Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AntivirusSoft nun komplett entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2010, 17:43   #1
grafeko
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Hallo!

Ich habe mir AntivirusSoft eingefangen und nach der Anleitung die ich hier gefunden habe entfernt. Da aber das System nach Beschreibung nicht ganz sauber sein könnte hier die Logfiles von Malwarebytes und RSIT. Bei dem CCleaner weiß ich nicht wie ich die Datein posten soll.

Da ich davon keine Ahung habe bitte ich euch da mal einen Blick drauf zu werfen ob nun alles wieder ok ist oder ob ich noch etwas machen muss...

Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4038

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26.04.2010 10:56:00
mbam-log-2010-04-26 (10-56-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 114302
Laufzeit: 9 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hybwmuct (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\MaxMustermann\AppData\Local\vemlhymft\ngqrtdftssd.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
C:\Users\MaxMustermann\AppData\Local\Temp\oCgL.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.


RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by MaxMustermann at 2010-04-26 11:31:10
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 11 GB (7%) free of 153 GB
Total RAM: 2045 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2009-11-25 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2009-11-25 815104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-06 90191]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-06 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2082-02-15 4317184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1985-01-01 815104]
"CHotkey"=C:\Windows\mHotkey.exe [2005-12-15 547840]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2008-07-22 357376]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-11 198160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Program Files\avmwlanstick\FRITZWLANMini.exe [2007-02-02 283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyAway]
C:\Users\MaxMustermann\AppData\Local\Temp\ARCA38E\FlyAway.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Logitech Vid\Vid.exe [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showwnd]
C:\Windows\showwnd.exe [2003-09-18 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-11 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Status Monitor.lnk]
C:\PROGRA~1\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk]
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-28 327680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b0603f-cf91-11de-8dc1-001167000000}]
shell\AutoRun\command - E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}]
shell\AutoRun\command - G:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-26 11:31:11 ----D---- C:\Program Files\trend micro
2010-04-26 11:31:10 ----D---- C:\rsit
2010-04-26 11:11:26 ----D---- C:\Program Files\CCleaner
2010-04-26 10:42:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-26 10:09:50 ----D---- C:\Users\MaxMustermann\AppData\Roaming\Malwarebytes
2010-04-26 10:09:26 ----D---- C:\ProgramData\Malwarebytes
2010-04-22 18:32:17 ----D---- C:\Windows\Governor of Poker
2010-04-22 18:32:17 ----D---- C:\Program Files\Governor of Poker
2010-04-20 08:15:54 ----SHD---- C:\Config.Msi
2010-04-19 21:36:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-19 21:36:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-19 21:36:26 ----A---- C:\Windows\system32\vbscript.dll
2010-04-19 21:35:16 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 07:50:32 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 07:50:27 ----A---- C:\Windows\system32\cabview.dll
2010-04-07 00:35:19 ----D---- C:\Users\Philip\AppData\Roaming\SunODFPluginforMicrosoftOffice
2010-04-07 00:11:05 ----D---- C:\Program Files\Sun
2010-03-31 08:23:44 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 08:23:42 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 08:23:41 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 08:23:40 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 08:23:40 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 08:23:40 ----A---- C:\Windows\system32\occache.dll
2010-03-31 08:23:40 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 08:23:40 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 08:23:39 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 08:23:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 08:23:39 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 08:23:39 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 08:23:39 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 08:23:39 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 08:23:39 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 08:23:38 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 08:23:38 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 08:23:38 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 08:23:38 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2085-12-23 04:42:24 ----R---- C:\Windows\RtlExUpd.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\Uci32112.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\SRSWOW.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\SRSTSXT.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\RtkPgExt.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\RtkCoInst.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\RtkAPO.dll
2082-02-15 08:30:56 ----A---- C:\Windows\system32\mdmxsdk.dll
2082-02-15 08:30:56 ----A---- C:\Windows\RtlUpd.exe
2082-02-15 08:30:56 ----A---- C:\Windows\RtHDVCpl.exe
2010-04-26 11:31:11 ----RD---- C:\Program Files
2010-04-26 11:31:11 ----D---- C:\Windows\Prefetch
2010-04-26 11:31:09 ----D---- C:\Windows\Temp
2010-04-26 11:24:43 ----D---- C:\Windows\Minidump
2010-04-26 11:24:43 ----D---- C:\Windows\Debug
2010-04-26 11:24:43 ----D---- C:\Windows
2010-04-26 11:08:57 ----D---- C:\Program Files\Trillian
2010-04-26 11:08:47 ----D---- C:\Users\MaxMustermann\AppData\Roaming\Skype
2010-04-26 11:06:01 ----D---- C:\Users\MaxMustermann\AppData\Roaming\skypePM
2010-04-26 11:01:32 ----D---- C:\Windows\system32\drivers
2010-04-26 11:01:32 ----D---- C:\Windows\Microsoft.NET
2010-04-26 10:38:46 ----SHD---- C:\System Volume Information
2010-04-26 10:09:26 ----HD---- C:\ProgramData
2010-04-24 23:35:46 ----D---- C:\Users\MaxMustermann\AppData\Roaming\vlc
2010-04-23 12:06:28 ----D---- C:\Program Files\ElcomSoft
2010-04-20 08:17:20 ----SHD---- C:\Windows\Installer
2010-04-20 08:15:33 ----D---- C:\Windows\System32
2010-04-20 03:35:18 ----D---- C:\Windows\winsxs
2010-04-20 03:25:09 ----D---- C:\Windows\system32\catroot
2010-04-20 03:24:19 ----D---- C:\Windows\system32\catroot2
2010-04-20 03:20:45 ----D---- C:\Program Files\Windows Mail
2010-04-20 00:27:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-20 00:27:39 ----D---- C:\Windows\inf
2010-04-07 00:12:34 ----RSD---- C:\Windows\assembly
2010-04-06 13:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-02 10:02:30 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 06:26:34 ----D---- C:\Program Files\Internet Explorer
2010-04-01 06:26:33 ----D---- C:\Windows\system32\migration
2010-03-29 12:33:30 ----D---- C:\Users\MaxMustermann\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 irda;IrDA-Protokoll; C:\Windows\system32\DRIVERS\irda.sys [2008-01-20 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2082-02-15 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2082-02-15 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2006-02-24 19200]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2006-11-22 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2006-11-22 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2006-11-22 18320]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2082-02-15 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2082-02-15 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2082-02-15 1668456]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
R3 LVUVC;Logitech Webcam 250(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS [2010-02-16 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS [2010-02-16 1324720]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2082-02-15 1786880]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-20 30720]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-06 4456320]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-01 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [1985-01-01 179256]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [1985-01-01 290304]
R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2006-11-22 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2006-11-22 44304]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2082-02-15 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 aokjlccx;aokjlccx; C:\Windows\system32\drivers\aokjlccx.sys []
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2006-12-28 33936]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [2082-02-15 6909]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AppMgmt;Anwendungsverwaltung; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 Irmon;Infrarotüberwachungsdienst; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
S2 gupdate1c98e4a399e56fd;Google Update Service (gupdate1c98e4a399e56fd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 CscService;Offlinedateien; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 Fax;Fax; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 FontCache;Windows-Dienst für Schriftartencache; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UmRdpService;Anschlussumleitung für Terminaldienst im Benutzermodus; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;Blockebenen-Sicherungsmodul; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S3 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2082-02-15 386560]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-16 66872]
S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-02-16 107832]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 vvdsvc;VJVodServices; C:\Windows\System32\svchost.exe [2008-01-20 21504]

-----------------EOF-----------------



Vielen Dank für die Hilfe die Anleitung war echt super und hat super funktioniert!

Alt 26.04.2010, 22:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Hallo und

Mach bitte einen Vollscan mit Malwarebytes und poste das Log. Danach bitte OTL anwenden:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 27.04.2010, 01:37   #3
grafeko
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Hier der Log von Malwarebytes:


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4038

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26.04.2010 19:34:42
mbam-log-2010-04-26 (19-34-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Durchsuchte Objekte: 275802
Laufzeit: 1 Stunde(n), 56 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\MaxMustermann\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.


OTL wird gleich gestartet...
__________________

Alt 27.04.2010, 02:57   #4
grafeko
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Hier die OTL Log:

OTL logfile created on: 26.04.2010 20:06:41 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\MaxMustermann\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,66 Gb Free Space | 7,15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967,20 Mb Total Space | 318,28 Mb Free Space | 32,91% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MaxMustermann-LAPTOP
Current User Name: MaxMustermann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Users\MaxMustermann\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\mHotkey.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\MaxMustermann\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (vvdsvc) -- C:\Windows\System32\Nagasoft\vjocx.dll (南京纳加软件有限公司)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100329.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100329.002\NAVENG.SYS (Symantec Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech Webcam 250(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfo.sys ()
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BT) -- C:\Windows\System32\drivers\BtNetDrv.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: support@burn4free-toolbar.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.04.05 15:50:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.22 14:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.20 08:16:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.22 08:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.20 08:16:33 | 000,000,000 | ---D | M]

[2009.02.13 20:41:55 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Extensions
[2010.04.25 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions
[2009.06.24 16:33:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.15 20:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
[2010.04.20 00:44:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.15 20:58:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.19 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\firefox@tvunetworks.com
[2010.04.25 23:40:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.04.16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
[2010.03.23 09:20:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.23 09:20:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 09:20:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.23 09:20:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.23 09:20:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.88.1.4 134.88.1.5
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.26 11:31:11 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.26 11:31:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.26 11:11:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.26 10:42:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.26 10:42:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 10:42:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.26 10:09:50 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Roaming\Malwarebytes
[2010.04.26 10:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.25 12:13:09 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Local\vemlhymft
[2010.04.22 18:32:17 | 000,000,000 | ---D | C] -- C:\Windows\Governor of Poker
[2010.04.22 18:32:17 | 000,000,000 | ---D | C] -- C:\Programme\Governor of Poker
[2010.04.20 08:15:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.19 21:36:35 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.19 21:36:34 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.19 21:36:26 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.19 21:35:26 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.19 21:35:26 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.07 00:35:19 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Roaming\SunODFPluginforMicrosoftOffice
[2010.04.07 00:11:05 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2010.04.07 00:09:04 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\Sun ODF Plugin for Microsoft Office 3.2 (en-US) Installation Files
[2010.04.04 09:31:38 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\Trip
[2010.03.31 08:23:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 08:23:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 08:23:39 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 08:23:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 08:23:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 08:23:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 08:23:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 08:23:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 08:23:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 08:23:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 08:23:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 08:23:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 08:23:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 08:23:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 08:23:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[1 C:\Users\MaxMustermann\*.tmp files -> C:\Users\MaxMustermann\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2085.12.23 04:42:24 | 000,499,712 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2082.02.15 08:30:56 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2082.02.15 08:30:56 | 001,814,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2082.02.15 08:30:56 | 001,786,880 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys
[2082.02.15 08:30:56 | 001,668,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2082.02.15 08:30:56 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2082.02.15 08:30:56 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys
[2082.02.15 08:30:56 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys
[2082.02.15 08:30:56 | 000,532,480 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2082.02.15 08:30:56 | 000,489,472 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2082.02.15 08:30:56 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2082.02.15 08:30:56 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys
[2082.02.15 08:30:56 | 000,159,744 | ---- | M] (Conexant Systems, Inc) -- C:\Windows\System32\Uci32112.dll
[2082.02.15 08:30:56 | 000,144,201 | ---- | M] () -- C:\Windows\System32\drivers\HSFProf.cty
[2082.02.15 08:30:56 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2082.02.15 08:30:56 | 000,094,208 | ---- | M] (Conexant) -- C:\Windows\System32\mdmxsdk.dll
[2082.02.15 08:30:56 | 000,017,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2082.02.15 08:30:56 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys
[2082.02.15 08:30:56 | 000,006,909 | R--- | M] (Conexant Systems, Inc) -- C:\Windows\System32\drivers\UIUSYS.SYS
[2010.04.26 20:08:31 | 003,407,872 | -HS- | M] () -- C:\Users\MaxMustermann\NTUSER.DAT
[2010.04.26 20:00:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.26 19:54:43 | 000,013,072 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Roaming\nvModes.dat
[2010.04.26 19:54:43 | 000,013,072 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Roaming\nvModes.001
[2010.04.26 19:53:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.26 19:45:25 | 000,524,288 | -HS- | M] () -- C:\Users\MaxMustermann\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010.04.26 19:45:25 | 000,065,536 | -HS- | M] () -- C:\Users\MaxMustermann\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.04.26 19:44:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.26 19:44:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.26 19:44:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.26 19:44:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.26 19:44:13 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.26 19:43:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010.04.26 19:41:40 | 003,691,379 | -H-- | M] () -- C:\Users\MaxMustermann\AppData\Local\IconCache.db
[2010.04.26 12:05:46 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job
[2010.04.26 11:30:34 | 000,781,909 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\RSIT.exe
[2010.04.26 11:27:15 | 000,000,300 | ---- | M] () -- C:\Users\PMaxMustermann\Documents\cc_20100426_112712.reg
[2010.04.26 11:27:08 | 000,000,082 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112707.reg
[2010.04.26 11:26:55 | 000,001,164 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112652.reg
[2010.04.26 11:26:35 | 000,092,000 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112609.reg
[2010.04.26 11:11:28 | 000,001,670 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\CCleaner.lnk
[2010.04.25 22:52:57 | 000,024,576 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\songtext.doc
[2010.04.24 23:35:29 | 000,142,336 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.24 15:07:33 | 019,820,002 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Transit & Man Overboard - 2009 - Split 7'.rar
[2010.04.21 17:14:07 | 000,029,696 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\20100421_Anschreiben_Maximilian Preuß.doc
[2010.04.20 13:50:25 | 000,000,127 | ---- | M] () -- C:\Users\MaxMustermann\webct_upload_applet.properties
[2010.04.20 08:16:34 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.20 00:27:40 | 001,550,322 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.20 00:27:40 | 000,667,782 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.20 00:27:40 | 000,628,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.20 00:27:40 | 000,143,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.20 00:27:40 | 000,117,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.12 23:20:11 | 000,300,032 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Reise zu Martin.doc
[2010.04.10 12:09:33 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.03 16:41:06 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.29 13:30:46 | 002,359,350 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\prag.bmp
[2010.03.29 11:41:01 | 000,041,472 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Lebenslauf_Maximilian Preuß überarbeitet.doc
[2010.03.29 11:35:49 | 000,030,208 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Anschreiben_Maximilian Preuß überarbeitet.doc
[1 C:\Users\MaxMustermann\*.tmp files -> C:\Users\MaxMustermann\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.26 11:31:02 | 000,781,909 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\RSIT.exe
[2010.04.26 11:27:13 | 000,000,300 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112712.reg
[2010.04.26 11:27:08 | 000,000,082 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112707.reg
[2010.04.26 11:26:53 | 000,001,164 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112652.reg
[2010.04.26 11:26:16 | 000,092,000 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100426_112609.reg
[2010.04.26 11:11:28 | 000,001,670 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\CCleaner.lnk
[2010.04.25 22:52:57 | 000,024,576 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\songtext.doc
[2010.04.24 15:07:19 | 019,820,002 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Transit & Man Overboard - 2009 - Split 7'.rar
[2010.04.21 17:13:55 | 000,029,696 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\20100421_Anschreiben_Maximilian Preuß.doc
[2010.04.12 23:20:10 | 000,300,032 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Reise zu Martin.doc
[2010.04.10 12:09:33 | 000,002,073 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Google Earth.lnk
[2010.04.08 10:22:40 | 000,000,127 | ---- | C] () -- C:\Users\MaxMustermann\webct_upload_applet.properties
[2010.03.29 13:29:35 | 002,359,350 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\prag.bmp
[2010.03.29 11:41:00 | 000,041,472 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Lebenslauf_M P überarbeitet.doc
[2010.03.29 11:35:49 | 000,030,208 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Anschreiben_M P überarbeitet.doc
[2010.02.20 13:41:07 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.11.02 21:53:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.10 22:10:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.29 16:45:06 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.08.20 11:51:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.20 11:51:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.07.23 03:58:20 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.06.20 08:17:33 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009.06.20 08:12:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.06.13 07:10:50 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2009.05.05 07:52:38 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2009.05.05 07:52:36 | 000,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI
[2009.04.02 19:10:15 | 000,000,389 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.17 09:28:13 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2009.02.16 13:52:45 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.15 18:40:17 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.02.13 22:48:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.13 13:57:45 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2009.02.13 13:57:45 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2009.02.13 13:57:45 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll
[2009.02.13 13:54:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.12 18:20:06 | 000,151,417 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.05.15 14:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.14 10:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.14 10:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.14 10:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.14 10:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.14 10:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.14 10:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.14 10:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.14 10:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.14 10:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.29 16:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

Alt 27.04.2010, 02:58   #5
grafeko
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



OTL Extras logfile created on: 26.04.2010 20:06:41 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\MaxMustermann\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,66 Gb Free Space | 7,15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967,20 Mb Total Space | 318,28 Mb Free Space | 32,91% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MaxMustermann-LAPTOP
Current User Name: MaxMustermann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F22726A-484B-4A4B-9258-51520BAB7EF6}" = rport=139 | protocol=6 | dir=out | app=system |
"{49902F38-39B3-4A78-A31D-7D76441451EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E178C3E-AC14-4952-BDB2-85606297B611}" = rport=137 | protocol=17 | dir=out | app=system |
"{740EAC45-F484-4430-B14A-8B435E72D101}" = rport=138 | protocol=17 | dir=out | app=system |
"{99F95496-446C-4082-ACFC-74F18EC03226}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC7F7B1D-390D-43B4-99A0-9D7EDC1462E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6F92363-403B-4C16-84AC-D69EF9F6A9DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCE7947B-2925-486A-AE4C-E6A1C5C634E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5CF8A38-F3E1-4760-A241-2DAEE49C11EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5B1A0BA-99E2-4AAA-BB0E-9B027443EEE4}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EA8BE2-8CB1-4F78-90DF-1683BDABBFCD}" = protocol=17 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{03EA90DE-CE53-4DD7-87CE-862FFD059D17}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{04DDEA50-DD47-47C0-BE9E-D1A0E7A5316B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C17730D-4EF1-4F9F-BD70-EA5A03046725}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F8E77B3-5CD8-4D07-AB2B-DF530499369E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{16212E48-05AA-45AA-BC21-54CFE6325FBD}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{196C3466-66D6-4B44-8853-5E0EB2997622}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D0A0791-0F7B-4B2B-B9C4-93FD4E851ED3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{261E3391-B91A-4750-A2A4-C242DFDB43B9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{2AF0E11C-8BD1-4F99-B616-39FE8F9CF0DC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2F2DA772-6F05-4BDA-BF50-9F9C79F16AF7}" = protocol=6 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{3502D2EE-A65C-4C83-90F8-28F9090F683D}" = protocol=17 | dir=in | app=e:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{37D727CF-1707-40EA-929D-27868BC8C1EA}" = protocol=6 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{3CCF004E-E991-42CA-B6AD-A9FF5489CE1C}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{410ACD87-8ACC-4920-B450-499E415F18ED}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{433815A3-32A5-4F55-B3C4-CF563F969F5C}" = protocol=6 | dir=in | app=e:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{4610D013-D514-431F-9FC1-A909762E1652}" = protocol=6 | dir=in | app=c:\users\MaxMustermann\desktop\treiber vista\03bluetooth\bluesoleil.exe |
"{47EB37B2-9866-428F-87D8-C0931CB1CDB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{4889E2F8-4A29-4A86-8EA0-C9BFEE839C03}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{49B95979-141E-4436-9782-49BF127B237D}" = protocol=6 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{546B0B54-85CC-4CAB-B477-0CA742A74653}" = protocol=17 | dir=in | app=c:\users\MaxMustermann\desktop\treiber vista\03bluetooth\bluesoleil.exe |
"{578F196F-771D-44AD-8912-8CB4E31555C4}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{65E2389F-CFE1-415D-BDCD-2F5F64BB77AE}" = protocol=17 | dir=in | app=e:\program files\sierra\fear\fear.exe |
"{70404507-42A8-483B-87CA-663E3471CA4F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{77A304C7-BC8C-4E2E-91D0-6FEE195A5D6D}" = protocol=17 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{7F1AF9F1-2E14-4475-AF1D-6AA176B52475}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{8130C9E9-6B28-4525-8B4C-C63E74379693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{92B5E71F-A29C-4D45-9F61-F930FBF87F04}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{941DCA47-8B1E-46B4-87DD-83235BE614F3}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{94C5043D-8821-4704-8AC9-E4FB2AC277BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E7EC9EF-DB48-4791-8AEC-FD774741FC77}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{9FB30BB5-F150-43F1-828F-244074A4E561}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2E1896C-2382-495D-A506-04D39542E929}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C615C37F-8180-426C-B50C-69328DC7AAF1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{C7D01CCB-590C-4E76-98FD-7E047AEE09BD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CA61B10D-D944-4753-8D68-271E380D9FDD}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{CB4B7473-3ADE-408D-BF0C-C626C05AEC7D}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{CDA0B96F-4A0E-4993-ABAC-FC794BB5E5B7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CF2C6583-5D9E-4A83-B318-7BB20B3686FB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CF5801FC-E761-4E00-B72B-83033198903C}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{D1EA8466-AA5D-415A-8921-CFA4D625397B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D81FF843-2D88-4981-8F27-0A5481FB9527}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{DBCC6A5B-2500-41F8-A920-EFAE5C6DAAD1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{E2B01B96-BC21-493F-9EA7-F2845ADFED39}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{E5E77079-AC2A-4134-89D3-9871246F7C8D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EB5CF598-E3D9-4CDB-BF16-98669A929427}" = protocol=6 | dir=in | app=e:\program files\sierra\fear\fear.exe |
"{F06BC9FF-5D40-4311-9C7D-F3B912497B27}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1B74A97-2BB2-4A2A-AD13-884BC7A8C038}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F222FD03-C6AC-4600-8193-57BDF8FC9E84}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{F2E09DC6-FC6D-426F-BD17-9D6874FE9E3E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F37B56D0-ADF0-400F-9E3A-7B34C1617939}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{F78A5C07-CBB4-47C9-92AE-B58A40233C60}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F9422CBC-569B-4F1A-BFA3-039EE906C2B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FCA7A458-0460-4A2F-9CF8-11AA6A83A20C}" = protocol=17 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{FF48185F-9AD5-4D95-9EE2-1CBBFC89BF00}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"TCP Query User{2D179BBD-2B29-4385-8B4B-BEF48741137E}E:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"TCP Query User{3365311F-865A-4385-ACF4-B74764ADEBF9}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{47ED15B6-FA71-4CB2-8F2B-C9A1CC576329}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4CB3F23F-BA12-415F-B224-256B34EFC3B8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4E206B53-1A5F-4EE8-A150-7FCC5264D36E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{63CF61F2-292A-4245-B528-1AFD16448FCA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{66C46E6C-0C9E-4FAE-831B-7608A13CE6F4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{69321B8A-8138-4782-8D04-9005E967BB2A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{73500EA5-9973-422F-907D-9D90AA44714D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{736D7AC1-5CB4-4E09-BEE4-ECBBA820D6B8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{7CC3BBFD-9BBA-42CE-8A97-E37D7279CDA1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{865F9A29-6772-4F99-A191-BD4DA971438A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{88219CC4-B53D-41C8-9BA8-2F54384B8AF7}C:\program files\mytunes redux\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files\mytunes redux\mdnsresponder.exe |
"TCP Query User{9242A77A-F79C-4E24-B505-989FE60C64A9}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9D56EDDC-FFF4-4657-87A0-F762E13BD35D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B21253F2-0742-4B4B-B7F3-BB836979D875}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{B5CAE42B-F20A-4B48-A8AE-A9F029578854}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{FB423E92-FAE6-4D3D-A3CC-DBD0509626BD}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{FB5D3BB3-FD74-426E-8161-7E3BA461C0BD}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{11E21A06-FEAC-4625-A85C-540FC763F344}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1E330617-18DC-4434-B9F2-2B737D40D84E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{275911B3-7E30-45DF-B4C5-A13E44780B34}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{38799B66-420D-47E2-A8C0-017FDDDC7876}E:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"UDP Query User{44B98803-12DC-4EC7-8543-D00496B02D53}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{5DD20AF8-71C5-436F-BDCA-44907A6D05AE}C:\program files\mytunes redux\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files\mytunes redux\mdnsresponder.exe |
"UDP Query User{5FA8F20F-5AB9-4274-B7EB-6078DD2A0EF7}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{699764EA-0DEC-4BF6-A3B6-38F983BDD873}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6F09A7CB-880F-4327-9527-556234AC16AA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{81C7A81A-31CC-423D-A43D-1B152FD7B935}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{84EFEE83-89BB-496B-A51E-1A7F63775ABC}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8AA0E2D7-9715-4814-9008-A3E6CE98412E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8ADABF8E-AADD-41E0-8416-5D05845D8444}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9DE068F8-5CAA-4AB4-8026-08BB91F78497}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9FD4CD04-5CD6-47A8-BAD8-40DB400880FF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A5D2210C-2AE5-48E9-9C92-47BB3F83D089}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{CC891B87-694B-4A5C-BA57-C2060EB4AED9}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DBB50151-63C0-4FE3-98BD-3399CE291F56}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F0A97609-3526-47A6-861F-B892334CA509}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.204.00
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5de3ab6c-60a6-4ca1-9593-3781164fe188}" = Nero 9 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{785F267D-DC33-4404-83ED-7B0CD5E63474}" = Bluesoleil3.1.0.2 Release 070119
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F385F486-C1BC-4350-8837-6F17761134B5}" = Multimedia Keyboard Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel (NETw2v32) net (11/01/2006 9.1.0.111)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"AIM_6" = AIM 6
"AnyDVD" = AnyDVD
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"C805F03D733C5C658A973935646FBB5296D72B14" = Windows Driver Package - Intel (NETw3v32) net (10/30/2006 10.6.0.29)
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Governor of Poker1.0" = Governor of Poker
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4380
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"myTunes Redux_is1" = myTunes Redux 1.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Open Video Converter_is1" = Open Video Converter version 3.3
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"S.A.D. - FreeMusic_is1" = S.A.D. - FreeMusic
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"ShotOnline" = ShotOnline
"Smart PC Professional_is1" = Smart PC Professional v5.4
"SopCast" = SopCast 3.0.3
"SPVOD Player1.8" = SPVOD Player1.8
"ST5UNST #2" = Kaminfeuer Titanium Edition II
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.6.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VueScan" = VueScan
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.04.2010 10:41:11 | Computer Name = MaxMustermann-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 26.04.2010 11:02:54 | Computer Name = MaxMustermann-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.04.2010 11:02:54 | Computer Name = MaxMustermann-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.04.2010 11:03:10 | Computer Name = MaxMustermann-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 26.04.2010 11:03:10 | Computer Name = MaxMustermann-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 26.04.2010 11:03:23 | Computer Name = MaxMustermann-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 26.04.2010 12:35:40 | Computer Name = MaxMustermann-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0ce9, Prozess-ID 0x21c, Anwendungsstartzeit
01cae55cef156b02.

Error - 26.04.2010 19:45:15 | Computer Name = MaxMustermann-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.04.2010 19:45:15 | Computer Name = MaxMustermann-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.04.2010 19:45:29 | Computer Name = MaxMustermann-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 20.04.2010 08:16:10 | Computer Name = MaxMustermann-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 20.04.2010 19:36:04 | Computer Name = MaxMustermann-Laptop | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0019D28B5A5F zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 20.04.2010 19:36:40 | Computer Name = MaxMustermann-Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F0D8F90A-84EF-4CE8-B924-8076C80D6C64} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 20.04.2010 19:36:42 | Computer Name = MaxMustermann-Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F0D8F90A-84EF-4CE8-B924-8076C80D6C64} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 20.04.2010 19:36:46 | Computer Name = MaxMustermann-Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F0D8F90A-84EF-4CE8-B924-8076C80D6C64} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 20.04.2010 19:36:49 | Computer Name = MaxMustermann-Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F0D8F90A-84EF-4CE8-B924-8076C80D6C64} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 20.04.2010 19:36:53 | Computer Name = MaxMustermann-Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F0D8F90A-84EF-4CE8-B924-8076C80D6C64} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 23.04.2010 08:09:05 | Computer Name = MaxMustermann-Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 25.04.2010 10:33:54 | Computer Name = MaxMustermann-Laptop | Source = Service Control Manager | ID = 7031
Description =

Error - 26.04.2010 11:06:01 | Computer Name = MaxMustermann-Laptop | Source = Service Control Manager | ID = 7011
Description =


< End of report >



Danke für die Hilfe!


Alt 27.04.2010, 09:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Das Log sieht ok aus. Rechner wieder soweit ok?
__________________
--> AntivirusSoft nun komplett entfernt?

Alt 27.04.2010, 14:15   #7
grafeko
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Ja läuft wieder ganz normal. Danke!

Alt 27.04.2010, 14:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntivirusSoft nun komplett entfernt? - Standard

AntivirusSoft nun komplett entfernt?



Gut, dann prüf mal Deine Updates:


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu AntivirusSoft nun komplett entfernt?
32 bit, antivir guard, autorun, avg, avgnt, avgntflt.sys, avira, avsuite, bonjour, browser, defender, desktop, device driver, download, entfernt?, eraser, error, explorer, fontcache, generic, gerätetreiber, gupdate, hdaudio.sys, helper, local\temp, lws.exe, mozilla, notepad.exe, nvlddmkm.sys, pdf, port, programdata, realtek, registry, rogue.antispywaresoft, skype.exe, software, start menu, stick, super, svchost.exe, symantec, system, temp, trojan.fraudpack, usbvideo.sys, vista 32, vista 32 bit, wscript.exe



Ähnliche Themen: AntivirusSoft nun komplett entfernt?


  1. Adserverplus komplett entfernt?
    Log-Analyse und Auswertung - 09.08.2013 (9)
  2. Delta Search komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (16)
  3. GVU Trojaner nach Systemwiederherstellung komplett entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (8)
  4. Delta-Search komplett entfernt?
    Log-Analyse und Auswertung - 21.02.2013 (2)
  5. my start by incredibar komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (5)
  6. Security Shield - komplett entfernt?
    Log-Analyse und Auswertung - 09.07.2012 (13)
  7. Gema Trojaner komplett entfernt? Was nun tun?
    Log-Analyse und Auswertung - 10.06.2012 (1)
  8. Bundespolizeitrojaner komplett entfernt?
    Log-Analyse und Auswertung - 22.11.2011 (5)
  9. Virus cleansweep.exe nicht komplett entfernt?
    Log-Analyse und Auswertung - 13.12.2010 (24)
  10. ThinkPoint komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (18)
  11. Antimalware Doctor Trojaner komplett entfernt?
    Log-Analyse und Auswertung - 30.04.2010 (1)
  12. Security Tool komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 13.04.2010 (23)
  13. wie entfernt man Sinowal.J komplett ???
    Plagegeister aller Art und deren Bekämpfung - 04.05.2009 (3)
  14. Virtumonde komplett entfernt?
    Log-Analyse und Auswertung - 24.10.2008 (10)
  15. vundo h trojaner komplett entfernt?
    Mülltonne - 28.08.2008 (1)
  16. vundo komplett entfernt?
    Log-Analyse und Auswertung - 16.05.2008 (7)
  17. Security Toolbar komplett entfernt?
    Log-Analyse und Auswertung - 03.12.2007 (0)

Zum Thema AntivirusSoft nun komplett entfernt? - Hallo! Ich habe mir AntivirusSoft eingefangen und nach der Anleitung die ich hier gefunden habe entfernt. Da aber das System nach Beschreibung nicht ganz sauber sein könnte hier die Logfiles - AntivirusSoft nun komplett entfernt?...
Archiv
Du betrachtest: AntivirusSoft nun komplett entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.