Your Protection immer noch da?

Larusso · 26.04.2010, 20:48

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

FastCore · 03.05.2010, 14:49

Sry das ich ne Woche nichts gepostet habe war nicht da.
Also habe heute GMER durchlaufen lass doch bekamm nach einer Stunde Scannen diese Fehlermeldung ich denke mal das liegt daran weil er so lange in den Ordnern contacts/ignored scannt...-.-

Fehlermeldung:

Es konnten nicht alle Daten für die Datei \Device\HarddiskVolume2\$MFA gespeichert werden. Die Dateien gingen verloren. Mögliche Ursache könnten Computerhardware oder Netwerkverbindungen sein. Versuche die Dateien woanders zu speichern.

Dannach wenn ich auf OK drücke startet er neu.

Weißt du vllt wie ich diese Ignored Ordner löschen kann?

Internet und AntiVir waren aus.

Hier noch ein Stück vom Log was er mir ausgespuckt hat.

Code:

ATTFilter

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                           fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                           GDTdiIcpt.sys

Device          \Driver\fssfltr \Device\fssfltr                                                                                                                                                     GDTdiIcpt.sys

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                                                                                               609AA7DDBA22BF426963F77EFDEA1E08293760AF478A9A2B869F947D93AA493298E490E31C15677D6DBBA52CC06A4DF122F359D65059AEA3CDC61097126FB89C39A50C5BA876ECAFE727B367C3E4D8D56C7938839F5C9E29176CF6AF533643DDEA83BE7478A157DC669ED6B991D769E21B335E3553D14BB21A8D775EAE9D2855A82BC47F353AE3F148A134CC4A06572E138E9E8F21BDCC9DE02AB1608A0CD9C741CF2AF29DA304BB44AF68EE2275AFAC8E7FC25ACFE6EB2A4B443A96662602E05B23F2E804865BEC61500192DDEE35BA1CFC85823E5829FC8B641B06D1DA7AACEB60139ECD51C11B7DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C9DB7CE019D40AA5CA9C6AECB7A5D1407737379524AE6A3057B70C6AD5F55D7547F5D2092DFC16109B7CF19D51D3B0BD6C81FCFBC70C511B1611EB7165B012E9AD9ABF7333619C4B6EE8D4E20EA8F0B39869B92BAC84BCF98073F3B8E5D824E1B3B3E7788E969112C4E55DCF4D93ADE054CA921D3570B462A3C016573E9EA282B46CE0C651FE0DC426890A9BFCDA9E8BB3E007BA7664BBDA95884F0B8C9FE8B73208BCBB3C061A328539BC3F9F4F8EB2D82464665FE09E32EB1613CE38937AFEF721AEB6BFC80C3DF29C4D835BA7C1181C6194953F273C
Reg             HKLM\SOFTWARE\Classes\CLSID\{5E49ACE2-02DD-1A56-1972-DE9684009677}\InprocServer32@                                                                                                  C:\WINDOWS\system32\quartz.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{5E49ACE2-02DD-1A56-1972-DE9684009677}\InprocServer32@ThreadingModel                                                                                    Both
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}                                                    
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}                                                    
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}                                                    
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}                                                    
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\InprocServer32@                                                                                                  C:\WINDOWS\system32\msvidctl.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\InprocServer32@ThreadingModel                                                                                    Both
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\ProgID@                                                                                                          BDATuner.LanguageComponentType.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\TypeLib@                                                                                                         {9B085638-018E-11D3-9D8E-00C04F72D980}
Reg             HKLM\SOFTWARE\Classes\CLSID\{FDF33F55-DD43-E5DA-AA8F-A14980120F91}\VersionIndependentProgID@                                                                                        BDATuner.LanguageComponentType

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{6696eb41-d129-41e6-8f64-cb4cd28e7c1b}\DBStore\LogFiles\edb.log         4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{6696eb41-d129-41e6-8f64-cb4cd28e7c1b}\DBStore\LogFiles\edb00010.log    4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{6696eb41-d129-41e6-8f64-cb4cd28e7c1b}\DBStore\LogFiles\res1.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{6696eb41-d129-41e6-8f64-cb4cd28e7c1b}\DBStore\LogFiles\res2.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\Backup                   0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\Backup\new               0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\Backup\new\contacts.edb  12607488 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\Backup\new\contacts.pat  16384 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\Backup\new\edb00039.log  4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\contacts.edb             12599296 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\contacts.pat             16384 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\dbstore.ini              174 bytes
File            C:\Dokumente und Einstellungen\*t\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\edb.chk                  8192 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\LogFiles                 0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\LogFiles\edb.log         4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\LogFiles\edb00039.log    4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\LogFiles\edb0003A.log    4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\LogFiles\res1.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{686c7673-069a-4bc6-982b-7a71faa43bb3}\DBStore\LogFiles\res2.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\Backup                   0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\Backup\new               0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\Backup\new\contacts.edb  2121728 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\Backup\new\contacts.pat  16384 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\Backup\new\edb00001.log  4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\contacts.edb             2113536 bytes
File            C:\Dokumente und Einstellungen\*t\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\contacts.pat             16384 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\dbstore.ini              174 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\edb.chk                  8192 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\LogFiles                 0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\LogFiles\edb.log         4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\LogFiles\edb00001.log    4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\LogFiles\res1.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{7d0f9f59-6059-4cad-932a-eb4b82e52297}\DBStore\LogFiles\res2.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\Backup                   0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\Backup\new               0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\Backup\new\contacts.edb  4218880 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\Backup\new\contacts.pat  16384 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\Backup\new\edb0000A.log  4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\contacts.edb             4210688 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\contacts.pat             16384 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\dbstore.ini              174 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\edb.chk                  8192 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\LogFiles                 0 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\LogFiles\edb.log         4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\LogFiles\edb0000A.log    4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\LogFiles\edbtmp.log      1048576 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\LogFiles\res1.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\LogFiles\res2.log        4194304 bytes
File            C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Live Contacts\{815ee08a-dc06-4c9a-a0a6-b3b22a4a397c}\DBStore\tempedb.edb              262144 bytes

MalwareBytes zeigt mir 0 Funde an, Avira beim Systemscan auch.

Larusso · 03.05.2010, 14:52

Falls Combofix noch vorhanden, lösche bitte die vorhandene Version.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

FastCore · 03.05.2010, 15:16

Hier:

Code:

ATTFilter

ComboFix 10-05-02.03 - FreshOne 03.05.2010  16:02:33.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.511.209 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\FreshOne\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00A6-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00F4-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00F6-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00F8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00A6-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00A7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00F4-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00F6-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00F8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00FE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00FF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0101-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0104-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0106-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0108-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-010E-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-010F-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0115-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0117-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-011F-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-0120-0D24-347CA8A3377C}
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-03 bis 2010-05-03  ))))))))))))))))))))))))))))))
.

2010-05-01 17:21 . 2010-05-01 17:21	--------	d-----w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\InstallShield
2010-04-23 11:30 . 2010-04-29 13:15	--------	d-----w-	c:\windows\system32\NtmsData
2010-04-23 11:26 . 2010-04-23 11:26	--------	d-----w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\Avira
2010-04-22 12:28 . 2010-04-22 12:28	--------	d--h--w-	c:\windows\PIF
2010-04-22 12:21 . 2010-04-22 12:21	--------	d-----w-	c:\programme\Avira
2010-04-22 12:21 . 2010-04-22 12:21	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-04-22 12:21 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-04-22 12:21 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-04-22 12:21 . 2009-05-11 10:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-04-22 12:21 . 2009-05-11 10:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-04-22 11:49 . 2010-04-22 11:49	54624	----a-w-	c:\windows\system32\1c616.sys
2010-04-17 17:48 . 2010-04-17 17:48	--------	d-----w-	c:\windows\Logs
2010-04-16 09:51 . 2010-04-16 09:52	--------	d-----w-	c:\programme\Jumi
2010-04-10 14:11 . 2010-04-11 14:36	7168	----a-w-	c:\windows\system32\drivers\utm3otux.sys
2010-04-08 21:10 . 2010-04-08 21:10	--------	d-----w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\Malwarebytes
2010-04-08 17:17 . 2010-04-08 17:17	--------	d-----w-	c:\programme\Defraggler
2010-04-08 16:20 . 2010-04-08 16:20	--------	d-----w-	c:\programme\CCleaner
2010-04-08 00:36 . 2010-03-29 13:24	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 00:36 . 2010-04-24 20:54	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-04-08 00:36 . 2010-04-08 00:36	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-08 00:36 . 2010-03-29 22:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 18:03 . 2006-09-01 07:30	--------	d-----w-	c:\programme\Google
2010-05-01 17:26 . 2009-05-25 11:16	--------	d-----w-	c:\programme\Sony
2010-05-01 17:25 . 2007-10-23 07:30	--------	d-----w-	c:\programme\ScanSoft
2010-05-01 17:25 . 2007-10-23 07:31	--------	d-----w-	c:\programme\Gemeinsame Dateien\ScanSoft Shared
2010-05-01 17:25 . 2008-11-19 11:35	--------	d-----w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\ScanSoft
2010-05-01 17:25 . 2008-11-17 17:00	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\ScanSoft
2010-05-01 17:21 . 2009-03-22 16:19	--------	d-----w-	c:\programme\Icon Constructor 3
2010-05-01 17:20 . 2010-01-14 17:20	--------	d-----w-	c:\programme\QuickTime
2010-05-01 17:20 . 2006-10-14 16:42	--------	d-----w-	c:\programme\Messenger Plus! Live
2010-05-01 17:20 . 2005-01-15 20:57	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-05-01 17:20 . 2008-03-09 07:50	--------	dcsh--w-	c:\programme\Gemeinsame Dateien\WindowsLiveInstaller
2010-05-01 17:20 . 2005-07-09 03:29	--------	d-----w-	c:\programme\Gemeinsame Dateien\Real
2010-05-01 17:19 . 2005-07-09 03:28	--------	d-----w-	c:\programme\Gemeinsame Dateien\aolshare
2010-05-01 17:19 . 2007-10-21 07:59	--------	d-----w-	c:\programme\DivX
2010-05-01 17:19 . 2005-01-16 18:42	--------	d-----w-	c:\programme\acer
2010-04-30 14:18 . 2008-11-11 19:25	--------	d-----w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\MyPhoneExplorer
2010-04-23 12:45 . 2008-11-19 11:33	1470	----a-w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\wklnhst.dat
2010-04-20 11:15 . 2008-03-31 14:48	--------	d-----w-	c:\programme\MyPhoneExplorer
2010-04-17 17:49 . 2010-04-17 17:49	1629	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml151.tmp
2010-04-17 17:49 . 2010-04-17 17:49	13969	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml150.tmp
2010-04-17 17:49 . 2010-04-17 17:49	9036	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml14F.tmp
2010-04-16 12:11 . 2010-04-02 10:59	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-04-16 12:11 . 2008-11-10 23:53	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2010-04-11 10:00 . 2008-12-01 18:04	1324	----a-w-	c:\windows\system32\d3d9caps.dat
2010-04-09 13:29 . 2005-07-09 03:28	--------	d-----w-	c:\programme\Gemeinsame Dateien\aol
2010-04-08 19:26 . 2008-11-11 18:59	--------	d-----w-	c:\programme\Trend Micro
2010-04-03 17:30 . 1979-12-31 22:00	1036800	----a-w-	c:\windows\explorer.exe
2010-04-03 16:03 . 2007-04-24 17:50	--------	d-----w-	c:\programme\Teamspeak2_RC2
2010-04-02 11:32 . 2008-12-01 18:24	--------	d-----w-	c:\programme\AGEIA Technologies
2010-04-02 10:59 . 2010-04-02 10:59	--------	d-----w-	c:\programme\Gemeinsame Dateien\InfoWatch
2010-03-24 12:31 . 2007-06-02 15:08	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-03-11 12:31 . 1979-12-31 22:00	832512	----a-w-	c:\windows\system32\wininet.dll
2010-03-11 12:31 . 1979-12-31 22:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 1979-12-31 22:00	17408	----a-w-	c:\windows\system32\corpol.dll
2010-03-09 11:09 . 1979-12-31 22:00	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-02-24 20:53 . 2009-12-22 21:31	152576	----a-w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-24 20:53 . 2009-12-22 21:30	79488	----a-w-	c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-24 13:11 . 1979-12-31 22:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:04 . 1979-12-31 22:00	2192256	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2004-08-03 22:50	2069120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-04-01 08:49	293376	------w-	c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 1979-12-31 22:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 12:29 . 2010-02-11 12:29	64048	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\German\setup.exe
2010-02-11 12:02 . 1979-12-31 22:00	226880	----a-w-	c:\windows\system32\drivers\tcpip6.sys
2008-03-08 17:07 . 2008-03-08 17:07	560	---h--w-	c:\programme\FLV PlayerRCATSetup.exe.manifest
2008-03-08 17:07 . 2008-03-08 17:07	558	---h--w-	c:\programme\FLV PlayerRCSetup.exe.manifest
2007-04-28 14:47 . 2007-04-28 14:47	2874926	----a-w-	c:\programme\FLV PlayerRCATSetup.exe
2007-04-28 14:47 . 2007-04-28 14:45	25990392	----a-w-	c:\programme\FLV PlayerRCSetup.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\programme\mozilla firefox\plugins\ssldivx.dll
2005-05-13 15:12 . 2005-05-13 15:12	217073	-csha-r-	c:\windows\meta4.exe
2005-10-24 09:13 . 2005-10-24 09:13	66560	-csha-r-	c:\windows\MOTA113.exe
2005-06-26 13:32 . 2005-06-26 13:32	616448	--sha-r-	c:\windows\system32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37	45568	--sha-r-	c:\windows\system32\cygz.dll
2004-01-24 22:00 . 2004-01-24 22:00	70656	--sha-r-	c:\windows\system32\i420vfw.dll
2005-02-28 11:16 . 2005-02-28 11:16	240128	--sha-r-	c:\windows\system32\x.264.exe
2004-01-24 22:00 . 2004-01-24 22:00	70656	--sha-r-	c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NVMixerTray"="c:\programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Realtime Audio Engine"="mmrtkrnl.exe" [2007-07-18 70144]
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"fssui"="c:\programme\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Rokjpq"="c:\dokumente und einstellungen\Armend\Eigene Dateien\?ystem32\??rvices.exe" [?]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Gast\Startmen\Programme\Autostart\
ResChange Aufruf.txt [2009-1-11 0]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-11-17 11:05	71216	----a-r-	c:\programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online DSL-Manager]
2005-11-01 10:31	811008	----a-w-	c:\programme\T-Online\DSL-Manager\TODslMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TODslService"=3 (0x3)
"MZCCntrl"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FLV Downloader"=c:\programme\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearShare"="c:\programme\BearShare\BearShare.exe" /pause
"BrMfcWnd"=c:\programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"Piolet"=c:\progra~1\Piolet\Piolet.exe SILENT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\ccapp.exe"= %windir%\\system32\\unst.exe
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\explorer.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonEU\\NGM\\NGM.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12154:TCP"= 12154:TCP:BitComet 12154 TCP
"12154:UDP"= 12154:UDP:BitComet 12154 UDP
"21526:TCP"= 21526:TCP:BitComet 21526 TCP
"21526:UDP"= 21526:UDP:BitComet 21526 UDP
"12415:TCP"= 12415:TCP:BitComet 12415 TCP
"12415:UDP"= 12415:UDP:BitComet 12415 UDP
"58386:TCP"= 58386:TCP:Pando Media Booster
"58386:UDP"= 58386:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [01.01.1980 16640]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [21.10.2006 11:56 33824]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [22.04.2010 14:21 135336]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20.07.2006 15:20 27219]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [23.07.2009 21:07 6528]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [03.11.2008 18:38 88704]
R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [03.11.2008 18:38 486912]
R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [03.11.2008 18:38 7680]
S0 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys --> c:\windows\system32\drivers\klmdb.sys [?]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21.12.2009 17:34 743992]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.01.2010 12:27 135664]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [29.03.2007 16:33 134912]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [01.11.2008 20:44 13352]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [10.05.2006 15:54 16896]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.05.2009 03:27 29262680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 utm3otux;AVZ Kernel Driver;c:\windows\system32\drivers\utm3otux.sys [10.04.2010 16:11 7168]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva093;XDva093;\??\c:\windows\system32\XDva093.sys --> c:\windows\system32\XDva093.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva115;XDva115;\??\c:\windows\system32\XDva115.sys --> c:\windows\system32\XDva115.sys [?]
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?]
S4 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [10.05.2006 15:54 61440]
S4 TODslService;T-Online DSL-Manager;c:\programme\T-Online\DSL-Manager\TODslSvc.exe [20.12.2007 15:12 172032]
.
Inhalt des "geplante Tasks" Ordners

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-29 10:27]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-29 10:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\dokumente und einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60441&qkw=
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programme\Sony\Media Go\npmediago.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-IndexSearch - c:\programme\ScanSoft\PaperPort\IndexSearch.exe
MSConfigStartUp-iTunesHelper - c:\programme\iTunes\iTunesHelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-03 16:11
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Zeit der Fertigstellung: 2010-05-03  16:15:04
ComboFix-quarantined-files.txt  2010-05-03 14:15

Vor Suchlauf: 24 Verzeichnis(se), 54.010.011.648 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 55.063.797.760 Bytes frei

- - End Of File - - A09D51939055D891AF2B53618BAE2162

Larusso · 03.05.2010, 16:10

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

FastCore · 03.05.2010, 16:29

Code:

ATTFilter

OTL Extras logfile created on: 03.05.2010 17:18:35 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und Einstellungen\FreshOne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 254,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 91,47 Gb Total Space | 51,31 Gb Free Space | 56,10% Space Free | Partition Type: NTFS
Drive D: | 91,89 Gb Total Space | 76,03 Gb Free Space | 82,74% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEPPL
Current User Name: FreshOne
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"12154:TCP" = 12154:TCP:*:Enabled:BitComet 12154 TCP
"12154:UDP" = 12154:UDP:*:Enabled:BitComet 12154 UDP
"21526:TCP" = 21526:TCP:*:Enabled:BitComet 21526 TCP
"21526:UDP" = 21526:UDP:*:Enabled:BitComet 21526 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"12415:TCP" = 12415:TCP:*:Enabled:BitComet 12415 TCP
"12415:UDP" = 12415:UDP:*:Enabled:BitComet 12415 UDP
"58386:TCP" = 58386:TCP:*:Enabled:Pando Media Booster
"58386:UDP" = 58386:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\ccapp.exe" = %windir%\system32\unst.exe:*:Enabled:System Process -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"%windir%\explorer.exe" = %windir%\explorer.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2464-AB8F-4D1C-B934-FD133E6B7CA2}" = Philips GoGear Digital Audio Player
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69D598A7-A9C5-4396-8C92-39465FF2C874}" = Philips SPC530NC Webcam
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E3F224-704C-4873-BA3E-0B8D3D4C59E8}" = Samsung PC Studio 3
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DE54F85C-DB65-4691-B15D-1EF9149F0FD6}" = MangaBrowser for SHONEN JUMP 40th
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"55D5CDE7F2833CC4A2AAF96249CE79DDFC71E592" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/07/2008 1.0.5.12)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Deinstallation" = AOL Deinstallation
"AOLCoach de" = AOL Coach Version 1.0(Build:20040201.2 de)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F83654168F2669A249A823C6255ACB1405E1E04E" = Windows-Treiberpaket - Philips (SPC530) Image  (05/21/2008 1.01.3.6650)
"FA64675F2B582DB559A1BE34C9F1F0208D44A7FE" = Windows-Treiberpaket - Philips USB  (05/21/2008 1.01.3.6650)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold 
"Killzone 2 Screensaver" = Killzone 2 Screensaver
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2010 05:03:05 | Computer Name = SEPPL | Source = Google Update | ID = 20
Description = 
 
Error - 24.04.2010 16:03:10 | Computer Name = SEPPL | Source = Google Update | ID = 20
Description = 
 
Error - 25.04.2010 14:58:14 | Computer Name = SEPPL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.04.2010 15:06:01 | Computer Name = SEPPL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.04.2010 15:12:28 | Computer Name = SEPPL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.04.2010 12:41:31 | Computer Name = SEPPL | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 01.05.2010 07:07:25 | Computer Name = SEPPL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.45.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.05.2010 11:01:31 | Computer Name = SEPPL | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 03.05.2010 06:03:06 | Computer Name = SEPPL | Source = Google Update | ID = 20
Description = 
 
Error - 03.05.2010 07:03:06 | Computer Name = SEPPL | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 03.05.2010 07:28:30 | Computer Name = SEPPL | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
 
Error - 03.05.2010 07:33:26 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice
 vom CryproStorage-System.
 
Error - 03.05.2010 07:33:26 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 03.05.2010 07:35:02 | Computer Name = SEPPL | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
 3. Parameter 00000000, 4. Parameter 82ef7854.
 
Error - 03.05.2010 07:58:44 | Computer Name = SEPPL | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Canon Bubble-Jet
 S400, Freigabename Drucker3.
 
Error - 03.05.2010 07:59:14 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Verwaltungsservice
 vom CryproStorage-System.
 
Error - 03.05.2010 07:59:14 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Verwaltungsservice vom CryproStorage-System" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 03.05.2010 10:02:03 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 03.05.2010 10:06:22 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 03.05.2010 10:07:10 | Computer Name = SEPPL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
 
< End of report >

FastCore · 03.05.2010, 16:34

OTL logfile created on: 03.05.2010 17:18:35 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\FreshOne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 254,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 91,47 Gb Total Space | 51,31 Gb Free Space | 56,10% Space Free | Partition Type: NTFS
Drive D: | 91,89 Gb Total Space | 76,03 Gb Free Space | 82,74% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEPPL
Current User Name: FreshOne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.05.03 17:17:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\OTL.exe
PRC - [2010.04.03 19:30:43 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007.07.18 16:52:26 | 000,070,144 | ---- | M] (AlcaTech) -- C:\WINDOWS\system32\mmrtkrnl.exe
PRC - [2007.06.19 17:17:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007.01.22 17:22:38 | 000,118,784 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2004.10.07 17:53:06 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2003.08.27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010.05.03 17:17:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FreshOne\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.10 22:59:00 | 003,654,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.08.07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.01.22 17:22:38 | 000,118,784 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005.11.15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2005.11.01 12:30:46 | 000,172,032 | ---- | M] (T-Systems International GmbH) [Disabled | Stopped] -- C:\Programme\T-Online\DSL-Manager\TODslSvc.exe -- (TODslService)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010.04.11 16:36:12 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utm3otux.sys -- (utm3otux)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.07.23 21:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.03 17:22:09 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.hs -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008.11.01 20:44:57 | 000,021,672 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008.11.01 20:44:57 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008.10.30 14:41:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.10.07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.21 15:30:28 | 000,486,912 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC530.sys -- (SPC530)
DRV - [2008.05.21 15:30:28 | 000,007,680 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC530m.sys -- (SPC530m)
DRV - [2008.05.07 12:40:04 | 000,088,704 | R--- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.18 16:52:38 | 000,094,528 | ---- | M] (AlcaTech) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2007.05.02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.29 17:33:54 | 000,134,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2007.02.15 14:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2007.01.22 17:23:20 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006.10.21 11:56:24 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.09.18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006.07.20 15:20:09 | 000,027,219 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2006.07.20 15:20:02 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2006.07.19 05:37:26 | 000,324,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2006.03.13 18:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006.03.13 18:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006.03.13 18:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006.03.13 18:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006.03.13 18:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.02.11 19:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2005.02.11 19:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005.01.15 22:57:40 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2004.11.15 23:44:42 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004.11.15 23:44:38 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.10.15 05:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004.09.10 20:02:12 | 000,412,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004.09.10 19:58:52 | 000,052,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004.03.01 17:03:34 | 000,016,896 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2003.01.10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000.10.15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\DSL-Manager\Pcandis5.sys -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60441&qkw="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.16 11:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.31 10:58:17 | 000,000,000 | ---D | M]

[2008.11.17 22:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Extensions
[2010.05.03 15:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\extensions
[2009.09.03 16:12:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 11:43:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\FreshOne\Anwendungsdaten\Mozilla\Firefox\Profiles\i39la197.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.03 15:59:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.09.07 13:13:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.11.11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll
[2006.09.20 03:13:22 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2009.02.15 21:46:41 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009.10.30 13:50:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.10.30 13:50:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.10.30 13:50:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.10.30 13:50:38 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.10.30 13:50:38 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.24 11:03:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fssui] C:\Programme\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\WINDOWS\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\FreshOne\Startmenü\Programme\Autostart\Ubisoft register.lnk = C:\Programme\Ubisoft\Register\schedule.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (DivXBrowserPlugin Object)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} hxxp://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} hxxp://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\FreshOne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\FreshOne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.01.15 22:52:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005.01.15 22:43:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

Your Protection immer noch da?

Plagegeister aller Art und deren Bekämpfung: Your Protection immer noch da?