Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: durch maleware defense/security altert nur noch PC-probs

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.01.2010, 12:00   #1
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Icon23

durch maleware defense/security altert nur noch PC-probs



hallo zusammen

vor einigen tagen habe ich mir auch diesen security altert / maleware defense eingefangen und ich bin hier echt nur noch am verzweifeln!

erstmal hat sich mein avira verabschiedet, internet explorer ist auch weg und meinen brenner erkennt er auch nicht mehr. dann konnte ich noch nicht mal malewarebytes anti-maleware installieren und drüber laufen lassen. ständig alle paar sekunden pop-up's bis zum abwinken...
nach langem hin und her und vielem googlen hab ich nun gestern abend einfach eine systemwiederherstellung gemacht und nun ist dieser mist endlich weg aus meiner taskleiste. es lies sich endlich löschen, aber weder avira, noch avg, lassen sich öffnen! einfach gar nichts funzt... grrrrrr
ich habe dann auch gleich den CCleaner drüberlaufen lassen, malewarebytes installiert und scannen lassen. es wurden auch gleich 17 dateien/verzeichnisse gefunden:


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3523
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

09.01.2010 08:52:29
mbam-log-2010-01-09 (08-52-29).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 174046
Laufzeit: 54 minute(s), 19 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Temp\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\Malware Defense\mdext.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTktetirpiem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTwcyrjcqovy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTxdpimthoss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\H8SRTxxrlxbfpyl.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\Programme\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Programme\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTrsbspucbxu.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\H8SRT6215.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.



danach dann RSIT:


Logfile of random's system information tool 1.06 (written by random/random)
Run by ST at 2010-01-09 11:10:52
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 52 GB (68%) free of 76 GB
Total RAM: 446 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:03, on 09.01.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lexmark 3400 Series\lxcymon.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\Dokumente und Einstellungen\ST\Eigene Dateien\downloads\RSIT.exe
C:\Programme\trend micro\sunshine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.icq.com/people/about_me.php?uin=277035168
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Programme\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ladestiny08.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Unknown owner - C:\Programme\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Programme\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Messenger USN Journal Reader-Service für freigegebene Ordner (usnjsvc) - Unknown owner - C:\Programme\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 6571 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
SWEETIE Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 845852]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - []
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"lxcymon.exe"=C:\Programme\Lexmark 3400 Series\lxcymon.exe [2006-03-06 286720]
"LXCYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 []
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-10 20480]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-03-10 270336]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-01-09 11:10:54 ----D---- C:\Programme\trend micro
2010-01-09 11:10:52 ----D---- C:\rsit
2010-01-09 01:30:59 ----D---- C:\Dokumente und Einstellungen\sunshine\Anwendungsdaten\Malwarebytes
2010-01-09 01:14:51 ----D---- C:\Programme\Spybot - Search & Destroy
2010-01-09 01:14:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-01-09 00:51:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2010-01-09 00:51:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-01-09 00:50:53 ----D---- C:\Config.Msi
2010-01-09 00:50:51 ----D---- C:\Programme\Avira
2010-01-09 00:50:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2010-01-08 21:04:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-04 18:05:58 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-04 17:31:34 ----D---- C:\Programme\CCleaner

======List of files/folders modified in the last 1 months======

2010-01-09 11:10:54 ----RD---- C:\Programme
2010-01-09 11:08:37 ----D---- C:\Programme\Mozilla Thunderbird
2010-01-09 11:07:35 ----D---- C:\Dokumente und Einstellungen\ST\Anwendungsdaten\.purple
2010-01-09 09:56:24 ----D---- C:\Programme\Mozilla Firefox
2010-01-09 09:54:33 ----D---- C:\WINDOWS
2010-01-09 09:54:30 ----D---- C:\WINDOWS\Temp
2010-01-09 09:54:26 ----D---- C:\WINDOWS\Debug
2010-01-09 09:53:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-09 09:52:22 ----D---- C:\WINDOWS\WinSxS
2010-01-09 09:52:18 ----SHD---- C:\WINDOWS\Installer
2010-01-09 09:32:01 ----SD---- C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft
2010-01-09 09:32:00 ----D---- C:\WINDOWS\System32\drivers
2010-01-09 09:32:00 ----D---- C:\WINDOWS\system32
2010-01-09 09:14:08 ----D---- C:\WINDOWS\Prefetch
2010-01-09 00:54:14 ----D---- C:\Programme\lx_cats
2010-01-09 00:52:16 ----D---- C:\WINDOWS\System32\config
2010-01-09 00:52:04 ----D---- C:\WINDOWS\System32\wbem
2010-01-09 00:52:04 ----D---- C:\WINDOWS\Registration
2010-01-09 00:51:03 ----D---- C:\Programme\QuickTime
2010-01-09 00:50:31 ----D---- C:\WINDOWS\System32\Restore
2010-01-08 23:47:27 ----RSD---- C:\WINDOWS\Fonts
2010-01-08 23:43:21 ----D---- C:\WINDOWS\Minidump
2010-01-08 21:09:45 ----A---- C:\WINDOWS\Iedit_.INI
2010-01-07 11:19:08 ----D---- C:\WINDOWS\System32\CatRoot2
2010-01-07 10:59:34 ----D---- C:\Programme\Yahoo!
2010-01-07 10:51:03 ----D---- C:\Programme\dm-DIGI-Foto
2010-01-07 10:50:38 ----D---- C:\Programme\Tivola
2010-01-07 10:49:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo!
2010-01-07 10:47:32 ----D---- C:\Programme\Soulseek
2010-01-04 10:38:14 ----HD---- C:\WINDOWS\inf
2010-01-04 10:38:14 ----D---- C:\WINDOWS\PCHealth
2010-01-04 10:38:14 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-01-03 18:34:27 ----D---- C:\Programme\Trillian
2010-01-03 12:19:22 ----D---- C:\Dokumente und Einstellungen\ST\Anwendungsdaten\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-08-18 14080]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 S3GIGP;S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [2006-05-22 808448]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys []
S1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 lgmcbus;LGE Mobile driver (WDM); C:\WINDOWS\System32\DRIVERS\lgmcbus.sys []
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys []
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys []
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\lgmcobex.sys []
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM); C:\WINDOWS\System32\DRIVERS\lgmcunic.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\System32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2007-03-26 10252544]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys [2007-12-27 25600]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 Wdf01000;Wdf01000; C:\WINDOWS\System32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 lxcy_device;lxcy_device; C:\WINDOWS\System32\lxcycoms.exe [2006-02-20 495616]
S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe []
S2 YahooAUService;Yahoo! Updater; C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe []
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-09-07 118272]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe []
S4 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------


und:


info.txt logfile of random's system information tool 1.06 2010-01-09 11:11:05

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Reader 8.1.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\System32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
AquaSoft DiaShow 6 for YouTube-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{FC77E89A-74BE-42E9-8D68-73BDC1051C89}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
AquaSoft DiaShow 6 for YouTube-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{FC77E89A-74BE-42E9-8D68-73BDC1051C89}\Setup.exe
Ask Toolbar-->"C:\Programme\AskBarDis\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
FireTune-->C:\WINDOWS\iun6002.exe "C:\Programme\FireTune\irunin.ini"
Flatcast 5.0-->C:\WINDOWS\unins000.exe
GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Imikimi Plugin-->"C:\Programme\Imikimi\uninstall.exe"
InstallRTC-->MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Lexmark 3400 Series-->C:\Programme\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax-Lösungen-->C:\Programme\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Text To Speech Engine-->MsiExec.exe /X{647B6F8B-645C-4992-99D8-49202C689C05}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.15)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero Reloaded PlugIn Pack 2.0.4 by GEAR-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F3D7915D-6B42-49FA-9FC8-5020479A6A57}\setup.exe" -l0x7 -removeonly
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}
Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
PhotoFiltre-->"C:\Programme\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
Pidgin-->C:\Programme\Pidgin\pidgin-uninst.exe
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SweetIM For Internet Explorer 3.0b-->MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
Trillian-->C:\Programme\Trillian\Trillian.exe /uninstall
Trust Webcam 15082-02-->C:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x9
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA/S3G Display Driver 6.14.10.0054-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
xp-AntiSpy 3.96-2-->C:\Programme\xp-AntiSpy\Uninstall.exe
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail-->C:\WINDOWS\System32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
ZipGenius 6 (6.0.3.1130)-->"C:\Programme\ZipGenius 6\unins000.exe"

======System event log======

Computer Name: ST
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Netzwerkverbindungen" gesendet.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20100109004233.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ST
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20100109004233.000000+060
Event Type: Informationen
User: MAFFY\sunshine

Computer Name: ST
Event Code: 7036
Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 3
Source Name: Service Control Manager
Time Written: 20100109004233.000000+060
Event Type: Informationen
User:

Computer Name: ST
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20100109004046.000000+060
Event Type: Informationen
User:

Computer Name: ST
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 1 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20100109004046.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ST
Event Code: 1015
Message: Das Zeitlimit für die Zusammenstellung der Leistungsdaten "PerfProc"
in der Bibliothek "C:\WINDOWS\system32\perfproc.dll" ist abgelaufen. Möglicherweise ist mit dem erweiterbaren Leistungsindikator
oder dem Dienst, mit dem die Daten zusammengestellt werden, ein Problem aufgetreten.

Record Number: 4548
Source Name: Perflib
Time Written: 20090813075021.000000+120
Event Type: Fehler
User:

Computer Name: ST
Event Code: 4096
Message:
Record Number: 4547
Source Name: Avira AntiVir
Time Written: 20090813075010.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: MAFFY
Event Code: 0
Message:
Record Number: 4546
Source Name: YahooAUService
Time Written: 20090813074959.000000+120
Event Type: Informationen
User:

Computer Name: ST
Event Code: 0
Message:
Record Number: 4545
Source Name: ICQ Service
Time Written: 20090813074956.000000+120
Event Type: Informationen
User:

Computer Name: ST
Event Code: 1015
Message: Das Zeitlimit für die Zusammenstellung der Leistungsdaten "PerfProc"
in der Bibliothek "C:\WINDOWS\System32\perfproc.dll" ist abgelaufen. Möglicherweise ist mit dem erweiterbaren Leistungsindikator
oder dem Dienst, mit dem die Daten zusammengestellt werden, ein Problem aufgetreten.

Record Number: 4544
Source Name: Perflib
Time Written: 20090812215705.000000+120
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ZipGenius 6\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------


wie gesagt kein virenprogramm lässt sich öffnen und ich kann mir auch nicht vorstellen dass allein durch systemwiederherstellung und in quarantäne verschieben von den versuchten sachen damit alles getan ist

wäre nett, wenn mir jemand weiterhelfen könnte!


LG, SiltenTears

Alt 09.01.2010, 12:05   #2
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



Halli hallo.

Poste bitte zwei AVZ logs.
__________________

__________________

Alt 09.01.2010, 16:25   #3
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



würd ich ja gerne alles machen... nur komm ich bei punkt 4 nicht weiter, wo die logdatei gespeichert werden sollte geht ein fesnter auf mit dem hinweis, dass in laufwerk D kein datenträger drinne sei.... ?!
__________________

Alt 09.01.2010, 16:56   #4
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



Zitat:
Zitat von SiltenTears Beitrag anzeigen
würd ich ja gerne alles machen... nur komm ich bei punkt 4 nicht weiter, wo die logdatei gespeichert werden sollte geht ein fesnter auf mit dem hinweis, dass in laufwerk D kein datenträger drinne sei.... ?!
Das verstehe ich nicht ganz..

AVZ speichert die log Datei automatisch nachdem du das Skript ausgeführt hast. Da musst du nichts manuell speichern.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 09.01.2010, 18:03   #5
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



urgs sorry war mein fehler, malewarebytes war noch im hintergrund


also hat nun alles geklappt. hier sind die logs :


virusinfo_syscure:


<?xml version="1.0" encoding="windows-1251" ?>
- <!--

AVZ XML Report

-->
- <AVZ Version="4.32" LogDate="09.01.2010 17:13:37" WinDir="C:\WINDOWS\" ProfileDir="C:\Dokumente und Einstellungen\sunshine" IsWow64="False" CompHash="CD29D62FE35C76AF2B2EE35877472BDB">
- <PROCESS>
<ITEM PID="1708" File="c:\windows\fixcamera.exe" CheckResult="-1" Descr="CameraFixer MFC Application" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\FixCamera.exe@quot;" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" />
<ITEM PID="1412" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="0" CmdLine="C:\WINDOWS\system32\spoolsv.exe" Size="51200" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="9B627E6DA0EA47A3A664F69D954831D7" />
<ITEM PID="1724" File="c:\windows\tsnpstd3.exe" CheckResult="-1" Descr="tsnp2std Microsoft" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\tsnpstd3.exe@quot;" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" />
<ITEM PID="624" File="c:\windows\system32\winlogon.exe" CheckResult="-1" Descr="Windows NT-Anmeldung" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Hidden="0" CmdLine="winlogon.exe" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" />
</PROCESS>
- <DLL>
<ITEM File="C:\WINDOWS\system32\LXPRMON.DLL" CheckResult="-1" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" />
<ITEM File="C:\Programme\Lexmark Fax Solutions\FxCtrStr.dll" CheckResult="-1" Descr="Lexmark Fax Solutions Software" LegalCopyright="Copyright (C) 2004" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:24:56" MD5="D0085928913EDB25FA306523A14F9A16" />
<ITEM File="C:\Programme\Lexmark Fax Solutions\ipcmt.dll" CheckResult="-1" Descr="IPC Core Dll" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="32768" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:10:20" MD5="547817BB4455FB4FB293369728B500F4" />
<ITEM File="C:\WINDOWS\system32\LXPMONRC.DLL" CheckResult="-1" Descr="Lexmark Druckmonitorressourcen-DLL" LegalCopyright="Copyright (c) 2003" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:15" ChageDate="02.02.2006 09:27:08" MD5="8DA2E02490E23F6D2FE58B3A1FB96008" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F4788000" MemSize="016000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7A7B000" MemSize="002000" Descr="" LegalCopyright="" />
</KERNELOBJ>
- <Service>
<ITEM File="C:\Programme\Avira\AntiVir Desktop\sched.exe" Name="AntiVirSchedulerService" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Programme\Avira\AntiVir Desktop\avguard.exe" Name="AntiVirService" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" Name="NMIndexingService" CheckResult="-1" Type="16" State="1" />
<ITEM File="C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe" Name="TUWinStylerThemeSvc" CheckResult="-1" Type="16" State="1" Size="118272" Attr="rsAh" CreateDate="07.09.2005 23:39:02" ChageDate="07.09.2005 23:39:02" MD5="BBFAC182BB522D83857CDDEF7ACF80F6" />
<ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" Name="usnjsvc" CheckResult="-1" Type="16" State="1" />
</Service>
- <Drivers>
<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />
<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />
<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />
<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />
<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" Name="avgntdd" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys" Name="avgntmgr" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\avipbb.sys" Name="avipbb" CheckResult="-1" Type="1" State="1" />
<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />
<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />
<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />
<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\INSTALL\GMSIPCI.SYS" Name="GMSIPCI" CheckResult="-1" Type="1" State="1" />
<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\drivers\InCDFs.sys" Name="InCDFs" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\System32\drivers\InCDPass.sys" Name="InCDPass" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\drivers\InCDRm.sys" Name="InCDRm" CheckResult="-1" Type="1" State="1" />
<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />
<ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\KMWDFilter.SYS" Name="KMWDFilter" CheckResult="-1" Type="1" State="1" Size="17024" Attr="rsAh" CreateDate="16.06.2009 09:43:42" ChageDate="22.03.2008 10:31:58" MD5="72C55C745D804D62162144EBFD6390B8" />
<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcbus.sys" Name="lgmcbus" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys" Name="lgmcmdfl" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys" Name="lgmcmdm" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcobex.sys" Name="lgmcobex" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcunic.sys" Name="lgmcunic" CheckResult="-1" Type="1" State="1" />
<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\install4\MSICPL.sys" Name="MSICPL" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\NTACCESS.sys" Name="NTACCESS" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\PAC7302.SYS" Name="PAC7302" CheckResult="-1" Type="1" State="1" />
<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />
<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\NTGLM7X.sys" Name="SetupNTGLM7X" CheckResult="-1" Type="1" State="1" />
<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />
<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\ssmdrv.sys" Name="ssmdrv" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />
<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\PROGRA~1\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir PersonalEdition Classic Konfiguration" />
<ITEM File="C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir Personal - Free Antivirus" />
<ITEM File="C:\Programme\AntiVir PersonalEdition Classic\guardevt.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir" X3="EventMessageFile" />
<ITEM File="C:\Programme\Avira\AntiVir Desktop\avevtrc.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir" X3="EventMessageFile" />
<ITEM File="C:\Programme\Lexmark 3400 Series\ezprint.exe" CheckResult="-1" Enabled="0" Type="REG" Size="98304" Attr="rsAh" CreateDate="05.05.2007 11:50:54" ChageDate="07.02.2006 06:10:34" MD5="E9E3F46F206051ABA1B62D2411B11074" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="EzPrint" />
<ITEM File="C:\Programme\Lexmark 3400 Series\lxcymon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="286720" Attr="rsAh" CreateDate="05.05.2007 11:50:50" ChageDate="06.03.2006 18:48:46" MD5="9C31E3254F24AD2F67A10998D1AACB7D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="lxcymon.exe" />
<ITEM File="C:\Programme\Lexmark Fax Solutions\fm3032.exe" CheckResult="-1" Enabled="0" Type="REG" Size="290816" Attr="rsAh" CreateDate="05.05.2007 11:51:08" ChageDate="02.02.2006 09:11:28" MD5="FDB5E5F9A11BC40816CAB7C3ED184BBE" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="FaxCenterServer" />
<ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\usnjsvc" X3="EventMessageFile" />
<ITEM File="C:\Programme\Real\RealPlayer\realplay.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="204845" Attr="rsAh" CreateDate="30.01.2007 23:00:30" ChageDate="30.01.2007 23:00:30" MD5="10D18B67EA4700497C39B8A87CAA170F" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk" X3="" />
<ITEM File="C:\Programme\ZipGenius 6\cutter\cutter.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="657408" Attr="rsAh" CreateDate="03.03.2007 17:37:02" ChageDate="02.03.2005 18:05:36" MD5="15F6EE7E0F7E9A54AE13BF541AC7833A" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Cutter 4.lnk" X3="" />
<ITEM File="C:\Programme\ZipGenius 6\zipgenius.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="5910528" Attr="rsAh" CreateDate="03.03.2007 17:36:56" ChageDate="19.10.2006 16:18:50" MD5="90F3781CE4AF20F868F88D60FC185827" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk" X3="" />
<ITEM File="C:\WINDOWS\FixCamera.exe" CheckResult="-1" Enabled="1" Type="REG" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="FixCamera" />
<ITEM File="C:\WINDOWS\Installer\{5B09BD67-4C99-46A1-8161-B7208CE18121}\QTPlayer.ico" CheckResult="-1" Enabled="1" Type="LNK" Size="22486" Attr="RsAh" CreateDate="10.01.2008 18:12:20" ChageDate="10.01.2008 18:12:20" MD5="BE32B7F123578321A616C42C2BF2432D" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk" X3="" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntdd" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" />
<ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\appmgr.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ntbackup.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\asr_fmt.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR format utility for volumes" />
<ITEM File="C:\WINDOWS\system32\asr_ldm.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR utility for Logical Disk Manager" />
<ITEM File="C:\WINDOWS\system32\asr_pfu.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR protected file utility" />
<ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\tsnpstd3.exe" CheckResult="-1" Enabled="1" Type="REG" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="tsnpstd3" />
<ITEM File="SDEvents.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search @amp; Destroy 2" X3="EventMessageFile" />
<ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" />
<ITEM File="kbd101.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver JPN" />
<ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-19\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_CURRENT_USER" X2="Control Panel\IOProcs" X3="MVB" />
<ITEM File="sirenacm.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X3="msacm.siren" />
<ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" />
<ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" />
<ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" />
</AUTORUN>
- <BHO>
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}" Descr="" LegalCopyright="" />
<ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{201f27d4-3704-41d6-89c1-aa35e39143ed}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7E853D72-626A-48EC-A868-BA8D5E23E045}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" />
<ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{3041d03e-fd4b-44e0-b742-2d9b88305f98}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" />
<ITEM File="C:\Programme\ICQLite\ICQLite.exe" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{B863453A-26C3-4e1f-A54D-A2CD196348E9}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="deskpan.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="CPL-Erweiterung fьr Anzeigeverschiebung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shellerweiterungen fьr die Dateikomprimierung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Kontextmenь fьr die Verschlьsselung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Taskleiste und Startmenь" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Benutzerkonten" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shell Extension for Malware scanning" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ICQ Lite Shell Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{73B24247-042E-4EF5-ADC2-42F62E6FD654}" Descr="" LegalCopyright="" />
<ITEM File="C:\PROGRA~1\ZIPGEN~1\zgtips.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Zip InfoTip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" Descr="Infotips shell extension for ZipGenius" LegalCopyright="Copyright ©1998-2004 M.Dev Software" Size="936960" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:05:50" MD5="F38EA1C2082C0FB030F60DF1C792D146" />
<ITEM File="C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Drop handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{310A0C95-EA11-42AE-A8E4-53E69E650310}" Descr="ZG Drop Handler" LegalCopyright="" Size="543744" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:03:50" MD5="29E36098B937C75AFAD62D800C3F6D39" />
<ITEM File="C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius DnD Extract handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FE8D01BF-610A-4261-9C6E-32D65A42C907}" Descr="Drag and drop dll" LegalCopyright="©1998, 2003 M.Dev Software" Size="700416" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:04:38" MD5="A0CC122D3690FA7912B46D7FFE3FE94F" />
<ITEM File="@quot;C:\Programme\TuneUp Utilities 2006\sdshelex.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="TuneUp Shredder Shell Context Menu Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="AlcoholShellEx" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{32020A01-506E-484D-A2A8-BE3CF17601C3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Messenger Sharing Folders" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Yahoo! Mail" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5464D816-CF16-4784-B9F3-75C0DB52B499}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Column Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Infotip Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Property Sheet Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{63542C48-9552-494A-84F7-73AA6A7C99C1}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Thumbnail Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3B092F0C-7696-40E3-A80F-68D74DA84210}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" />
</ExplorerExt>
- <PrintEXT>
<ITEM File="C:\WINDOWS\System32\LXPRMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" />
</PrintEXT>
- <TaskScheduler>
<ITEM File="C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe" CheckResult="-1" Enabled="29518112" Descr="TuneUp System Optimizer" LegalCopyright="© 1996-2004 TuneUp Software GmbH" Size="388608" Attr="rsAh" CreateDate="07.09.2005 23:38:58" ChageDate="07.09.2005 23:38:58" MD5="6CE0E19803480A2B6318C65B5A172BA0" />
</TaskScheduler>
- <SPI>
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="TCP/IP" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="14848" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="81696D115F602EDDD8B950D5F1DA9FE4" />
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="NLA-Namespace" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] SEQPACKET 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] DATAGRAM 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
</SPI>
- <DPF>
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="DirectAnimation Java Classes" CodeBase="file://C:\WINDOWS\Java\classes\dajava.cab" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="Microsoft XML Parser for Java" CodeBase="file://C:\WINDOWS\Java\classes\xmldso.cab" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{33564D57-0000-0010-8000-00AA00389B71}" CodeBase="http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB" Descr="" LegalCopyright="" />
<ITEM File="C:\PROGRA~1\Imikimi\IMIKIM~1.1\IMIKIM~1.OCX" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{D71F9A27-723E-4B8B-B428-B725E47CBA3E}" CodeBase="http://imikimi.com/download/imikimi_plugin_0.5.1.cab" Descr="Imikimi Plugin" LegalCopyright="Copyright (C) 2007" Size="73728" Attr="rsAh" CreateDate="16.01.2008 18:10:38" ChageDate="16.01.2008 18:10:38" MD5="EB624C70CE18C267F016ED0208789571" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
<SuspFiles />
- <RK_KM>
<ITEM File="" FNaim="" FIndx="339" HookPtr="8060F675" HookType="3" />
<ITEM File="" FNaim="" FIndx="366" HookPtr="8060F675" HookType="3" />
<ITEM File="" FNaim="" FIndx="373" HookPtr="8060F675" HookType="3" />
<ITEM File="" FNaim="" FIndx="538" HookPtr="8060F675" HookType="3" />
</RK_KM>
- <WIZARD-TSW>
<ITEM ID="19" Level="2" Fixed="0" />
<ITEM ID="51" Level="2" Fixed="0" />
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>


Alt 09.01.2010, 18:03   #6
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



und infovirus_syscheck:




<?xml version="1.0" encoding="windows-1251" ?>
- <!--

AVZ XML Report

-->
- <AVZ Version="4.32" LogDate="09.01.2010 17:13:37" WinDir="C:\WINDOWS\" ProfileDir="C:\Dokumente und Einstellungen\sunshine" IsWow64="False" CompHash="CD29D62FE35C76AF2B2EE35877472BDB">
- <PROCESS>
<ITEM PID="1708" File="c:\windows\fixcamera.exe" CheckResult="-1" Descr="CameraFixer MFC Application" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\FixCamera.exe@quot;" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" />
<ITEM PID="1412" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="0" CmdLine="C:\WINDOWS\system32\spoolsv.exe" Size="51200" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="9B627E6DA0EA47A3A664F69D954831D7" />
<ITEM PID="1724" File="c:\windows\tsnpstd3.exe" CheckResult="-1" Descr="tsnp2std Microsoft" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\tsnpstd3.exe@quot;" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" />
<ITEM PID="624" File="c:\windows\system32\winlogon.exe" CheckResult="-1" Descr="Windows NT-Anmeldung" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Hidden="0" CmdLine="winlogon.exe" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" />
</PROCESS>
- <DLL>
<ITEM File="C:\WINDOWS\system32\LXPRMON.DLL" CheckResult="-1" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" />
<ITEM File="C:\Programme\Lexmark Fax Solutions\FxCtrStr.dll" CheckResult="-1" Descr="Lexmark Fax Solutions Software" LegalCopyright="Copyright (C) 2004" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:24:56" MD5="D0085928913EDB25FA306523A14F9A16" />
<ITEM File="C:\Programme\Lexmark Fax Solutions\ipcmt.dll" CheckResult="-1" Descr="IPC Core Dll" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="32768" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:10:20" MD5="547817BB4455FB4FB293369728B500F4" />
<ITEM File="C:\WINDOWS\system32\LXPMONRC.DLL" CheckResult="-1" Descr="Lexmark Druckmonitorressourcen-DLL" LegalCopyright="Copyright (c) 2003" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:15" ChageDate="02.02.2006 09:27:08" MD5="8DA2E02490E23F6D2FE58B3A1FB96008" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F4788000" MemSize="016000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7A7B000" MemSize="002000" Descr="" LegalCopyright="" />
</KERNELOBJ>
- <Service>
<ITEM File="C:\Programme\Avira\AntiVir Desktop\sched.exe" Name="AntiVirSchedulerService" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Programme\Avira\AntiVir Desktop\avguard.exe" Name="AntiVirService" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" Name="NMIndexingService" CheckResult="-1" Type="16" State="1" />
<ITEM File="C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe" Name="TUWinStylerThemeSvc" CheckResult="-1" Type="16" State="1" Size="118272" Attr="rsAh" CreateDate="07.09.2005 23:39:02" ChageDate="07.09.2005 23:39:02" MD5="BBFAC182BB522D83857CDDEF7ACF80F6" />
<ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" Name="usnjsvc" CheckResult="-1" Type="16" State="1" />
</Service>
- <Drivers>
<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />
<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />
<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />
<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />
<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" Name="avgntdd" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys" Name="avgntmgr" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\avipbb.sys" Name="avipbb" CheckResult="-1" Type="1" State="1" />
<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />
<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />
<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />
<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\INSTALL\GMSIPCI.SYS" Name="GMSIPCI" CheckResult="-1" Type="1" State="1" />
<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\drivers\InCDFs.sys" Name="InCDFs" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\WINDOWS\System32\drivers\InCDPass.sys" Name="InCDPass" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\drivers\InCDRm.sys" Name="InCDRm" CheckResult="-1" Type="1" State="1" />
<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />
<ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\Drivers\KMWDFilter.SYS" Name="KMWDFilter" CheckResult="-1" Type="1" State="1" Size="17024" Attr="rsAh" CreateDate="16.06.2009 09:43:42" ChageDate="22.03.2008 10:31:58" MD5="72C55C745D804D62162144EBFD6390B8" />
<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcbus.sys" Name="lgmcbus" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys" Name="lgmcmdfl" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys" Name="lgmcmdm" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcobex.sys" Name="lgmcobex" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcunic.sys" Name="lgmcunic" CheckResult="-1" Type="1" State="1" />
<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\install4\MSICPL.sys" Name="MSICPL" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\NTACCESS.sys" Name="NTACCESS" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\PAC7302.SYS" Name="PAC7302" CheckResult="-1" Type="1" State="1" />
<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />
<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />
<ITEM File="D:\NTGLM7X.sys" Name="SetupNTGLM7X" CheckResult="-1" Type="1" State="1" />
<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />
<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\ssmdrv.sys" Name="ssmdrv" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />
<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\PROGRA~1\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir PersonalEdition Classic Konfiguration" />
<ITEM File="C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir Personal - Free Antivirus" />
<ITEM File="C:\Programme\AntiVir PersonalEdition Classic\guardevt.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir" X3="EventMessageFile" />
<ITEM File="C:\Programme\Avira\AntiVir Desktop\avevtrc.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir" X3="EventMessageFile" />
<ITEM File="C:\Programme\Lexmark 3400 Series\ezprint.exe" CheckResult="-1" Enabled="0" Type="REG" Size="98304" Attr="rsAh" CreateDate="05.05.2007 11:50:54" ChageDate="07.02.2006 06:10:34" MD5="E9E3F46F206051ABA1B62D2411B11074" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="EzPrint" />
<ITEM File="C:\Programme\Lexmark 3400 Series\lxcymon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="286720" Attr="rsAh" CreateDate="05.05.2007 11:50:50" ChageDate="06.03.2006 18:48:46" MD5="9C31E3254F24AD2F67A10998D1AACB7D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="lxcymon.exe" />
<ITEM File="C:\Programme\Lexmark Fax Solutions\fm3032.exe" CheckResult="-1" Enabled="0" Type="REG" Size="290816" Attr="rsAh" CreateDate="05.05.2007 11:51:08" ChageDate="02.02.2006 09:11:28" MD5="FDB5E5F9A11BC40816CAB7C3ED184BBE" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="FaxCenterServer" />
<ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\usnjsvc" X3="EventMessageFile" />
<ITEM File="C:\Programme\Real\RealPlayer\realplay.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="204845" Attr="rsAh" CreateDate="30.01.2007 23:00:30" ChageDate="30.01.2007 23:00:30" MD5="10D18B67EA4700497C39B8A87CAA170F" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk" X3="" />
<ITEM File="C:\Programme\ZipGenius 6\cutter\cutter.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="657408" Attr="rsAh" CreateDate="03.03.2007 17:37:02" ChageDate="02.03.2005 18:05:36" MD5="15F6EE7E0F7E9A54AE13BF541AC7833A" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Cutter 4.lnk" X3="" />
<ITEM File="C:\Programme\ZipGenius 6\zipgenius.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="5910528" Attr="rsAh" CreateDate="03.03.2007 17:36:56" ChageDate="19.10.2006 16:18:50" MD5="90F3781CE4AF20F868F88D60FC185827" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk" X3="" />
<ITEM File="C:\WINDOWS\FixCamera.exe" CheckResult="-1" Enabled="1" Type="REG" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="FixCamera" />
<ITEM File="C:\WINDOWS\Installer\{5B09BD67-4C99-46A1-8161-B7208CE18121}\QTPlayer.ico" CheckResult="-1" Enabled="1" Type="LNK" Size="22486" Attr="RsAh" CreateDate="10.01.2008 18:12:20" ChageDate="10.01.2008 18:12:20" MD5="BE32B7F123578321A616C42C2BF2432D" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk" X3="" />
<ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntdd" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" />
<ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\appmgr.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ntbackup.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\asr_fmt.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR format utility for volumes" />
<ITEM File="C:\WINDOWS\system32\asr_ldm.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR utility for Logical Disk Manager" />
<ITEM File="C:\WINDOWS\system32\asr_pfu.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR protected file utility" />
<ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\tsnpstd3.exe" CheckResult="-1" Enabled="1" Type="REG" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="tsnpstd3" />
<ITEM File="SDEvents.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search @amp; Destroy 2" X3="EventMessageFile" />
<ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" />
<ITEM File="kbd101.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver JPN" />
<ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-19\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_CURRENT_USER" X2="Control Panel\IOProcs" X3="MVB" />
<ITEM File="sirenacm.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X3="msacm.siren" />
<ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" />
<ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" />
<ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" />
</AUTORUN>
- <BHO>
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}" Descr="" LegalCopyright="" />
<ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{201f27d4-3704-41d6-89c1-aa35e39143ed}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7E853D72-626A-48EC-A868-BA8D5E23E045}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" />
<ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{3041d03e-fd4b-44e0-b742-2d9b88305f98}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" />
<ITEM File="C:\Programme\ICQLite\ICQLite.exe" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{B863453A-26C3-4e1f-A54D-A2CD196348E9}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="deskpan.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="CPL-Erweiterung fьr Anzeigeverschiebung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shellerweiterungen fьr die Dateikomprimierung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Kontextmenь fьr die Verschlьsselung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Taskleiste und Startmenь" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Benutzerkonten" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shell Extension for Malware scanning" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ICQ Lite Shell Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{73B24247-042E-4EF5-ADC2-42F62E6FD654}" Descr="" LegalCopyright="" />
<ITEM File="C:\PROGRA~1\ZIPGEN~1\zgtips.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Zip InfoTip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" Descr="Infotips shell extension for ZipGenius" LegalCopyright="Copyright ©1998-2004 M.Dev Software" Size="936960" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:05:50" MD5="F38EA1C2082C0FB030F60DF1C792D146" />
<ITEM File="C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Drop handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{310A0C95-EA11-42AE-A8E4-53E69E650310}" Descr="ZG Drop Handler" LegalCopyright="" Size="543744" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:03:50" MD5="29E36098B937C75AFAD62D800C3F6D39" />
<ITEM File="C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius DnD Extract handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FE8D01BF-610A-4261-9C6E-32D65A42C907}" Descr="Drag and drop dll" LegalCopyright="©1998, 2003 M.Dev Software" Size="700416" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:04:38" MD5="A0CC122D3690FA7912B46D7FFE3FE94F" />
<ITEM File="@quot;C:\Programme\TuneUp Utilities 2006\sdshelex.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="TuneUp Shredder Shell Context Menu Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="AlcoholShellEx" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{32020A01-506E-484D-A2A8-BE3CF17601C3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Messenger Sharing Folders" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Yahoo! Mail" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5464D816-CF16-4784-B9F3-75C0DB52B499}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Column Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Infotip Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Property Sheet Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{63542C48-9552-494A-84F7-73AA6A7C99C1}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Thumbnail Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3B092F0C-7696-40E3-A80F-68D74DA84210}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" />
</ExplorerExt>
- <PrintEXT>
<ITEM File="C:\WINDOWS\System32\LXPRMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" />
</PrintEXT>
- <TaskScheduler>
<ITEM File="C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe" CheckResult="-1" Enabled="29518112" Descr="TuneUp System Optimizer" LegalCopyright="© 1996-2004 TuneUp Software GmbH" Size="388608" Attr="rsAh" CreateDate="07.09.2005 23:38:58" ChageDate="07.09.2005 23:38:58" MD5="6CE0E19803480A2B6318C65B5A172BA0" />
</TaskScheduler>
- <SPI>
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="TCP/IP" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="14848" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="81696D115F602EDDD8B950D5F1DA9FE4" />
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="NLA-Namespace" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] SEQPACKET 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] DATAGRAM 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" />
</SPI>
- <DPF>
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="DirectAnimation Java Classes" CodeBase="file://C:\WINDOWS\Java\classes\dajava.cab" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="Microsoft XML Parser for Java" CodeBase="file://C:\WINDOWS\Java\classes\xmldso.cab" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{33564D57-0000-0010-8000-00AA00389B71}" CodeBase="http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB" Descr="" LegalCopyright="" />
<ITEM File="C:\PROGRA~1\Imikimi\IMIKIM~1.1\IMIKIM~1.OCX" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{D71F9A27-723E-4B8B-B428-B725E47CBA3E}" CodeBase="http://imikimi.com/download/imikimi_plugin_0.5.1.cab" Descr="Imikimi Plugin" LegalCopyright="Copyright (C) 2007" Size="73728" Attr="rsAh" CreateDate="16.01.2008 18:10:38" ChageDate="16.01.2008 18:10:38" MD5="EB624C70CE18C267F016ED0208789571" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
<SuspFiles />
- <RK_KM>
<ITEM File="" FNaim="" FIndx="339" HookPtr="8060F675" HookType="3" />
<ITEM File="" FNaim="" FIndx="366" HookPtr="8060F675" HookType="3" />
<ITEM File="" FNaim="" FIndx="373" HookPtr="8060F675" HookType="3" />
<ITEM File="" FNaim="" FIndx="538" HookPtr="8060F675" HookType="3" />
</RK_KM>
- <WIZARD-TSW>
<ITEM ID="19" Level="2" Fixed="0" />
<ITEM ID="51" Level="2" Fixed="0" />
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>

Alt 09.01.2010, 20:24   #7
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



=) Lies dir bitte den Punkt den mit den logfiles anhängen noch mal ganz genau durch!

Es entstehen zwei .zip Dateien wenn du die Skripte ausführst (syssecure.zip und syscheck.zip).
Diese beiden Dateien hängst du bitte an deinen nächsten Post an.
Anhängen! Nicht posten.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 09.01.2010, 20:46   #8
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



lol ok ok ... das ganze stresst mich ganz schön =)

Alt 09.01.2010, 22:20   #9
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



Zitat:
Zitat von SiltenTears Beitrag anzeigen
lol ok ok ... das ganze stresst mich ganz schön =)
das glaube ich. Entspann dich! Wir flicken den Rechner in aller Ruhe wieder zusammen und danach ist alles wieder in Butter!
Grade bei verseuchten oder kaputten PCs gilt: In der Ruhe liegt die Kraft!
Das muss ich mir aber auch andauernd sagen.. ^^

Mit den logs stimmt was nicht. Dafür kannst du aber nichts! Ich glaube da versucht uns der Schädling einen Strich durch die Rechnung zu machen.

Lösche bitte den kompletten AVZ Ordner.

Räume mit dem CCleaner auf und starte den Rechner neu.


Poste ein GMER log.

Starte den Rechner danach neu.


Danach lädst du dir AVZ nocheinmal herunter. Diesmal allerdings anders als es in der Anleitung steht:

Download:

1. Lege dir einen eigenen Ordner für AVZ unter folgendem Pfad an: C:\AVZ

2. Klicke mit einem rechts Klick auf diesen Link: Toolkit und wähle speichern unter:
  • Dateiname: 1111111.com und wähle als
  • Speicherort: C:\AVZ (den eben von dir erstellten Ordner)



3. Das Programm muss nicht installiert werden sondern ist direkt betriebsbereit.


Gehe danach wieder so vor wie beim letzten mal um die AVZ logs zu erstellen und hänge beide an deinen nächsten Post an.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 10.01.2010, 09:51   #10
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



guten morgen =)

na das hoff ich doch, dass der bald wieder so funzt wie er soll...

also hier dann mal die logs:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-10 08:40:56
Windows 5.1.2600 Service Pack 1
Running: tm42spnw.exe; Driver: C:\DOKUME~1\ST\LOKALE~1\Temp\fxtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xF766F280, 0x7B04, 0xE8000020]

---- EOF - GMER 1.0.15 ----

Alt 10.01.2010, 10:23   #11
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



Guten Morgen.

Die oreans32.sys verarscht uns bzw. AVZ. Aber nicht mehr lange..


Öffne bitte gmer.

Oben links findest du einen Reiter der etwa so aussieht:
Klicke den an und es werden weitere Reiter erscheinen.
Wähle den Reiter cmd aus.

Dann kopiere bitte in das schwarze obere Feld folgendes rein:

Zitat:
tm42spnw.exe -del service oreans32
tm42spnw.exe -del file "C:\WINDOWS\system32\drivers\oreans32.sys"
tm42spnw.exe -del reg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 "
tm42spnw.exe -del reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32"
tm42spnw.exe -reboot
Klicke danach auf Run!

Der Rechner startet neu. Räume mit dem CCleaner auf und poste ein frisches GMER log


Starte den Rechner abermals neu und poste zwei frische AVZ logs.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 10.01.2010, 10:52   #12
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



hmmmm funzt nicht! wenn ichs reinkopiere und run anklicke, erscheint erst "deletekey - falsches parameter" und dann "error 0x00000002 occured during the delicion of file C:\windows.....\oreans.sys - system kann die angegegbene datei nicht finden

Alt 10.01.2010, 11:37   #13
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



Dann ist die Datei scheinbar nicht vorhanden aber probiere es bitte nochmal mit folgendem Skript:

Zitat:
tm42spnw.exe -del service oreans32
tm42spnw.exe -del file "C:\WINDOWS\system32\drivers\oreans32.sys"
tm42spnw.exe -del reg "HKLM\SYSTEM\ControlSet001\Services\oreans32 "
tm42spnw.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32"
tm42spnw.exe -reboot
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 10.01.2010, 11:51   #14
SiltenTears
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



klappt auch nicht, erscheint dann das gleiche

Alt 10.01.2010, 11:56   #15
undoreal
/// AVZ-Toolkit Guru
 
durch maleware defense/security altert nur noch PC-probs - Standard

durch maleware defense/security altert nur noch PC-probs



Du hast das alles in das schwarze cmd Fenster eingeben, ja?

O.K.

Dann versuchen wir es anders:

Lass' mal bitte SUPERAntiSpyware laufen und poste das log.

Poste auch ein frisches Malwarebytes log.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Antwort

Themen zu durch maleware defense/security altert nur noch PC-probs
adware.egdaccess, antivir, antivir guard, ask toolbar, askbar, avgnt, avgnt.exe, avira, bho, browser, converter, desktop, entfernen, excel, google, gservice, hijack, hijackthis, hkus\s-1-5-18, home, iexplore.exe, install.exe, kompatibilität, launch, maleware, malewarebytes anti-maleware, malware.packer, mozilla, msiexec.exe, plug-in, pop-up, problem, realtek, registrierungsschlüssel, registry, scan, security, sekunden, software, starten, systemwiederherstellung gemacht, trojan.tdss, windows xp, windows\temp



Ähnliche Themen: durch maleware defense/security altert nur noch PC-probs


  1. Spyhunter 4, Maleware oder Maleware Security Suite?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (5)
  2. windows security alerts + malware defense
    Log-Analyse und Auswertung - 17.02.2010 (2)
  3. Problem mit Maleware Defense
    Log-Analyse und Auswertung - 22.01.2010 (8)
  4. Problem mit Malware Defense/Security Alert-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2010 (0)
  5. Malware Defense/Security Alert-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (45)
  6. Maleware Defense loswerden
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (6)
  7. malware defense und security alert
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (98)
  8. Maleware Defense
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (12)
  9. Windows Security Alerts/ Malware Defense Trojaner
    Log-Analyse und Auswertung - 16.01.2010 (2)
  10. Malware Defense/Security Alert --->Alles beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (8)
  11. Malware Defense und noch mehr...?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (7)
  12. Windows Security Alert und Malwere Defense!
    Plagegeister aller Art und deren Bekämpfung - 07.01.2010 (1)
  13. Maleware Defense & Rootkit die X-te
    Log-Analyse und Auswertung - 06.01.2010 (10)
  14. Windows Security Alert/Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (7)
  15. Windows Security Alert / Malware Defense
    Plagegeister aller Art und deren Bekämpfung - 02.01.2010 (7)
  16. Maleware Defense Virus
    Plagegeister aller Art und deren Bekämpfung - 31.12.2009 (5)
  17. Inet langsam, Sasser probs., Lsass.exe probs.
    Plagegeister aller Art und deren Bekämpfung - 22.01.2009 (0)

Zum Thema durch maleware defense/security altert nur noch PC-probs - hallo zusammen vor einigen tagen habe ich mir auch diesen security altert / maleware defense eingefangen und ich bin hier echt nur noch am verzweifeln! erstmal hat sich mein avira - durch maleware defense/security altert nur noch PC-probs...
Archiv
Du betrachtest: durch maleware defense/security altert nur noch PC-probs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.