
OpenOffice.org 2.4.lnk - c:\programme\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ulead Photo Express SE Calendar Checker.lnk - c:\programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-12-25 61440]
EdgeCLS12.00.lnk - c:\programme\EdgeCAM\Cam\edgecls.exe [2008-1-5 724992]
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-03-09 16:59 49152 ------w- c:\programme\Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
2007-04-11 16:00 32768 ----a-r- c:\windows\V0470Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEB.DE Update]
2009-10-16 12:15 2226056 ----a-w- c:\programme\WEB.DE\LiveUpdate\m2LUTray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\1211041280\\ee\\aolsoftware.exe"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Dokumente und Einstellungen\\XXXX\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\SightSpeed\\SightSpeed.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\marxdev1.sys [12.05.2007 20:07 11296]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\marxdev2.sys [12.05.2007 20:07 11296]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\marxdev3.sys [12.05.2007 20:07 11296]
R2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 14:29 29178224]
S2 gupdate1c995d6a9798c28;Google Update Service (gupdate1c995d6a9798c28);c:\programme\Google\Update\GoogleUpdate.exe [23.02.2009 17:49 133104]
S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [13.08.2008 18:15 14976]
S3 mvb35316;mvb35316; [x]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [15.12.2008 19:06 146368]
.
Inhalt des "geplante Tasks" Ordners
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]
2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
FF - ProfilePath - c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pvvzljgn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-SpybotSD TeaTimer - c:\programme\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-SpywareTerminatorUpdate - c:\programme\Spyware Terminator\SpywareTerminatorUpdate.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-04 19:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2000)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\programme\Gemeinsame Dateien\AOL\ACS\WLHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\progra~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Microsoft ActiveSync\WCESCOMM.EXE
c:\programme\OpenOffice.org 2.4\program\soffice.exe
c:\programme\OpenOffice.org 2.4\program\soffice.BIN
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-04 19:59:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-04 17:59
ComboFix2.txt 2010-10-03 20:13
Vor Suchlauf: 8.228.831.232 Bytes frei
Nach Suchlauf: 8.205.107.200 Bytes frei
- - End Of File - - BF183ABF95EDBE9F5EDC0BC06E8563AF
|
|
04.10.2010, 20:24
| #8 |
| /// Malware-holic | Anti-Malware Programme brechen ab versuch mal Malwarebytes zu deinstalieren, instaliere es dann neu, läuft es? |
|
04.10.2010, 20:36
| #9 |
| | Anti-Malware Programme brechen ab boah saugeil!  er läuft zumindest! lass ihn mal durchrennen und installier dann nochmal spybot und dann gibts noch ne Info von mir. Sieht aber schon echt TOP aus! Vielen vielen Dank bis hierher!!  |
|
04.10.2010, 20:38
| #10 |
| /// Malware-holic | Anti-Malware Programme brechen ab spybot nicht, das ist nicht so nützlich finde ich. |
|
04.10.2010, 21:41
| #11 |
| |  Anti-Malware Programme brechen ab so alles gescannt, alles sauber, alles funktioniert wieder ohne probleme!  |
|
05.10.2010, 10:05
| #12 |
| /// Malware-holic | Anti-Malware Programme brechen ab nicht so schnell. bitte öffne arbeitsplatz, c: rechtsklick auf qoobox, zu qoobox.rar oder zip hinzufügen, archiv hochladen. http://www.trojaner-board.de/54791-a...ner-board.html bitte poste neue otl logfiles. |
|
05.10.2010, 16:54
| #13 |
| | Anti-Malware Programme brechen ab ähm, du sorry... beitrag zu spät gelesen... gerade eben war mein kumpel da und ich hab ihm das notebook in die handgedrückt... :-/ |
|
05.10.2010, 16:56
| #14 |
| /// Malware-holic | Anti-Malware Programme brechen ab dann soll ers bei gelegenheit halt noch mal bringen, weis ja net obs schon sauber ist |
|
| Themen zu Anti-Malware Programme brechen ab |
| abgesicherten, andere, anderen, anti-malware, brechen ab, fehler, festplatte, gescannt, gesucht, hallo zusammen, hijack, hängen, installieren, laufen, malwarebytes, modus, nichts, notebook, platte, programme, scan, scanne, scannen, spybot, spyware, verdammt, zusammen |
Linear-Darstellung
