Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...

Rivfader · 27.11.2009, 20:11

Teil 2:

Code:

ATTFilter

========== Files/Folders - Created Within 14 Days ==========
 
[2009.11.27 19:38:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Scans
[2009.11.27 19:32:41 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2009.11.27 16:54:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.27 16:47:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.27 16:47:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.27 16:47:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.27 16:47:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.27 16:47:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.27 16:46:12 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.26 18:04:37 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\Programme\trend micro
[2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.17 17:47:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.11.15 10:45:15 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.14 11:07:17 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
[2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2009.11.14 00:12:55 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe
[2009.11.14 00:07:57 | 00,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2009.11.13 23:53:45 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.13 23:52:47 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe
[2006.11.15 10:48:56 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2009.11.27 19:26:33 | 00,195,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.11.27 19:26:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.27 19:23:03 | 00,054,112 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.11.27 19:22:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.27 19:22:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.27 19:22:33 | 21,448,00768 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.27 19:21:14 | 07,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2009.11.27 19:21:13 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.27 19:21:13 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.27 19:21:13 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.27 19:20:58 | 00,074,752 | ---- | M] () -- C:\uninstall.exe
[2009.11.27 17:57:07 | 00,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.11.27 17:16:39 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.27 16:54:21 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.11.27 16:41:20 | 03,577,870 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2009.11.26 23:51:34 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.26 18:33:12 | 00,292,352 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe
[2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Florian Störzer\Desktop\OTL.exe
[2009.11.25 20:08:59 | 00,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2009.11.24 20:10:36 | 00,146,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.20 07:59:41 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2009.11.20 07:59:35 | 04,276,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.11.17 21:10:05 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\rdkdc
[2009.11.15 10:45:16 | 00,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2009.11.14 11:07:13 | 00,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.14 00:12:55 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe
[2009.11.13 23:52:47 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.27 17:36:35 | 00,074,752 | ---- | C] () -- C:\uninstall.exe
[2009.11.27 16:54:20 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.11.27 16:54:17 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.11.27 16:47:48 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.27 16:47:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.27 16:47:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.27 16:47:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.27 16:47:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.27 16:41:09 | 03,577,870 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2009.11.26 18:33:12 | 00,292,352 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe
[2009.11.25 20:08:54 | 00,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2009.11.17 21:10:05 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\rdkdc
[2009.11.15 10:45:16 | 00,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2009.11.14 11:07:13 | 00,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.08 18:10:27 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.05.08 18:10:26 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.05.08 18:10:11 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.25 13:55:32 | 00,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008.02.20 20:24:36 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008.02.20 20:00:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008.02.03 15:05:44 | 00,000,120 | ---- | C] () -- C:\WINDOWS\buhl.ini
[2008.02.03 15:04:55 | 00,000,636 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2007.12.31 15:12:13 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.11.29 23:30:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007.11.28 22:52:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.11.26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.11.03 21:01:14 | 00,000,288 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2007.09.02 09:43:53 | 00,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.08.13 19:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007.07.26 16:37:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.26 16:37:15 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.28 19:18:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2006.12.23 14:04:51 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.12.23 14:04:51 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.12.14 22:08:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.12.11 20:55:33 | 00,146,944 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.10 23:01:11 | 00,004,583 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2006.12.10 19:41:02 | 00,003,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
[2006.12.10 19:30:40 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.10 18:59:27 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006.12.10 18:48:44 | 00,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.11.16 23:43:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.16 17:21:55 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.11.16 17:21:55 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.11.16 17:21:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.11.16 17:21:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.11.16 17:20:27 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.11.16 17:18:53 | 00,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.11.16 17:18:19 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.11.16 17:17:05 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2006.11.16 17:09:10 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.11.16 16:26:21 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.11.16 16:22:01 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.11.15 10:50:21 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.11.15 10:50:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.11.15 10:50:20 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.11.15 10:50:19 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.11.15 10:46:09 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006.10.22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.02 16:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002.04.11 19:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
 
========== LOP Check ==========
 
[2008.10.18 14:34:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2008.04.09 19:35:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2007.12.09 14:52:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2008.11.20 21:33:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fallout3
[2008.10.31 21:07:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2006.11.16 17:20:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2007.02.02 21:19:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2007.02.24 16:01:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.03.14 19:27:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009.09.13 08:48:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.12 10:26:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006.12.11 21:55:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ankh
[2008.11.12 19:58:40 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ankh - Heart of Osiris
[2008.04.09 19:36:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service
[2006.12.15 21:49:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2007.10.03 15:37:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2006.12.24 00:09:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX
[2008.11.19 20:34:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mp3tag
[2007.02.02 21:20:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia
[2007.02.28 18:58:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite
[2006.12.19 21:16:10 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
[2007.10.30 07:10:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft
[2007.02.24 16:04:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2007.11.12 19:15:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\temp
[2006.12.10 19:41:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template
[2006.12.10 19:05:23 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
[2009.11.27 19:20:58 | 00,074,752 | ---- | M] () -- C:\uninstall.exe
[2009.10.25 20:43:48 | 32,832,4136 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-DEU.exe
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\recover\WINDOWS\system32\eventlog.dll
[1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\recover\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 03:22:10 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\recover\WINDOWS\system32\scecli.dll
[1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\recover\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 03:22:23 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\recover\WINDOWS\system32\netlogon.dll
[1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\recover\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 03:22:19 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< End of report >

Die Extra.txt wurde vom Programm diesmal nicht erstellt? Es wurde nach dem Scan nur die OTL.txt geöffnet!

Larusso · 27.11.2009, 20:38

schritt 1

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen

Code:

ATTFilter

c:\Musicbrigade\Musicbrigade.exe

Also gehe wie hier beschrieben vor:

Öffne diese Webseite: virustotal
Klicke auf "Durchsuchen"
Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
"Senden der Datei"
Warte, bis der Scandurchlauf aller Virenscanner beendet ist
Auf "Filter" klicken
dann auf "Ergebnisse"
das Ergebnis (wie Du es bekommst )
komplett markieren und hier rein kopieren

Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Rivfader · 27.11.2009, 21:20

Musicbrigade.exe:

Code:

ATTFilter

Datei Musicbrigade.exe empfangen 2009.11.27 20:09:47 (UTC)
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.5.0.43	2009.11.27	-
AhnLab-V3	5.0.0.2	2009.11.27	-
AntiVir	7.9.1.79	2009.11.27	-
Antiy-AVL	2.0.3.7	2009.11.27	-
Authentium	5.2.0.5	2009.11.27	-
Avast	4.8.1351.0	2009.11.27	-
AVG	8.5.0.426	2009.11.27	-
BitDefender	7.2	2009.11.27	-
CAT-QuickHeal	10.00	2009.11.27	-
ClamAV	0.94.1	2009.11.27	-
Comodo	3058	2009.11.27	-
DrWeb	5.0.0.12182	2009.11.27	-
eSafe	7.0.17.0	2009.11.26	-
eTrust-Vet	35.1.7146	2009.11.27	-
F-Prot	4.5.1.85	2009.11.27	-
F-Secure	9.0.15370.0	2009.11.24	-
Fortinet	4.0.14.0	2009.11.27	-
GData	19	2009.11.27	-
Ikarus	T3.1.1.74.0	2009.11.27	-
Jiangmin	11.0.800	2009.11.27	-
K7AntiVirus	7.10.906	2009.11.27	-
Kaspersky	7.0.0.125	2009.11.27	-
McAfee	5815	2009.11.27	-
McAfee+Artemis	5815	2009.11.27	-
McAfee-GW-Edition	6.8.5	2009.11.27	-
Microsoft	1.5302	2009.11.27	-
NOD32	4643	2009.11.27	-
Norman	6.03.02	2009.11.27	-
nProtect	2009.1.8.0	2009.11.27	-
Panda	10.0.2.2	2009.11.27	-
PCTools	7.0.3.5	2009.11.27	-
Prevx	3.0	2009.11.27	-
Rising	22.23.04.09	2009.11.27	-
Sophos	4.48.0	2009.11.27	-
Sunbelt	3.2.1858.2	2009.11.27	-
Symantec	1.4.4.12	2009.11.27	-
TheHacker	6.5.0.2.079	2009.11.26	-
TrendMicro	9.100.0.1001	2009.11.27	-
VBA32	3.12.12.0	2009.11.27	-
ViRobot	2009.11.27.2058	2009.11.27	-
VirusBuster	5.0.21.0	2009.11.27	-
weitere Informationen
File size: 40960 bytes
MD5...: ad05d213c3cdba7d889f61ec1ef18b50
SHA1..: 8ff19a02a923b241e0ac4afe8ee51b97be74c6df
SHA256: 239ae8ab5a7e8d79a26a4a9db7a710bf07d8ca474a17f6ef7484d458edb8f1a3
ssdeep: 384:b3TyKGqkoJXVvdZ2L+L9L6uImPMTn2Z+NGyir34b1iBJDidL5WaxmPMT:b5H<br>Z8d2Z9/jDidL5Wa<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x75ee<br>timedatestamp.....: 0x43a20781 (Fri Dec 16 00:17:05 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2000 0x55f4 0x6000 5.33 cdad595223f79cf94f6e56ddf037a3fb<br>.rsrc 0x8000 0x12b8 0x2000 3.02 f1c319c22cf3587e3d99f40d6cf990bb<br>.reloc 0xa000 0xc 0x1000 0.01 b154624fa9856cc2f69bdaf7c865e2f0<br><br>( 1 imports ) <br>&gt; mscoree.dll: _CorExeMain<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (45.8%)<br>Generic CIL Executable (.NET, Mono, etc.) (39.2%)<br>Windows Screen Saver (7.0%)<br>Win32 Executable Generic (4.5%)<br>Win16/32 Executable Delphi generic (1.1%)
sigcheck:<br>publisher....: <br>copyright....: <br>product......: <br>description..: <br>original name: Musicbrigade.exe<br>internal name: Musicbrigade.exe<br>file version.: 1.0.2176.2312<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Nichts gefunden. Ist auch drauf, seit ich den Rechner habe (2006), scheint so ein Fujitsu-Siemens-Kram zu sein.

Die andere Datei, die du geschrieben hast (1q7xnioc.exe) ist Gmer... der zufallsgenerierte Name! Das müsste i.O. sein, denke ich.

AntiVir hat übrigens seit dem ComboFix-Durchlauf keinen Fund mehr gemeldet.

Larusso · 27.11.2009, 22:06

schritt 1

Wende bitte Malwarebytes nach Anleitung an.

schritt 2

ESET Online Scanner
- Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
- Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Finish drücken.
- Browser schließen.
- Explorer öffnen.
- C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
- Logfile hier posten.
- Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
- IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
- O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

schritt 3

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

Rivfader · 27.11.2009, 23:41

Danke schon mal für die große Mühe, Larusso!!

Ich arbeite dann mal alles ab.

Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3245
Windows 5.1.2600 Service Pack 2

27.11.2009 23:34:21
mbam-log-2009-11-27 (23-34-21).txt

Scan-Methode: Vollständiger Scan (C:\|L:\|)
Durchsuchte Objekte: 307898
Laufzeit: 1 hour(s), 16 minute(s), 23 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Qoobox\Quarantine\C\WINDOWS\system32\tdlclk.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46425081-C96E-444F-B4F2-D6A545947522}\RP1\A0000013.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46425081-C96E-444F-B4F2-D6A545947522}\RP1\A0000121.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Rivfader · 28.11.2009, 08:44

So, weiter.... ESET lief über Nacht mal durch:

ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=24a15683e4cadf499f33fa58a879bbd0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-28 01:39:01
# local_time=2009-11-28 02:39:01 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 183121 183121 0 0
# compatibility_mode=1797 16775125 100 100 183245 58850246 4814 0
# compatibility_mode=8192 67108863 100 0 3813 3813 0 0
# compatibility_mode=9217 16777214 75 66 93591949 102989317 0 0
# scanned=197739
# found=4
# cleaned=4
# scan_time=10358
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir	Win32/Olmarik.OF virus (deleted - quarantined)	00000000000000000000000000000000	C
C:\WINDOWS\system32\kobuitr.exe	a variant of Win32/Kryptik.BBM trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SFP6IJMN\nobj[1].exe	a variant of Win32/Kryptik.BBM trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
L:\Backup neuer PC\Thunderbird 2.0.0.19 (de) - 2009-01-20.pcv	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C

Rivfader · 28.11.2009, 08:59

... und der OTL-Scan:

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 28.11.2009 08:47:57 - Run 4
OTL by OldTimer - Version 3.1.11.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,86% Memory free
3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 62,01 Gb Free Space | 26,63% Space Free | Partition Type: NTFS
Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 279,39 Gb Total Space | 40,44 Gb Free Space | 14,47% Space Free | Partition Type: FAT32
 
Computer Name: NAME-669645BBA2
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{0216DA39-95B3-4D8A-9043-B748E0726C14}" = Gothic III - Götterdämmerung 1.08.9 Patch
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{26B5D684-75D6-44B9-BBFF-D4100F43092A}" = Sony Ericsson PC Suite
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3CF44BDE-BDDC-4510-A5CF-EBE97D1B8F73}" = eXperience112
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{48FEB597-0410-4A17-B134-0DEF3083B944}" = eMusic Download Manager
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C0628AE-4901-4AE4-B749-B9B3A36E656C}" = Microsoft IntelliType Pro 2.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB2347E4-153B-4194-AA3B-97C0A662B369}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Baphomets Fluch - Der Engel des Todes
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD  (11/03/2006 6.82.26.2)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ankh" = Ankh
"Ankh - Heart of Osiris" = Ankh - HdO
"Ankh 3 - Kampf der Götter_is1" = Ankh 3 - Kampf der Götter
"AnyDVD" = AnyDVD
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Drakensang_is1" = Drakensang (Patch Version 1.01)
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server (D)
"FLVPlayer" = FLV Player 1.3.3
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"G3QP231012008_is1" = Questpaket 3 Deinstallation
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Jack Keane" = Jack Keane
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS) 
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MozBackup_is1" = MozBackup 1.4.5
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.42
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"Overclocked" = Overclocked
"PCCloneEX" = PCCloneEX
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealAlt_is1" = Real Alternative 1.7.5
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004]
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"SystemRequirementsLab" = System Requirements Lab
"tento.XT_is1" = tento.XT v1.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2009 03:03:16 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 10.0.0.3802, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 04:37:17 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 04:42:38 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 04:43:04 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.11.2009 17:14:57 | Computer Name = NAME-669645BBA2 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 23.11.2009 12:36:15 | Computer Name = NAME-669645BBA2 | Source = ESENT | ID = 490
Description = svchost (1136) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 23.11.2009 12:36:15 | Computer Name = NAME-669645BBA2 | Source = ESENT | ID = 470
Description = Catalog Database (1136) Datenbank C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
 wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1032.
 
Error - 23.11.2009 13:30:23 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SUPERAntiSpyware.exe, Version 4.30.0.1004,
 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.11.2009 11:46:00 | Computer Name = NAME-669645BBA2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 5.1.2600.2180, Fehleradresse 0x000019ff.
 
Error - 27.11.2009 12:41:02 | Computer Name = NAME-669645BBA2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
[ System Events ]
Error - 25.11.2009 18:43:20 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 25.11.2009 18:43:53 | Computer Name = NAME-669645BBA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 26.11.2009 12:52:56 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.11.2009 17:18:54 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2009 11:26:34 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2009 11:59:26 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2009 12:36:27 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2009 14:22:56 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2009 16:50:09 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2009 18:37:28 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >

Rivfader · 28.11.2009, 09:05

OTL.txt Teil 1:

Code:

ATTFilter

OTL logfile created on: 28.11.2009 08:47:57 - Run 4
OTL by OldTimer - Version 3.1.11.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,86% Memory free
3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 62,01 Gb Free Space | 26,63% Space Free | Partition Type: NTFS
Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 279,39 Gb Total Space | 40,44 Gb Free Space | 14,47% Space Free | Partition Type: FAT32
 
Computer Name: NAME-669645BBA2
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Programme\PCCloneEX\PCCloneEX.EXE ()
PRC - C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Creative Technology Ltd.)
PRC - C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Programme\Electronic Arts\EA Downloader\Core.exe (Electronic Arts)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca Software Solutions)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Teleca Software Solutions AB)
PRC - C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
PRC - C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe ()
PRC - C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\ctagent.dll (Creative Technology Ltd)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Bonjour Service) -- C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM) -- C:\WINDOWS\system32\drivers\se26unic.sys (MCCI)
DRV - (SE26obex) -- C:\WINDOWS\system32\drivers\SE26obex.sys (MCCI)
DRV - (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE26mgmt.sys (MCCI)
DRV - (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS) -- C:\WINDOWS\system32\drivers\se26nd5.sys (MCCI)
DRV - (SE26mdm) -- C:\WINDOWS\system32\drivers\SE26mdm.sys (MCCI)
DRV - (SE26mdfl) -- C:\WINDOWS\system32\drivers\SE26mdfl.sys (MCCI)
DRV - (SE26bus) Sony Ericsson Device 038 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE26bus.sys (MCCI)
DRV - (Si3114r5) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (Silicon Image, Inc)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.07 10:15:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.07 10:15:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.09.13 08:45:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.09.13 08:45:55 | 00,000,000 | ---D | M]
 
[2008.08.26 21:16:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2009.10.29 07:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\extensions
[2009.11.14 09:26:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.12.21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
[2007.12.21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
[2009.08.19 17:25:35 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.19 17:25:35 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.19 17:25:35 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 10:21:25 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.19 17:25:35 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType] C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RCSystem] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [fsc-reg] C:\windows\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256376449531 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.11.16 16:23:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.06 13:50:50 | 00,218,376 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ]
O32 - AutoRun File - [2009.07.20 14:07:04 | 00,003,496 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.08.17 11:14:02 | 00,000,000 | R--D | M] - D:\autostarter -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

Rivfader · 28.11.2009, 09:06

OTL.txt Teil 2:

Code:

ATTFilter

========== Files/Folders - Created Within 30 Days ==========
 
[2009.11.27 23:42:52 | 00,000,000 | ---D | C] -- C:\Programme\ESET
[2009.11.27 19:38:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Scans
[2009.11.27 19:32:41 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2009.11.27 16:54:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.27 16:47:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.27 16:47:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.27 16:47:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.27 16:47:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.27 16:47:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.27 16:46:12 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.26 18:04:37 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\Programme\trend micro
[2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.17 17:47:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.11.15 10:45:15 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.14 11:07:17 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
[2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2009.11.14 00:12:55 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe
[2009.11.14 00:07:57 | 00,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2009.11.13 23:53:45 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.13 23:52:47 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\Florian Störzer\Desktop\VundoFix.exe
[2009.11.02 19:44:53 | 00,000,000 | ---D | C] -- C:\Programme\iPod
[2009.11.02 19:44:49 | 00,000,000 | ---D | C] -- C:\Programme\iTunes
[2009.11.02 17:24:58 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009.11.02 17:24:58 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009.11.02 17:24:58 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009.11.02 17:24:58 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009.11.02 17:24:51 | 00,000,000 | ---D | C] -- C:\Programme\Avira
[2009.11.02 17:24:51 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2006.11.15 10:48:56 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.11.27 23:42:27 | 02,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2009.11.27 23:37:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.27 23:37:38 | 00,054,112 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.11.27 23:37:10 | 00,195,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.11.27 23:37:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.27 23:36:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.27 23:36:51 | 21,448,00768 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.27 23:35:43 | 07,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2009.11.27 23:35:43 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.27 23:35:43 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.27 23:35:43 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.27 21:52:03 | 00,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.11.27 21:48:10 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2009.11.27 17:16:39 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.27 16:54:21 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.11.27 16:41:20 | 03,577,870 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2009.11.26 23:51:34 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.26 18:33:12 | 00,292,352 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe
[2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2009.11.25 20:08:59 | 00,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2009.11.24 20:10:36 | 00,146,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.20 07:59:35 | 04,276,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.11.17 21:10:05 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\rdkdc
[2009.11.15 10:45:16 | 00,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2009.11.14 11:07:13 | 00,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.14 00:12:55 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe
[2009.11.13 23:52:47 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe
[2009.11.02 17:25:09 | 00,001,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.27 23:42:23 | 02,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2009.11.27 16:54:20 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.11.27 16:54:17 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.11.27 16:47:48 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.27 16:47:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.27 16:47:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.27 16:47:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.27 16:47:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.27 16:41:09 | 03,577,870 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2009.11.26 18:33:12 | 00,292,352 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe
[2009.11.25 20:08:54 | 00,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2009.11.17 21:10:05 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\rdkdc
[2009.11.15 10:45:16 | 00,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2009.11.14 11:07:13 | 00,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009.11.02 19:45:33 | 00,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.11.02 17:25:09 | 00,001,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.08 18:10:27 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.05.08 18:10:26 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.05.08 18:10:11 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.25 13:55:32 | 00,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008.02.20 20:24:36 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008.02.20 20:00:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008.02.03 15:05:44 | 00,000,120 | ---- | C] () -- C:\WINDOWS\buhl.ini
[2008.02.03 15:04:55 | 00,000,636 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2007.12.31 15:12:13 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.11.29 23:30:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007.11.28 22:52:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.11.26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.11.03 21:01:14 | 00,000,288 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2007.09.02 09:43:53 | 00,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.08.13 19:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007.07.26 16:37:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.26 16:37:15 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.28 19:18:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2006.12.23 14:04:51 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.12.23 14:04:51 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.12.14 22:08:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.12.11 20:55:33 | 00,146,944 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.10 23:01:11 | 00,004,583 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2006.12.10 19:41:02 | 00,003,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
[2006.12.10 19:30:40 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.10 18:59:27 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006.12.10 18:48:44 | 00,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.11.16 23:43:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.16 17:21:55 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.11.16 17:21:55 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.11.16 17:21:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.11.16 17:21:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.11.16 17:20:27 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.11.16 17:18:53 | 00,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.11.16 17:18:19 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.11.16 17:17:05 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2006.11.16 17:09:10 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.11.16 16:26:21 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.11.16 16:22:01 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.11.15 10:50:21 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.11.15 10:50:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.11.15 10:50:20 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.11.15 10:50:19 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.11.15 10:46:09 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006.10.22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.02 16:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002.04.11 19:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
< End of report >

Larusso · 28.11.2009, 14:07

Okay sieht gut aus

Ich möchte denoch einen gegencheck machen.

Zweiter Lauf mit Gmer

Starte GMER erneut.
Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
Dann klickst Du auf "Scan" und erlaubst damit GMER erneut zu scannen.
Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
Speichere das Dokument und poste mir den Inhalt hier in den Thread.

Rivfader · 28.11.2009, 15:29

Voila!

Gmer-Log Teil 1

Code:

ATTFilter

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-28 15:23:40
Windows 5.1.2600 Service Pack 2
Running: 1q7xnioc.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys


---- Modules - GMER 1.0.15 ----

Module   Si3114r5.sys (SATA SoftRAID 5 miniport driver/Silicon Image, Inc)                                                                                                          BA6FC000-BA730000 (212992 bytes)
Module   SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)                                                                                                              BACBC000-BACBF000 (12288 bytes)
Module   PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                                                 BA918000-BA921000 (36864 bytes)
Module   srescan.sys                                                                                                                                                                BA928000-BA933000 (45056 bytes)
Module   \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 /NVIDIA Corporation)                                             B96FE000-B9CD8000 (6135808 bytes)
Module   \SystemRoot\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation)                                                        B96B1000-B96EA000 (233472 bytes)
Module   \SystemRoot\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd)                                                                        B960F000-B968E000 (520192 bytes)
Module   \SystemRoot\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.)                                                                      B9596000-B95CA000 (212992 bytes)
Module   \SystemRoot\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd)                                                                     BAC88000-BAC90000 (32768 bytes)
Module   \SystemRoot\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.)                                                                                           BAC90000-BAC97000 (28672 bytes)
Module   \SystemRoot\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)                                                                                               BAC98000-BAC9D000 (20480 bytes)
Module   \SystemRoot\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver/Elaborate Bytes AG)                                                                             BAE00000-BAE02000 (8192 bytes)
Module   \??\C:\WINDOWS\system32\drivers\acehlp10.sys (ProtectDisc Filter Driver/Protect Software GmbH)                                                                             B9535000-B9571000 (245760 bytes)
Module   \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)                                                                                            BACA0000-BACA6000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                     BACB0000-BACB5000 (20480 bytes)
Module   \SystemRoot\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd)                                                                                  B0F42000-B1064000 (1187840 bytes)
Module   \SystemRoot\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd)                                                                 B0F13000-B0F42000 (192512 bytes)
Module   \SystemRoot\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd)                                                                              B0EEA000-B0F13000 (167936 bytes)
Module   \SystemRoot\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd)                                                             B0E4E000-B0EEA000 (638976 bytes)
Module   \SystemRoot\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.)                                                                                   B0E0D000-B0E39000 (180224 bytes)
Module   \SystemRoot\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.)                                                                                          B0CC6000-B0E0D000 (1339392 bytes)
Module   \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys (Helper Driver - Access Level 1/Protect Software GmbH)                                                                        B0C67000-B0CC6000 (389120 bytes)
Module   \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                B0B32000-B0B91000 (389120 bytes)
Module   \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                  B0AC3000-B0AE8000 (151552 bytes)
Module   \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                  BABD0000-BABD6000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                    B0A0D000-B0A29000 (114688 bytes)
Module   \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                         BAE5E000-BAE60000 (8192 bytes)
Module   \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 178.24 /NVIDIA Corporation)                                                      BF9D4000-BFF9C000 (6062080 bytes)
Module   \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated)                                                                         BFFA0000-BFFE6000 (286720 bytes)
Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                             B057D000-B0591000 (81920 bytes)
Module   \??\C:\WINDOWS\system32\drivers\acedrv10.sys (Filter Driver ProtectDisc/Protect Software GmbH)                                                                             B01B2000-B0208000 (352256 bytes)
Module   \SystemRoot\system32\DRIVERS\atksgt.sys                                                                                                                                    B00CF000-B0112000 (274432 bytes)
Module   \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys (Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes/Samsung Electronics Co., Ltd.)                  B030D000-B031C000 (61440 bytes)
Module   \SystemRoot\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG)                                                                        B028D000-B0290000 (12288 bytes)
Module   \SystemRoot\system32\DRIVERS\lirsgt.sys                                                                                                                                    BABF8000-BABFD000 (20480 bytes)
Module   \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                   BAB78000-BAB7D000 (20480 bytes)
Module   \SystemRoot\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd)                                                                                   ADA91000-ADAE5000 (344064 bytes)
Module   \??\C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys (GMER)                                                                                                                 AD897000-AD8AE000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process  C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.)                                                                    112
Library  C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.)                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll (Audio Driver Emulator DLL/Creative Technology Ltd.)                                          0x10000000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\CTAudSel.dll (CTAudSel library/Creative Technology Ltd)                                                      0x00A70000
Library  C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd)                                                             0x00AC0000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x00E00000
Library  C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd)                                                                                          0x00E40000
Library  C:\Programme\Creative\Shared Files\Module Loader\OSD\PanelSvc.dll (PanelSvc DLL/Creative Technology Ltd.)                                                                  0x01220000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCSystem.dll (Remote Control System Module/Creative Technology Ltd.)                                         0x01260000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCSystem.CRL (Remote Control System Resources/Creative Technology Ltd.)                                      0x01280000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RcHidUsb.dll (USB HID Remote Control Receiver Device Plugin/Creative Technology Ltd)                    0x01EF0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCIDM.dll (Infra Drive IR Device Plugin/Creative Technology Ltd.)                                       0x012C0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCKSIRWp.dll (Sound Blaster USB Remote Control Receiver Device Wrapper Plugin/Creative Technology Ltd)  0x01EA0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCSBUSB.DLL (SoundBlaster USB IR Plugin /Creative Technology Ltd)                                       0x01EB0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\rcks1k.dll (SB Extigy IR Plugin /Creative Technology Ltd.)                                              0x01F20000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\EAXMod.dll (EAX Module/Creative Technology Ltd.)                                                             0x01F30000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RemoteEA.CRL (EAX resource module/Creative Technology Ltd)                                                   0x01F50000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\EAXCADI.DLL (EAXCADI Implementation/Creative Technology Ltd.)                                                0x01F60000
Library  C:\Programme\Creative\ShareDLL\CADI\CTPreset.dll (CADI Helper COM Preset/Creative Technology Ltd.)                                                                         0x02310000
Library  C:\Programme\Creative\ShareDLL\CADI\NotiMan.dll (Notification Manager Proxy Stub/Creative Technology Ltd)                                                                  0x02640000
Library  C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd)                                                                                     0x02000000

Process  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation)                                                                          144
Library  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation)                                                                          0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.24 /NVIDIA Corporation)                                                                                   0x00A60000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            296
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\wdfmgr.exe (Windows User Mode Driver Manager/Microsoft Corporation)                                                                                    492
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Notification Manager/Creative Technology Ltd.)                                                                            528
Library  C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Notification Manager/Creative Technology Ltd.)                                                                            0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\ShareDLL\CADI\NotiMan.dll (Notification Manager Proxy Stub/Creative Technology Ltd)                                                                  0x10000000

Process  C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Client/Zone Labs, LLC)                                                                                            556
Library  C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Client/Zone Labs, LLC)                                                                                            0x00400000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x50000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x01CC0000
Library  C:\WINDOWS\system32\VSPUBAPI.dll (TrueVector Service/Zone Labs, LLC)                                                                                                       0x10000000
Library  C:\Programme\Zone Labs\ZoneAlarm\framewrk.dll (ZoneAlarm Framework Module/Zone Labs, LLC)                                                                                  0x50400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                 0x00AD0000
Library  C:\Programme\Zone Labs\ZoneAlarm\framewrk_Loc0407.dll (ZoneAlarm Framework Module/Zone Labs Inc.)                                                                          0x00AF0000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                      0x00C70000
Library  C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                     0x04000000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                          0x01C80000
Library  C:\Programme\Zone Labs\ZoneAlarm\zlclient_Loc0407.dll (ZoneAlarm/Zone Labs Inc.)                                                                                           0x00DA0000
Library  C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC)                                                                                              0x04100000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                     0x52600000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                 0x52800000
Library  C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC)                                                                                      0x51E00000
Library  C:\Programme\Zone Labs\ZoneAlarm\alert.zap (Alerts Plugin Module/Zone Labs, LLC)                                                                                           0x01800000
Library  C:\Programme\Zone Labs\ZoneAlarm\alert_Loc0407.zap (Alerts Plugin Module/Zone Labs Inc.)                                                                                   0x01170000
Library  C:\Programme\Zone Labs\ZoneAlarm\cam.zap (Anti-Virus Monitoring Module/Zone Labs, LLC)                                                                                     0x01180000
Library  C:\Programme\Zone Labs\ZoneAlarm\cam_Loc0407.zap (Anti-virus-Überwachungsmodul/Zone Labs Inc.)                                                                             0x011A0000
Library  C:\Programme\Zone Labs\ZoneAlarm\email.zap (Email Plugin Module/Zone Labs, LLC)                                                                                            0x01840000
Library  C:\Programme\Zone Labs\ZoneAlarm\email_Loc0407.zap (Email Plugin Module/Zone Labs Inc.)                                                                                    0x011B0000
Library  C:\Programme\Zone Labs\ZoneAlarm\filter.zap (Filter Plugin Module/Zone Labs, LLC)                                                                                          0x01C00000
Library  C:\Programme\Zone Labs\ZoneAlarm\filter_Loc0407.zap (Filter Plugin Module/Zone Labs Inc.)                                                                                  0x011C0000
Library  C:\Programme\Zone Labs\ZoneAlarm\firewall.zap (Firewall Plugin Module/Zone Labs, LLC)                                                                                      0x01880000
Library  C:\Programme\Zone Labs\ZoneAlarm\firewall_Loc0407.zap (Firewall Plugin Module/Zone Labs Inc.)                                                                              0x011D0000
Library  C:\Programme\Zone Labs\ZoneAlarm\idlock.zap (ZoneAlarmPro/Zone Labs, LLC)                                                                                                  0x50C00000
Library  C:\Programme\Zone Labs\ZoneAlarm\idlock_Loc0407.zap (ZoneAlarmPro/Zone Labs Inc.)                                                                                          0x011E0000
Library  C:\Programme\Zone Labs\ZoneAlarm\privacy.zap (Privacy Plugin Module/Zone Labs, LLC)                                                                                        0x018C0000
Library  C:\Programme\Zone Labs\ZoneAlarm\privacy_Loc0407.zap (Privacy Plugin Module/Zone Labs Inc.)                                                                                0x01200000
Library  C:\Programme\Zone Labs\ZoneAlarm\programs.zap (Programs Plugin Module/Zone Labs, LLC)                                                                                      0x01900000
Library  C:\Programme\Zone Labs\ZoneAlarm\programs_Loc0407.zap (Programs Plugin Module/Zone Labs Inc.)                                                                              0x01210000
Library  C:\Programme\Zone Labs\ZoneAlarm\security.zap (Overview Plugin Module/Zone Labs, LLC)                                                                                      0x01240000
Library  C:\Programme\Zone Labs\ZoneAlarm\security_Loc0407.zap (Overview Plugin Module/Zone Labs Inc.)                                                                              0x012B0000
Library  C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC)                                                                                            0x53200000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000

Process  C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation)                                                                                        672
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\PROGRAMME\PCCloneEX\PCCloneEX.EXE                                                                                                                                       676
Library  C:\PROGRAMME\PCCloneEX\PCCloneEX.EXE                                                                                                                                       0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\PROGRAMME\PCCloneEX\DUNZIPS32.DLL (DynaZip Secure Multi-Threading UnZip DLL/Inner Media, Inc.)                                                                          0x30000000
Library  C:\PROGRAMME\PCCloneEX\DZIPS32.DLL (DynaZip Secure Multi-Threading Zip DLL/Inner Media, Inc.)                                                                              0x20000000
Library  C:\Programme\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll (Nokia Phone Browser/Nokia)                                                    0x10000000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02BA0000

Process  C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation)                                                                                              704
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com)                                                                      0x10000000

Rivfader · 28.11.2009, 15:31

Teil 2:

Code:

ATTFilter

Process  C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation)                                                                              748
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation)                                                                                           760
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            944
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Winamp\winampa.exe                                                                                                                                            960
Library  C:\Programme\Winamp\winampa.exe                                                                                                                                            0x00400000
Library  C:\Programme\Winamp\NSCRT.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Nullsoft, Inc.)                                                                          0x7C340000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1048
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000

Process  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (VolPanel.exe/Creative Technology Ltd)                                                                  1116
Library  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (VolPanel.exe/Creative Technology Ltd)                                                                  0x00400000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSel.dll (CTAudSel library/Creative Technology Ltd)                                                              0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl (VolPanel.crl/Creative Technology Ltd)                                                                  0x61000000
Library  C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd)                                                             0x00CE0000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x01020000
Library  C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd)                                                                                          0x01060000
Library  C:\Programme\Creative\Shared Files\mxlib.dll (Creative Mixer Library/Creative Technology Ltd.)                                                                             0x011F0000
Library  C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL (Creative Audio Device Control Interface/Creative Technology Ltd)                                                                         0x02000000
Library  C:\WINDOWS\SYSTEM32\CTDC0000.DLL (Creative Audio Device Control Module/Creative Technology Ltd)                                                                            0x01300000
Library  C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd)                                                                                     0x01450000
Library  C:\Programme\Creative\Shared Files\CTTheme.dll (Creative Theme Engine DLL/Creative Technology Ltd)                                                                         0x014B0000
Library  C:\Programme\Creative\Shared Files\CtrlSrc.dll (Creative Theme Engine RTX Base Control DLL/Creative Technology Ltd)                                                        0x01220000
Library  C:\Programme\Creative\Shared Files\CTIniF.dll (CTIniF/Creative Technology Ltd)                                                                                             0x012F0000
Library  C:\Programme\Creative\Shared Files\GDICtrl.skc (Creative Theme Engine GDI Controls plug-in/Creative Technology Ltd)                                                        0x014E0000
Library  C:\Programme\Creative\Shared Files\GDICtrl2.skc (Creative Theme Engine GDI2 Controls plug-in/Creative Technology Ltd)                                                      0x01540000
Library  C:\Programme\Creative\Shared Files\GDICtrl3.skc (Creative Theme Engine GDI3 Controls plug-in/Creative Technology Ltd)                                                      0x01580000
Library  C:\Programme\Creative\Shared Files\RtxCtrl.skc (Creative Theme Engine RTX Controls Plug-In/Creative Technology Ltd)                                                        0x015A0000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x01920000

Process  C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1144
Library  C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1208
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1380
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                 1396
Library  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                 0x00400000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x50000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x01CC0000
Library  C:\WINDOWS\system32\ZoneLabs\zpy.dll (Python Core/Python Software Foundation)                                                                                              0x1E000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                 0x10000000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd                                                                                                                         0x00D20000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd                                                                                                                          0x00D30000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd                                                                                                                           0x1D100000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd                                                                                                                           0x1E1D0000
Library  C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll (vsmon plug-in/Zone Labs, LLC)                                                                          0x00D40000
Library  C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll (RPC Server plug-in/Zone Labs, LLC)                                                                         0x00D50000
Library  C:\WINDOWS\system32\ZoneLabs\vsmondll.dll (TrueVector Service/Zone Labs, LLC)                                                                                              0x00F60000
Library  C:\WINDOWS\system32\VSDATA.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                     0x04000000
Library  C:\WINDOWS\system32\ZoneLabs\ssleay32.dll (TrueVector Service/Zone Labs, LLC)                                                                                              0x50E00000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                          0x01C80000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                      0x013F0000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                     0x52600000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                 0x52800000
Library  C:\WINDOWS\system32\ZoneLabs\vsdb.dll (TrueVector Service/Zone Labs, LLC)                                                                                                  0x01420000
Library  C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (TrueVector Service/Zone Labs, LLC)                                                                                              0x50200000
Library  C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                      0x01640000
Library  C:\WINDOWS\system32\ZoneLabs\vsvault.dll (TrueVector Service/Zone Labs, LLC)                                                                                               0x50A00000
Library  C:\WINDOWS\system32\vswmi.dll (vsmon component/Zone Labs, LLC)                                                                                                             0x02FB0000
Library  C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (zlquarantine/Zone Labs, LLC)                                                                                                0x030C0000
Library  C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc0407.dll (zlquarantine/Zone Labs Inc.)                                                                                        0x032F0000
Library  C:\WINDOWS\system32\ZoneLabs\qrbase.dll (qrbase/Zone Labs, LLC)                                                                                                            0x03300000
Library  C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC)                                                                                      0x51E00000
Library  C:\WINDOWS\system32\ZoneLabs\zlsre.dll (zlsre/Zone Labs, LLC)                                                                                                              0x035E0000
Library  C:\WINDOWS\system32\ZoneLabs\zlsre_Loc0407.dll (zlsre/Zone Labs Inc.)                                                                                                      0x034B0000
Library  C:\WINDOWS\system32\ZoneLabs\srescan.dll (srescan/Zone Labs, LLC)                                                                                                          0x03620000
Library  C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (ZLUpdate feature plug-in/Zone Labs, LLC)                                                                                        0x034C0000
Library  C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll (HttpBlocker plug-in/Zone Labs, LLC)                                                                    0x03860000
Library  C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll                                                                                                                                    0x038A0000
Library  C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC)                                                                                            0x53200000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000

Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                                                              1724
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\SUGG1LMK.DLL (Language Monitor for Status Monitor/Samsung Electronics.)                                                                                0x00A90000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation)                                                  0x00AA0000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000

Process  C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd)                                                                           1768
Library  C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd)                                                                           0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                              1784
Library  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                              0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                                    0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                                  0x00BC0000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                             0x00D10000

Process  C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)                                                                                                           1864
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x00E40000
Library  C:\Programme\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com)                                                                                             0x10000000

Process  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                    1912
Library  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                                  0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                                    0x00A00000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                             0x00D80000
Library  C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                                      0x00A30000
Library  C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                                                                        0x00A50000
Library  C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                                           0x01120000
Library  C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x01150000
Library  C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01190000
Library  C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x014E0000
Library  C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01570000
Library  C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x015A0000
Library  C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x015F0000
Library  C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x01680000
Library  C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                                       0x01700000
Library  C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x01760000
Library  C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x017B0000
Library  C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x019C0000
Library  C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01A10000
Library  C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01A80000
Library  C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                 0x01B00000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                0x01B20000

Rivfader · 28.11.2009, 15:32

Teil 3:

Code:

ATTFilter

Process  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.)                                      1924
Library  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.)                                      0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.)                                                                                                        1944
Library  C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.)                                                                                                        0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd)                                                                               1972
Library  C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd)                                                                               0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Application Launcher/Sony Ericsson Mobile Communications AB)                             2124
Library  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Application Launcher/Sony Ericsson Mobile Communications AB)                             0x00400000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB)            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll                                                                                                   0x00330000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll (Application Launcher/Sony Ericsson Mobile Communications AB)                           0x00CA0000
Library  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll (Application Launcher/Sony Ericsson Mobile Communications AB)                          0x00E50000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\TC Device Mgmt.dll (Device Management type library and proxy/stub dll./Teleca Software Solutions)                            0x00D20000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe                                                                                                                                     2180
Library  C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe                                                                                                                                     0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd)                                                                                      2196
Library  C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd)                                                                                      0x01000000
Library  C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd)                                                                                     0x02000000
Library  C:\WINDOWS\SYSTEM32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x10000000
Library  C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd)                                                                                     0x00CF0000
Library  C:\WINDOWS\SYSTEM32\PIAPROXY.DLL (E-mu Plug-in Architecture Device Driver Proxy/Creative Technology Ltd)                                                                   0x00D10000

Process  C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation)                                                                                      2228
Library  C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Microsoft Hardware\Mouse\POINT32.EXE (Microsoft IntelliPoint/Microsoft Corporation)                                                                           2296
Library  C:\Programme\Microsoft Hardware\Mouse\MSHLOCAL.dll (Microsoft IntelliPoint/Microsoft Corporation)                                                                          0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Microsoft Hardware\Mouse\IP4xBatt.dll                                                                                                                         0x00E00000

Process  C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE                                                                                                                                    2300
Library  C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE                                                                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Capability Manager/Teleca Software Solutions AB)                                                      2332
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Capability Manager/Teleca Software Solutions AB)                                                      0x00400000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB)            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll                                                                                                   0x00320000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\RUNDLL32.EXE (Eine DLL-Datei als Anwendung ausführen/Microsoft Corporation)                                                                            2340
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation)                                                                                          0x10000000
Library  C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.24 /NVIDIA Corporation)                                                                                   0x00A50000
Library  C:\WINDOWS\system32\NVRSDE.DLL (NVIDIA German language resource library/NVIDIA Corporation)                                                                                0x00AF0000

Process  C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.)                                                                                             2464
Library  C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.)                                                                                             0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.DLL (iPodService Resource Library (32 Bit)/Apple Inc.)                                           0x10000000
Library  C:\Programme\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library (32-bit)/Apple Inc.)                                                             0x009A0000

Process  C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation)                          2480
Library  C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation)                          0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft IntelliType Pro/Microsoft Corporation)                                                                      2508
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE (DataLayer 2.0 Module/Nokia Mobile Phones Ltd.)                                                                         2532
Library  C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE (DataLayer 2.0 Module/Nokia Mobile Phones Ltd.)                                                                         0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\Lang\DataLayer_ger.nlr (DataLayer 2 Module/Nokia)                                                                                    0x10000000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd)                                                                                        2564
Library  C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd)                                                                                        0x01000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x10000000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\WINDOWS\system32\ctxfispk.dll (Ctxfispk.dll/Creative Technology Ltd)                                                                                                    0x00A80000
Library  C:\WINDOWS\system32\ctxfibtn.dll (CTXFIBTN DLL/Creative Technology Ltd)                                                                                                    0x00CB0000
Library  C:\WINDOWS\CTXFIGER.DLL                                                                                                                                                    0x00CD0000

Process  C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd)                                                                                            2580
Library  C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd)                                                                                            0x01000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (CTDVDDET/Creative Technology Ltd)                                                                          2596
Library  C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (CTDVDDET/Creative Technology Ltd)                                                                          0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Shared Files\CTAudNav.dll (CTAudNav/Creative Technology Ltd)                                                                                         0x10000000

Process  C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (CloneCD Tray/SlySoft, Inc.)                                                                                                  2632
Library  C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (CloneCD Tray/SlySoft, Inc.)                                                                                                  0x00400000
Library  C:\WINDOWS\system32\ElbyCDIO.dll (ElbyCDIO DLL/Elaborate Bytes AG)                                                                                                         0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (AnyDVD Application/SlySoft, Inc.)                                                                                                  2640
Library  C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (AnyDVD Application/SlySoft, Inc.)                                                                                                  0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ElbyCDIO.dll (ElbyCDIO DLL/Elaborate Bytes AG)                                                                                                         0x10000000
Library  C:\Programme\SlySoft\AnyDVD\AnyDialog.dll (User Interface for AnyDVD/SlySoft, Inc.)                                                                                        0x00AF0000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000

Process  C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated)                  2660
Library  C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated)                  0x00400000
Library  C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdboot.dll (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated)                   0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                       2676
Library  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                       0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH)                                                                          0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH)                                                                                    0x00C00000
Library  c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                                                                        0x00C90000
Library  c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                                                                                    0x00CB0000
Library  c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                                                                          0x00D10000
Library  c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                0x00D30000
Library  c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                                                                                 0x00D60000
Library  c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                                                                        0x00DB0000
Library  c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH)                                                                                    0x00DD0000
Library  c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                                                                        0x00F30000
Library  c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                                                                                    0x00F50000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.)                                                                                                             2752
Library  C:\Programme\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.)                                                                                                             0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.)                                                                                                         0x10000000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.)                                                             0x00A50000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project)                0x009C0000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\objc.dll                                                                                                   0x009D0000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others)                                                  0x00B20000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others)                                                0x00C20000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others)                                                      0x4AD00000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\ASL.dll                                                                                                    0x00A20000
Library  C:\Programme\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL (iTunesHelper Ressourcebibliothek/Apple Inc.)                                                0x013C0000
Library  C:\Programme\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.)                                                                     0x013F0000
Library  C:\Programme\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.)                                                                                                       0x66800000
Library  C:\Programme\QuickTime\QTSystem\QTCF.dll                                                                                                                                   0x68A40000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CFNetwork.dll (CFNetwork/Apple, Inc.)                                                                      0x01670000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.)                                                      0x01720000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll                                                                                                  0x017A0000
Library  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.)                                                     0x02400000

Rivfader · 28.11.2009, 15:33

Teil 4:

Code:

ATTFilter

Process  C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Java(TM) 2 Platform Standard Edition binary/Sun Microsystems, Inc.)                                                         2784
Library  C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Java(TM) 2 Platform Standard Edition binary/Sun Microsystems, Inc.)                                                         0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                                        2808
Library  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                                        0x00400000
Library  C:\Programme\PC Connectivity Solution\NclTools.dll (NCL Tools/Nokia)                                                                                                       0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\PC Connectivity Solution\Transports\NCLIrDAMM.dll (Infrared/Nokia Corp.)                                                                                      0x00E30000
Library  C:\Programme\PC Connectivity Solution\Transports\NCLRSMM.dll (Serial cable/Nokia Corp.)                                                                                    0x00E60000
Library  C:\Programme\PC Connectivity Solution\Transports\NCLUSBMM.dll (Nokia USB media module/Nokia Corp.)                                                                         0x01720000
Library  C:\Programme\PC Connectivity Solution\Transports\NclMSBTMM.dll (Bluetooth (Microsoft)/Nokia Corp.)                                                                         0x01850000

Process  C:\Programme\Electronic Arts\EA Downloader\Core.exe (EA Desktop Client/Electronic Arts)                                                                                    2844
Library  C:\Programme\Electronic Arts\EA Downloader\Core.exe (EA Desktop Client/Electronic Arts)                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative MediaSource Detector/Creative Technology Ltd)                                                            2912
Library  C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative MediaSource Detector/Creative Technology Ltd)                                                            0x00400000
Library  C:\Programme\Creative\MediaSource\Detector\CTIntrfc.dll (CTIntrfc/Creative Technology Ltd)                                                                                 0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\MediaSource\Detector\CTDetect.Crl (Creative MediaSource Detector Resource Library/Creative Technology Ltd)                                           0x00AD0000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\Programme\Creative\MediaSource\Detector\DtctrMgr.det (Creative MediaSource Detector Manager/Creative Technology Ltd)                                                    0x00AF0000
Library  C:\Programme\Creative\MediaSource\Detector\Hdd.det (Harddisk Detector Plugin/Creative Technology Ltd)                                                                      0x00B00000
Library  C:\Programme\Creative\Shared Files\ThmRes.DLL (Creative Theme Engine Theme Resources DLL/Creative Technology Ltd)                                                          0x00B10000
Library  C:\Programme\Creative\Shared Files\CTIniF.dll (CTIniF/Creative Technology Ltd)                                                                                             0x00B20000
Library  C:\Programme\Creative\MediaSource\Detector\Disc.det (Disc Detector Plugin/Creative Technology Ltd)                                                                         0x00B40000

Process  C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware.com)                                                                     2940
Library  C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware.com)                                                                     0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\SUPERAntiSpyware\deupx.dll (deupx.dll/SuperAntiSpyware.com)                                                                                                   0x10000000
Library  C:\Dokumente und Einstellungen\Florian Störzer\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL                                                   0x0B1D0000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x09FC0000

Process  C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation)                                                                                                          3060
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Generic Device Management Executable./Teleca Software Solutions)                                                3084
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Generic Device Management Executable./Teleca Software Solutions)                                                0x00400000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB)            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll                                                                                                   0x00320000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\TC Device Mgmt.dll (Device Management type library and proxy/stub dll./Teleca Software Solutions)                            0x017B0000
Library  C:\Programme\Sony Ericsson\Mobile2\Device Manager\SpecificMPM.dll (Mobile Phone Monitor specific device management dll./SonyEricsson)                                      0x01040000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll                                                                                                       0x01060000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\SpecificUSB.dll (USB specific device management dll./Popwire AB)                                                             0x01070000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\tlib_log.dll (Telecalib Logging, Dynamic Link Library used for logging./Popwire AB)                                          0x010B0000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll                                                                                                   0x010E0000

Process  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (CAPI_Worker Module/Sony Ericsson Mobile Communications AB)                                          3184
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (CAPI_Worker Module/Sony Ericsson Mobile Communications AB)                                          0x00400000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll (ShowMfcDialog DLL/Sony Ericsson Mobile Communications AB)                                       0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0407.DLL (capires0407/Popwire AB)                                                                           0x10300000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll                                                                                                       0x011E0000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll (cellphone_object Module/Sony Ericsson Mobile Communications AB)                              0x10400000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll (ecsmoddata/Sony Ericsson Mobile Communications AB)                                                 0x011F0000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\msmeirsock_object.dll (MSMEIrSock_object Module/Sony Ericsson Mobile Communications AB)                            0x10F00000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ms98irsock_object.dll (MS98IrSock_object Module/Sony Ericsson Mobile Communications AB)                            0x10D00000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll (MSIrSock_object Module/Sony Ericsson Mobile Communications AB)                                0x10E00000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll (cabmain/Sony Ericsson Mobile Communications AB)                                                       0x02200000

Process  C:\WINDOWS\system32\wuauclt.exe (Windows Update Automatic Updates/Microsoft Corporation)                                                                                   3424
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe                                                                                                   		    3764
Library  C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe                                                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Rivfader · 28.11.2009, 15:34

... und der Rest!

Code:

ATTFilter

---- Services - GMER 1.0.15 ----

Service  C:\WINDOWS\system32\drivers\ACEDRV05.sys (Helper Driver - Access Level 1/Protect Software GmbH)                                                                            [SYSTEM] ACEDRV05
Service  C:\WINDOWS\system32\drivers\acedrv10.sys (Filter Driver ProtectDisc/Protect Software GmbH)                                                                                 [AUTO] acedrv10
Service  C:\WINDOWS\system32\drivers\acehlp10.sys (ProtectDisc Filter Driver/Protect Software GmbH)                                                                                 [AUTO] acehlp10
Service  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                              [AUTO] AntiVirSchedulerService
Service  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                    [AUTO] AntiVirService
Service  C:\WINDOWS\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)                                                                                                [MANUAL] AnyDVD
Service  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.)                                      [AUTO] Apple Mobile Device
Service  C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                                                     [AUTO] atksgt
Service  C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                             [SYSTEM] avgio
Service  C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                              [AUTO] avgntflt
Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                     [SYSTEM] avipbb
Service  C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.)                                                                                                        [AUTO] Bonjour Service
Service  C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\catchme.sys                                                                                                                             [MANUAL] catchme
Service  C:\WINDOWS\system32\COMMONFX.DLL (Creative Common FX Plug-in/Creative Technology Ltd)                                                                                      [MANUAL] COMMONFX.DLL
Service  C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd)                                                                               [AUTO] Creative Service for CDROM Access
Service  C:\WINDOWS\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.)                                                                                    [MANUAL] CT20XUT.DLL
Service  C:\WINDOWS\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd)                                                              [MANUAL] ctac32k
Service  C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd)                                                                         [MANUAL] ctaud2k
Service  C:\WINDOWS\system32\CTAUDFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd)                                                                                           [MANUAL] CTAUDFX.DLL
Service  C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd)                                                                           [AUTO] CTAudSvcService
Service  C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd)                                                                  [MANUAL] ctdvda2k
Service  C:\WINDOWS\system32\CTEAPSFX.DLL (APS FX Plug-in/Creative Technology Ltd)                                                                                                  [MANUAL] CTEAPSFX.DLL
Service  C:\WINDOWS\system32\CTEDSPFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd)                                                                                [MANUAL] CTEDSPFX.DLL
Service  C:\WINDOWS\system32\CTEDSPIO.DLL (E-MU E-DSP I/O Plugin/Creative Technology Ltd)                                                                                           [MANUAL] CTEDSPIO.DLL
Service  C:\WINDOWS\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd)                                                                                    [MANUAL] CTEDSPSY.DLL
Service  C:\WINDOWS\system32\CTERFXFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd)                                                                                [MANUAL] CTERFXFX.DLL
Service  C:\WINDOWS\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.)                                                                                           [MANUAL] CTEXFIFX.DLL
Service  C:\WINDOWS\system32\CTHWIUT.DLL (Creative Utility Effects/Creative Technology Ltd.)                                                                                        [MANUAL] CTHWIUT.DLL
Service  C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd)                                                                      [MANUAL] ctprxy2k
Service  C:\WINDOWS\system32\CTSBLFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd)                                                                                           [MANUAL] CTSBLFX.DLL
Service  C:\WINDOWS\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd)                                                                               [MANUAL] ctsfm2k
Service  C:\WINDOWS\system32\Drivers\DgiVecp.sys (Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes/Samsung Electronics Co., Ltd.)                      [AUTO] DgiVecp
Service  C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation)                                                         [MANUAL] e1express
Service  C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.)                                                                                            [MANUAL] ElbyCDFL
Service  C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG)                                                                         [AUTO] ElbyCDIO
Service  C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver/Elaborate Bytes AG)                                                                              [MANUAL] ElbyDelay
Service  C:\WINDOWS\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd)                                                                  [MANUAL] emupia
Service  C:\MAGIX\Common\Database\bin\fbserver.exe (Firebird SQL Server/The Firebird Project)                                                                                       [MANUAL] FirebirdServerMAGIXInstance
Service  C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)                                                                                             [MANUAL] GEARAspiWDM
Service  C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd)                                                                                   [MANUAL] ha20x2k
Service  C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation)                                                    [MANUAL] IDriverT
Service  C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.)                                                                                             [MANUAL] iPod Service
Service  C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                                                     [AUTO] lirsgt
Service                                                                                                                                                                             MSDTC Bridge 3.0.0.0
Service  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 /NVIDIA Corporation)                                              [MANUAL] nv
Service  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation)                                                                          [AUTO] NVSvc
Service  C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.)                                                                       [MANUAL] ossrv
Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                      [MANUAL] Ptilink
Service  C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                     [BOOT] PxHelp20
Service  C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                      [SYSTEM] SASDIFSV
Service  C:\Programme\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                       [MANUAL] SASENUM
Service  C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                      [SYSTEM] SASKUTIL
Service  C:\WINDOWS\system32\DRIVERS\SE26bus.sys (Sony Ericsson Device 038 Driver Driver/MCCI)                                                                                      [MANUAL] SE26bus
Service  C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys (Sony Ericsson Device 038 USB WMC Modem Filter Driver/MCCI)                                                                       [MANUAL] SE26mdfl
Service  C:\WINDOWS\system32\DRIVERS\SE26mdm.sys (Sony Ericsson Device 038 USB WMC Modem WDM Driver/MCCI)                                                                           [MANUAL] SE26mdm
Service  C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys (Sony Ericsson Device 038 USB WMC Device Management Driver/MCCI)                                                                  [MANUAL] SE26mgmt
Service  C:\WINDOWS\system32\DRIVERS\se26nd5.sys (Sony Ericsson Device 038 USB Ethernet Emulation (NDIS 5 Miniport)/MCCI)                                                           [MANUAL] se26nd5
Service  C:\WINDOWS\system32\DRIVERS\SE26obex.sys (Sony Ericsson Device 038 USB WMC OBEX Interface Device Driver/MCCI)                                                              [MANUAL] SE26obex
Service  C:\WINDOWS\system32\DRIVERS\se26unic.sys (Sony Ericsson Device 038 USB Ethernet Emulation/MCCI)                                                                            [MANUAL] se26unic
Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys                                                                                                                                     [MANUAL] Secdrv
Service  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                                        [MANUAL] ServiceLayer
Service                                                                                                                                                                             ServiceModelEndpoint 3.0.0.0
Service                                                                                                                                                                             ServiceModelOperation 3.0.0.0
Service                                                                                                                                                                             ServiceModelService 3.0.0.0
Service  C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (SATA SoftRAID 5 miniport driver/Silicon Image, Inc)                                                                              [BOOT] Si3114r5
Service  C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)                                                                                  [BOOT] SiFilter
Service                                                                                                                                                                             SMSvcHost 3.0.0.0
Service  C:\WINDOWS\system32\ZoneLabs\srescan.sys (srescan/Zone Labs, LLC)                                                                                                          [BOOT] srescan
Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                  [MANUAL] ssmdrv
Service  C:\WINDOWS\system32\Drivers\SSPORT.sys                                                                                                                                     [AUTO] SSPORT
Service  C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.)                                                                                       [MANUAL] USBAAPL
Service  C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                 [SYSTEM] vsdatant
Service  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                 [AUTO] vsmon
Service                                                                                                                                                                             Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...

Log-Analyse und Auswertung: Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...