Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.10.2011, 19:11   #1
Boeing
 
TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner - Standard

TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner



Hallo,

ich habe mehrere Trojaner auf meinem Rechner gehabt. Diese verhinderten die Ausführung von MBAM und Antivir. Nach Neuinstallation im abgesicherten Modus ließ sich das meiste entfernen (im abgesicherten und dann auch im normalen Modus). Dies geschah mit TDSSkiller, MBAM und Antivir.

Seitdem spinnen die TCP/IP-Verbindungen und sind nur noch manuell konfigurierbar.

Ich frage mich nun, ob ich alles beseitigt habe.

Gruß Boeing

Anbei die Logfiles:
OTL logfile created on: 05.10.2011 16:58:26 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\lsy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 76,13% Memory free
2,78 Gb Paging File | 2,29 Gb Available in Paging File | 82,61% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,95 Gb Total Space | 3,06 Gb Free Space | 5,89% Space Free | Partition Type: NTFS

Computer Name: WORKPADSJ | User Name: lsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.05 16:52:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe
PRC - [2011.09.23 18:08:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 18:01:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 11:38:18 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.16 02:34:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.11.17 10:35:22 | 002,530,656 | ---- | M] (ashampoo GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe
PRC - [2008.04.17 14:00:00 | 000,118,784 | R--- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\PSUtility\TrayManager.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 17:37:40 | 000,088,616 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2007.11.07 11:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2007.04.06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.exe
PRC - [2007.04.05 14:57:52 | 003,251,800 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe
PRC - [2006.07.21 06:14:00 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2006.04.20 14:23:46 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005.07.21 14:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005.07.21 14:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.05 14:57:52 | 003,251,800 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe
MOD - [2007.04.03 12:09:56 | 000,393,728 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WirelessSelectorService)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (NitroReaderDriverReadSpool2)
SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gtdetectsc)
SRV - File not found [Auto | Stopped] -- -- (EPGService)
SRV - File not found [Auto | Stopped] -- -- (DfSdkS)
SRV - File not found [Auto | Stopped] -- -- (AgereModemAudio)
SRV - File not found [Auto | Stopped] -- -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - File not found [Auto | Stopped] -- -- (AAV UpdateService)
SRV - [2011.09.23 18:08:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.23 18:01:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.04.14 14:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008.04.14 14:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ASFWHide)
DRV - [2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.08.31 20:08:01 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.09.02 01:37:16 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)
DRV - [2009.07.27 01:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009.07.27 01:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.11.16 21:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.27 03:39:42 | 000,332,928 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2008.04.17 06:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 14:00:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2008.03.20 14:00:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.28 00:46:28 | 000,418,304 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw66xxx.sys -- (hcw66xxx)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.21 15:09:00 | 000,029,184 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2007.08.03 11:27:04 | 001,470,592 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211) ZSMC USB PC Camera (ZS0211)
DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.07.21 14:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005.06.10 07:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005.04.18 16:15:54 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2004.01.16 14:00:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001.08.01 11:00:22 | 000,005,248 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.07 07:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.13 18:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.03 20:57:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.07.31 13:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.07.03 20:57:24 | 000,000,000 | ---D | M]

[2010.08.26 11:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions
[2009.10.27 22:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2010.08.26 11:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.30 14:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions
[2009.12.30 21:25:32 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.04.30 11:08:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.24 22:54:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.03.25 00:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\nostmp
[2011.10.05 13:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.09 07:33:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.07 13:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.18 21:13:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\LSY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\8XHGCZ5A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\LSY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\8XHGCZ5A.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2010.04.13 19:30:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.09.13 18:05:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.17 11:22:35 | 000,432,370 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Ashampoo FireWall] C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TvOutSwitch] C:\Addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP)
O4 - HKCU..\Run: [ABBYY Screenshot Reader Bonus] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - HKCU..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\web'n'walk Manager.lnk = C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range39 ([*] in Lokales Intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248270700551 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248337956218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B738C1-7B83-4F45-8C4E-E6C2A096D24F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B738C1-7B83-4F45-8C4E-E6C2A096D24F}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.20 06:45:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45b517ff-5cec-11df-af06-00216a78a3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{45b517ff-5cec-11df-af06-00216a78a3ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45b517ff-5cec-11df-af06-00216a78a3ee}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{a6b54888-a5a8-11e0-992d-00232669a847}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b54888-a5a8-11e0-992d-00232669a847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6b54888-a5a8-11e0-992d-00232669a847}\Shell\AutoRun\command - "" = E:\preinst.exe
O33 - MountPoints2\{e22259f2-c537-11de-925c-00216a78a3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{e22259f2-c537-11de-925c-00216a78a3ee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e22259f2-c537-11de-925c-00216a78a3ee}\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (DfSDKBt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Nero BackItUp Scheduler 3"
MsConfig - StartUpReg: Load - hkey= - key= - File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: Run - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011.10.05 16:52:36 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe
[2011.10.05 16:50:10 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\39989033.sys
[2011.10.05 14:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.10.05 14:02:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco Systems VPN Client
[2011.10.05 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Deterministic Networks
[2011.10.05 13:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.10.05 13:57:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.10.05 13:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.10.05 13:55:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\lsy\Recent
[2011.10.05 13:42:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Ashampoo
[2011.10.05 13:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ashampoo
[2011.10.05 13:14:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.10.05 09:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Avira
[2011.10.05 09:18:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.10.05 09:18:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.10.05 09:18:40 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.10.05 09:18:40 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.10.05 09:18:40 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.10.05 09:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.10.03 13:54:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Eigene Videos
[2011.10.03 13:51:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.10.03 13:38:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\lsy\Desktop\dds.scr
[2011.10.03 09:54:07 | 000,000,000 | ---D | C] -- C:\Programme\M4a to MP3 Converter
[2011.09.14 03:04:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Kathi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011.10.05 16:57:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\defogger_reenable
[2011.10.05 16:52:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe
[2011.10.05 16:50:10 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\39989033.sys
[2011.10.05 14:04:35 | 000,459,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.10.05 14:04:35 | 000,441,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.05 14:04:35 | 000,085,224 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.10.05 14:04:35 | 000,071,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.05 14:03:40 | 000,001,680 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\VPN Client.lnk
[2011.10.05 14:03:40 | 000,001,124 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Crewportal via VPN.lnk
[2011.10.05 14:03:33 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2011.10.05 14:02:56 | 000,001,974 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.10.05 13:56:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.05 13:56:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.05 13:56:15 | 3148,304,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.05 13:41:03 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Ashampoo FireWall.lnk
[2011.10.05 13:25:03 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.10.05 13:12:33 | 000,000,372 | ---- | M] () -- C:\WINDOWS\delrws.bat
[2011.10.05 13:07:40 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2011.10.05 09:17:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1117667205
[2011.10.03 13:51:19 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011.10.03 13:41:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\lsy\Desktop\dds.scr
[2011.10.01 11:48:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.09.25 22:05:38 | 000,119,208 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\MYCP-Aufnahmeantrag.pdf
[2011.09.20 21:25:01 | 000,313,060 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Kündigung.pdf
[2011.09.20 20:23:28 | 000,000,096 | ---- | M] () -- C:\WINDOWS\HAFASWIN.INI
[2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.05 16:57:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\defogger_reenable
[2011.10.05 14:03:40 | 000,001,680 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\VPN Client.lnk
[2011.10.05 14:03:40 | 000,001,124 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Crewportal via VPN.lnk
[2011.10.05 14:02:56 | 000,001,974 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.10.05 13:41:03 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Ashampoo FireWall.lnk
[2011.10.05 13:34:17 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp
[2011.10.05 13:34:17 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp
[2011.10.05 13:34:17 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp
[2011.10.05 13:34:17 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp
[2011.10.05 13:34:17 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011.10.05 13:34:17 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp
[2011.10.05 13:34:16 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp
[2011.10.05 13:34:16 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp
[2011.10.05 13:34:16 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp
[2011.10.05 13:34:16 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp
[2011.10.05 13:34:16 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp
[2011.10.05 13:34:13 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011.10.05 13:34:13 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011.10.05 13:34:13 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011.10.05 13:34:13 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011.10.05 13:34:13 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011.10.05 13:34:13 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011.10.05 13:34:13 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011.10.05 13:34:13 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011.10.05 13:34:12 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011.10.05 13:34:12 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011.10.05 13:34:12 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011.10.05 13:34:12 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011.10.05 13:34:12 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011.10.05 13:34:12 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2011.10.05 13:34:12 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011.10.05 13:34:12 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011.10.05 13:34:12 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2011.10.05 13:34:12 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011.10.05 13:34:12 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2011.10.05 13:34:11 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011.10.05 13:12:33 | 000,000,372 | ---- | C] () -- C:\WINDOWS\delrws.bat
[2011.10.05 13:02:53 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.10.05 11:20:02 | 3148,304,384 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.03 13:51:19 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011.10.03 10:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1117667205
[2011.09.25 22:03:08 | 000,119,208 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\MYCP-Aufnahmeantrag.pdf
[2011.09.20 21:24:38 | 000,313,060 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Kündigung.pdf
[2011.08.02 20:45:00 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.08.02 20:43:49 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011.07.21 10:42:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2011.05.23 22:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011.04.21 18:35:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\AVSDVDPlayer.m3u
[2011.03.03 00:54:00 | 000,000,086 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2010.07.03 15:57:27 | 000,000,399 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2010.07.03 15:57:25 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010.07.03 15:57:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2010.07.03 15:56:19 | 000,032,135 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010.07.03 15:56:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010.07.03 15:55:10 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.07.03 15:55:09 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2010.07.03 15:53:59 | 000,004,527 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010.07.03 15:52:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.03.23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009.12.02 14:42:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009.11.29 22:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2009.11.18 16:38:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2009.11.05 16:14:34 | 000,228,216 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstaller_tmccUninstall.exe
[2009.11.01 17:28:08 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini
[2009.11.01 17:28:04 | 000,065,973 | ---- | C] () -- C:\WINDOWS\sem_GCXXUninstall.exe
[2009.11.01 17:27:57 | 000,072,985 | ---- | C] () -- C:\WINDOWS\OptionPluss_PCCardInstallerUninstall.exe
[2009.11.01 17:27:57 | 000,067,722 | ---- | C] () -- C:\WINDOWS\OptionHsdpaGTMax72ExpressInstallerUninstall.exe
[2009.11.01 17:27:56 | 000,091,622 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstallerUninstall.exe
[2009.10.27 23:12:18 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.27 23:12:18 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.24 23:35:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.24 04:14:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2009.10.24 04:14:18 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2009.10.24 02:52:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009.10.24 02:47:06 | 000,000,096 | ---- | C] () -- C:\WINDOWS\HAFASWIN.INI
[2009.10.24 02:46:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2009.10.24 02:41:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.24 02:22:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.23 15:38:17 | 000,087,552 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 15:18:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2009.07.22 15:32:54 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.07.22 15:32:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2009.07.22 15:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.22 15:24:28 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009.07.22 15:24:28 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009.07.22 15:24:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009.05.20 07:35:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.05.20 07:34:26 | 000,312,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.20 07:08:33 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009.05.20 06:49:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.05.20 06:41:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.05.20 06:27:37 | 000,001,098 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.05.20 06:27:19 | 000,459,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.05.20 06:27:19 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.05.20 06:27:19 | 000,085,224 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.05.20 06:27:19 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.05.20 06:27:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.05.20 06:26:59 | 000,441,960 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.05.20 06:26:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.05.20 06:26:59 | 000,071,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.05.20 06:26:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.05.20 06:26:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.05.20 06:26:56 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.05.20 06:26:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.05.20 06:26:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.05.20 06:26:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.05.20 06:26:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.05.20 06:26:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2007.08.06 13:34:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\bmverify.exe

========== LOP Check ==========

[2010.03.03 12:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2011.01.18 13:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010.05.11 12:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Birdstep Technology
[2011.09.16 20:47:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2009.10.23 15:28:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CENKEYS
[2011.07.03 21:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.12.30 21:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2009.10.24 02:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon
[2010.09.07 07:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.10.24 02:52:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2011.07.03 20:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2010.01.07 12:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.12.16 22:42:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet
[2011.09.29 13:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rose Point Navigation Systems
[2011.07.20 20:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2011.07.03 21:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.09.16 20:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Canon
[2011.07.03 20:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Downloaded Installations
[2011.08.17 02:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox
[2011.06.08 15:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Epson
[2010.01.21 11:59:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\GARMIN
[2011.08.02 20:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Gutscheinmieze
[2009.10.24 02:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\HaCon
[2010.05.05 18:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\IrfanView
[2011.01.10 12:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Local
[2011.09.29 17:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Nitro PDF
[2010.01.09 09:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Nokia
[2010.08.29 15:25:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Notepad++
[2009.10.24 12:39:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\OpenOffice.org
[2010.09.07 07:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\PC Suite
[2009.10.30 11:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Programme
[2009.10.27 22:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Scendix Software
[2011.08.31 05:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Simfy
[2010.08.26 11:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Thunderbird
[2011.06.29 20:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\TrueCrypt
[2010.02.04 08:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.05.17 18:14:36 | 000,000,000 | ---D | M] -- C:\Addon
[2010.05.01 00:24:12 | 000,000,000 | ---D | M] -- C:\ChartKit
[2011.10.05 14:03:33 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010.05.03 18:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.09.30 18:30:35 | 000,000,000 | ---D | M] -- C:\DOSBOX
[2010.07.09 13:55:58 | 000,000,000 | ---D | M] -- C:\Garmin
[2010.12.13 12:02:06 | 000,000,000 | ---D | M] -- C:\Intel
[2010.12.08 15:36:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.07.03 21:19:16 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.10.05 13:57:38 | 000,000,000 | R--D | M] -- C:\Programme
[2009.10.23 14:45:14 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.04.22 13:45:59 | 000,000,000 | ---D | M] -- C:\Spiele
[2011.10.05 14:27:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.03 13:53:22 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2009.12.30 21:26:43 | 000,000,000 | ---D | M] -- C:\WebUpdater
[2011.10.05 14:03:36 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-29 04:06:53

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB58498$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
OTL Extras logfile created on: 05.10.2011 16:58:26 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\lsy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 76,13% Memory free
2,78 Gb Paging File | 2,29 Gb Available in Paging File | 82,61% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,95 Gb Total Space | 3,06 Gb Free Space | 5,89% Space Free | Partition Type: NTFS

Computer Name: WORKPADSJ | User Name: lsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ALFA\AWUS036H Wireless LAN Utility\RtWLan.exe" = C:\Programme\ALFA\AWUS036H Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate
"D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabledropbox
"C:\Programme\Funkwerk Secure IPSec Client\NCPMON.exe" = C:\Programme\Funkwerk Secure IPSec Client\NCPMON.exe:*isabled:ncpmon.exe
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*isabled:Winamp -- (Nullsoft, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26
"{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}" = Lifebook Application Panel
"{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{469ED3E8-D21E-40E8-B00F-63516D26FAE3}" = O2Micro Flash Memory Card Windows Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}" = OZ711 SCR Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
"{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (German) 2010
"{90140000-001C-0407-0000-0000000FF1CE}_Office14.AccessRT_{264417E7-E622-456E-9666-3298344AF72C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.AccessRT_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A16D4B6A-7EEB-40B1-7563-05555591C5C4}" = simfy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A75BDD40-6540-4922-BFF7-D9DCCECAD714}" = Nitro PDF Reader 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1" = sipgate X-Lite 1105c ger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"{E6601849-7CD7-4426-BB04-4F0BEDB481C7}" = nv.digital
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD7BF5F3-C6DE-45B6-A0E2-EA623CB93776}" = abas GUI Tools
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo FireWall_is1" = Ashampoo FireWall 1.20
"Ashampoo UnInstaller 2010_is1" = Ashampoo UnInstaller 2010
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CCleaner" = CCleaner
"Chart Navigator Pro" = Chart Navigator Pro
"Defraggler" = Defraggler
"dm-Fotowelt" = dm-Fotowelt
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{469ED3E8-D21E-40E8-B00F-63516D26FAE3}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"InstallShield_{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"InstallShield_{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}" = OZ711 SCR Driver
"InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{FD7BF5F3-C6DE-45B6-A0E2-EA623CB93776}" = abas GUI Tools
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MSMONEYV80" = Microsoft Money 2000
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"Nokia PC Suite" = Nokia PC Suite
"Office14.AccessRT" = Microsoft Access Runtime 2010
"OptionHsdpaGTMax72ExpressInstaller" = Option HSDPA GTMax 7.2 Express Card driver
"OptionPCCardInstaller" = Option PC Cards driver package
"OptionPCCardInstaller_tmcc" = Option PC Cards driver package
"OptionPluss_PCCardInstaller" = Option GT HSDPA driver suit
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"sem_GCXX" = Sony Ericsson GCXX (75/79/82/83/85/89)
"Simfy" = simfy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"VBB-Fahrinfo offline" = VBB-Fahrinfo offline starten
"VLC media player" = VLC media player 1.1.9
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.10.2011 05:23:41 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

Error - 03.10.2011 05:35:57 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

Error - 03.10.2011 05:44:08 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

Error - 03.10.2011 06:22:16 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

Error - 04.10.2011 06:32:15 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

Error - 05.10.2011 03:11:57 | Computer Name = WORKPADSJ | Source = VSSetup | ID = 5000
Description = EventType vssetup, P1 microsoft visual c++ 2010 x86 redistributable
setup, P2 10.0.40219, P3 10.0.40219.1, P4 1, P5 vc_red.msi, P6 install_i_silent_error,
P7 1601, P8 0, P9 , P10 NIL.

Error - 05.10.2011 03:11:58 | Computer Name = WORKPADSJ | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor

Error - 05.10.2011 03:13:14 | Computer Name = WORKPADSJ | Source = VSSetup | ID = 5000
Description = EventType vssetup, P1 microsoft visual c++ 2010 x86 redistributable
setup, P2 10.0.40219, P3 10.0.40219.1, P4 1, P5 vc_red.msi, P6 install_i_silent_error,
P7 1601, P8 0, P9 , P10 NIL.

Error - 05.10.2011 03:13:14 | Computer Name = WORKPADSJ | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor

Error - 05.10.2011 05:21:51 | Computer Name = WORKPADSJ | Source = MsiInstaller | ID = 11706
Description = Product: Cisco Systems VPN Client 5.0.07.0290 -- Error 1706. No valid
source could be found for product Cisco Systems VPN Client 5.0.07.0290. Windows
Installer cannot continue.

[ System Events ]
Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Defragmentation-Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Matrix Storage Event Monitor" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2

Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NitroPDFReaderDriverCreatorReadSpool2" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2

Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WirelessSelectorService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 05.10.2011 07:56:31 | Computer Name = WORKPADSJ | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

Error - 05.10.2011 07:56:31 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2


< End of report >

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-05 20:10:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AGBA
Running: 3mcory6g.exe; Driver: C:\DOKUME~1\lsy\LOKALE~1\Temp\uwryipoc.sys


---- System - GMER 1.0.15 ----

SSDT A4FC6DFC ZwClose
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0x91FC8930]
SSDT A4FC6DB6 ZwCreateKey
SSDT A4FC6E06 ZwCreateSection
SSDT A4FC6DAC ZwCreateThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0x91FC8F20]
SSDT A4FC6DBB ZwDeleteKey
SSDT A4FC6DC5 ZwDeleteValueKey
SSDT A4FC6DF7 ZwDuplicateObject
SSDT A4FC6DCA ZwLoadKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0x91FC8D70]
SSDT A4FC6D98 ZwOpenProcess
SSDT A4FC6D9D ZwOpenThread
SSDT \??\C:\DOKUME~1\lsy\LOKALE~1\Temp\ASFWHide ZwQuerySystemInformation [0xA48C6486]
SSDT A4FC6E1F ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0x91FD5250]
SSDT A4FC6DD4 ZwReplaceKey
SSDT A4FC6E10 ZwRequestWaitReplyPort
SSDT A4FC6DCF ZwRestoreKey
SSDT A4FC6E0B ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0x91FC9120]
SSDT A4FC6E15 ZwSetSecurityObject
SSDT A4FC6DC0 ZwSetValueKey
SSDT A4FC6E1A ZwSystemDebugControl
SSDT A4FC6DA7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text iaStor.sys B9E35D42 4 Bytes JMP 8697DD3C
.text iaStor.sys B9E35E1A 4 Bytes JMP 8697DD3C
.text iaStor.sys B9E36814 4 Bytes JMP 85ECEC8C
.text iaStor.sys B9E36B35 4 Bytes JMP 85ECEC8C
.text iaStor.sys B9E595FC 4 Bytes JMP 8697DD3C
.text ...
.text CLASSPNP.SYS!ClassReleaseRemoveLock + 193 BA0E8553 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassCompleteRequest + D BA0E8BF0 4 Bytes JMP 86B7B114
.text CLASSPNP.SYS!ClassCompleteRequest + 3F6 BA0E8FD9 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassSendSrbSynchronous + EE BA0E918C 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassDeviceControl + BD BA0E9591 4 Bytes JMP 86B7B114
.text CLASSPNP.SYS!ClassReleaseQueue + EA BA0EA372 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassReleaseChildLock + 66 BA0EA9C6 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassSendIrpSynchronous + 3A BA0EAB90 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassGetDriverExtension + 15D BA0EB131 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassFindModePage + 1D3 BA0EB775 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassFindModePage + 77F BA0EBD21 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassFindModePage + 9A6 BA0EBF48 4 Bytes JMP 86A3C114
.text CLASSPNP.SYS!ClassFindModePage + ADC BA0EC07E 4 Bytes JMP 860C4DB4
.text CLASSPNP.SYS!ClassFindModePage + B06 BA0EC0A8 4 Bytes JMP 86FBE1EC
.text ...
.text CLASSPNP.SYS!ClassInternalIoControl + 87 BA0ECFAF 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassGetVpb + 167 BA0ED1AB 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassSendStartUnit + C9 BA0ED421 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassSendSrbAsynchronous + 10D BA0ED56C 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassWmiFireEvent + 3A9 BA0EDA16 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassWmiFireEvent + 843 BA0EDEB0 4 Bytes JMP 86FBE1EC
.text CLASSPNP.SYS!ClassIoCompleteAssociated + 18B BA0EE4E9 4 Bytes JMP 86A3C114
PAGE CLASSPNP.SYS!ClassDebugPrint + 59B BA0EEB33 4 Bytes JMP 86FBE1EC
PAGE CLASSPNP.SYS!ClassDebugPrint + 7B5 BA0EED4D 4 Bytes JMP 86FBE1EC
PAGE CLASSPNP.SYS!ClassInvalidateBusRelations + 203 BA0EF23A 4 Bytes JMP 86FBE1EC
PAGE CLASSPNP.SYS!ClassInitialize + 6C0 BA0EF9F8 4 Bytes JMP 86FBE1EC
PAGE CLASSPNP.SYS!ClassModeSense + 57D BA0F1B68 4 Bytes JMP 86FBE1EC
.text SCSIPORT.SYS!ScsiPortInitialize B77B46AF 4 Bytes JMP 89FD8D44
.text SCSIPORT.SYS!ScsiPortInitialize B77B4A45 4 Bytes JMP 89FD8D44
.text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 852 B77B5D5A 4 Bytes JMP 86E8953C
.text SCSIPORT.SYS!ScsiPortGetUncachedExtension + FB6 B77B64BE 4 Bytes JMP 86F46FAC
.text SCSIPORT.SYS!ScsiPortGetUncachedExtension + FDA B77B64E2 4 Bytes JMP 89FD8D44
.text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 1710 B77B6C18 4 Bytes JMP 86E8953C
.text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 17F8 B77B6D00 4 Bytes JMP 86E8953C
.text ...
.text SCSIPORT.SYS!ScsiPortCompleteRequest + 10C B77B9576 4 Bytes JMP 86E8953C
.text SCSIPORT.SYS!ScsiPortCompleteRequest + 1A9 B77B9613 4 Bytes JMP 86F46FAC
.text SCSIPORT.SYS!ScsiPortCompleteRequest + 2BA B77B9724 4 Bytes JMP 86DE16AC
.text SCSIPORT.SYS!ScsiPortCompleteRequest + 2F6 B77B9760 4 Bytes JMP 86F46FAC
.text SCSIPORT.SYS!ScsiPortCompleteRequest + 3F0 B77B985A 4 Bytes JMP 86F46FAC
.text ...
PAGE SCSIPORT.SYS!ScsiPortInitialize + E91 B77C0E05 4 Bytes JMP 89FD8D44
PAGE SCSIPORT.SYS!ScsiPortInitialize + FFA B77C0F6E 4 Bytes JMP 89FD8D44
PAGE SCSIPORT.SYS!ScsiPortInitialize + 20AE B77C2022 4 Bytes JMP 86F46FAC
PAGE SCSIPORT.SYS!ScsiPortInitialize + 2125 B77C2099 4 Bytes JMP 89FD8D44
PAGE SCSIPORT.SYS!ScsiPortInitialize + 25CD B77C2541 4 Bytes [44, 8D, FD, 89]
PAGE ...
? C:\DOKUME~1\lsy\LOKALE~1\Temp\ASFWHide Das System kann die angegebene Datei nicht finden. !
? system32\drivers\81955823.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 106AA800 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106AA792 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104B229C C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104B2861 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00401410 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\59010218 \Device\KLMD14092011_206080 81955823.sys
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB58498$\2235539010 0 bytes
File C:\WINDOWS\$NtUninstallKB58498$\2235539010\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB58498$\2235539010\L 0 bytes
File C:\WINDOWS\$NtUninstallKB58498$\2235539010\L\vbsidxak 456320 bytes
File C:\WINDOWS\$NtUninstallKB58498$\2235539010\U 0 bytes
File C:\WINDOWS\$NtUninstallKB58498$\3704701377 0 bytes

---- EOF - GMER 1.0.15 ----

Alt 05.10.2011, 21:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner - Standard

TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner



Zitat:
Dies geschah mit TDSSkiller, MBAM und Antivir.
Dann bitte auch davon alle Logs nachreichen.
__________________

__________________

Alt 05.10.2011, 21:59   #3
Boeing
 
TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner - Standard

TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner



Hi,

hier sind alle logs, bei denen etwas gefunden wurde.

Gruss Boieng
__________________

Alt 05.10.2011, 22:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner - Standard

TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner



Sry aber dieses System wird man wohl nicht mehr retten können, dafür wurde offensichtlich zuviel zerstört. Etliche Dateien wurden manipuliert (Patchload) und ein ZeroAccess-Rootkit seh ich da auch.

Du solltest umgehend eine Neuinstallation von Windows durchführen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.10.2011, 22:20   #5
Boeing
 
TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner - Standard

TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner



Ok,

Danke


Antwort

Themen zu TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner
.com, 0x00000001, 32 bit, ashampoo uninstaller, avira, bho, c:\windows\system32\rundll32.exe, classpnp.sys, document, einstellungen, entfernen, error, fehler, firefox, format, frage, getwindowinfo, helper, intranet, kaspersky, mozilla thunderbird, mp3, msiinstaller, ntdll.dll, object, realtek, registry, rundll, safer networking, saving, scan, security, security update, software, super, t-mobile, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojane, trojaner, udp, windows internet



Ähnliche Themen: TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner


  1. Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen
    Log-Analyse und Auswertung - 05.06.2013 (33)
  2. WebPage.Gen, TR/Crypt.XPACK.Gen, HEUR/Modified.SystemFile und weitere unerwünschte Besucher
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (37)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  5. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  6. Spaß mit TR/ATRAPS.Gen2, TR/Kazy.mekml.1 und Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (1)
  7. TR/Kazy.7103, TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (12)
  8. TR/Crypt.XPACK.Gen2, TR/Hiloti, und weitere Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 21.11.2010 (5)
  9. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  10. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  11. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Log-Analyse und Auswertung - 09.04.2010 (4)
  12. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  13. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  14. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)
  15. Trojaner mit Ausbreitung: Trojan/Crypt.IL.2 und weitere
    Plagegeister aller Art und deren Bekämpfung - 15.06.2009 (2)
  16. Trojaner 'TR/Crypt.XPACK.Gen' gefunden, Sorge um weitere Trojaner
    Log-Analyse und Auswertung - 28.09.2008 (0)
  17. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Mülltonne - 25.08.2008 (0)

Zum Thema TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner - Hallo, ich habe mehrere Trojaner auf meinem Rechner gehabt. Diese verhinderten die Ausführung von MBAM und Antivir. Nach Neuinstallation im abgesicherten Modus ließ sich das meiste entfernen (im abgesicherten und - TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner...
Archiv
Du betrachtest: TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.