Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.05.2010, 11:32   #1
Steirerbluat
 
Trojaner? Auswertung Malewarebytes-Report erbeten!  Bin ich nun sauber? - Standard

Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?



Hallo ihr lieben! Das ist mein erster Beitrag. Hab versucht, mich genau an die Forumsregeln zu halten, und alles dementsprechend darzulegen. Hab natürlich zuerst versucht zu googeln, und bin dadurch auch auf diese anscheinend sehr hilfreiche Board gestoßen; Back to the basic: Folgendes Problem: Seit einigen Tagen rennt mein System nicht mehr rund; Dieses "Security Essentials 2010" Scheint sich bei mir eingenistet zu haben; Ich bin absoluter Neuling, was Sachen wie Viren und Trojaner angeht, darum bitte nicht übel nehmen, wenn da vielleicht noch dumme Fragen kommen; Also wie gesagt habe ich dann letztendlich, wie in einem Beitrag hier beschrieben diverse Programme drüber laufen lassen (CCleaner, Malewarebytes, RSIT und SpyHunter) Wiefolgt poste ich nun den Report, zumindest vom "Malewarebytes" und "RSIT"; Habe ich das bisher richtig gemacht? Herzlichen Dank im Voraus...

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4116

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

19.05.2010 11:53:36
mbam-log-2010-05-19 (11-53-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128066
Laufzeit: 15 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 29
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 10
Infizierte Verzeichnisse: 8
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAV) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\digital-supply.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\digital-supply.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAV) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ksxmu.sys (Rootkit.Agent) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Startmenü\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\wwwzuc32.exe (Trojan.Downloader) -> Delete on reboot.




Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by *** at 2010-05-19 12:18:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (12%) free of 47 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:38, on 19.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Polar\Daemon\polard.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Polar\WebSync\WebSync.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Dokumente und Einstellungen\Oswald\Desktop\RSIT.exe
C:\Programme\trend micro\Oswald.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Programme\SGPSA\SearchAssistant.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programme\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=hxxp://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCS] "C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Polar WebSync.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182619539890
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Polar Daemon - Unknown owner - C:\Programme\Polar\Daemon\polard.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 12857 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Oswald.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\Reimage Reminder.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}]
BrowserHelper Class - C:\Programme\SGPSA\SearchAssistant.dll [2009-10-15 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-07 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-03-07 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-03-07 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-07 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-08 7561216]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Photo Downloader"=C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-11-10 406016]
"Pinnacle WebUpdater"=C:\Programme\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe [2006-03-26 380928]
"Lexmark 2200 Series"=C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"ISUSPM"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]
"XboxStat"=c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"VAIOCameraUtility"=C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe [2006-11-14 411768]
"QuickTime Task"=C:\Programme\QuickTime Alternative\qttask.exe [2009-05-26 413696]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SpyHunter Security Suite"=C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe [2010-04-08 3021208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"MsnMsgr"=C:\Programme\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"PMCS"=C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2006-04-27 65536]
"ccleaner"=C:\Programme\CCleaner\CCleaner.exe [2008-02-20 816368]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Bluetooth Manager.lnk - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Polar WebSync.lnk - C:\WINDOWS\Installer\{D4B75A5A-2BA2-4761-BC27-9EA30FA5B483}\WebSync.exe2_4B58E052B1C94BE0AC42D7A472F5A651.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\eMule\emule.exe"="C:\Programme\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Pinnacle\MediaCenter\PMC.exe"="C:\Programme\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Programme\Pinnacle\MediaCenter\PSST.exe"="C:\Programme\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\Programme\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Programme\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Programme\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe"="C:\Programme\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\Programme\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Programme\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\Reallusion\CrazyTalk for Skype\CT4Skype.exe"="C:\Programme\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Programme\A1\A1 Installer\A1_broadband_Installer.exe"="C:\Programme\A1\A1 Installer\A1_broadband_Installer.exe:*:Enabled:Installer"
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
"C:\Programme\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe"="C:\Programme\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
"C:\Programme\A1\A1 Installer\A1_mobile_Installer.exe"="C:\Programme\A1\A1 Installer\A1_mobile_Installer.exe:*:Enabled:A1 Breitband Unlimited Installer"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe"="C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33c39612-cbd3-11de-aafe-0019d219ebab}]
shell\AutoRun\command - G:\WDSetup.exe


======List of files/folders created in the last 1 months======

2010-05-19 12:18:29 ----D---- C:\rsit
2010-05-19 12:18:29 ----D---- C:\Programme\trend micro
2010-05-19 10:21:00 ----D---- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Malwarebytes
2010-05-19 10:20:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-19 10:20:42 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-05-19 10:15:11 ----A---- C:\WINDOWS\reimage.ini
2010-05-19 10:13:39 ----D---- C:\rei
2010-05-19 10:13:27 ----D---- C:\Programme\Reimage
2010-05-18 19:15:15 ----D---- C:\sh4ldr
2010-05-18 19:15:15 ----D---- C:\Programme\Enigma Software Group
2010-05-18 18:52:25 ----D---- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Avira
2010-05-18 18:48:54 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-18 18:45:57 ----A---- C:\WINDOWS\system32\21238.exe
2010-05-18 18:40:16 ----D---- C:\Programme\Avira
2010-05-18 18:40:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2010-05-18 18:25:57 ----A---- C:\WINDOWS\system32\7719.exe
2010-05-18 18:05:53 ----A---- C:\WINDOWS\system32\38.exe
2010-05-18 16:47:58 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-05-13 01:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-11 16:02:08 ----A---- C:\WINDOWS\system32\savapi3.dll
2010-05-11 16:02:08 ----A---- C:\WINDOWS\system32\avgsdk.dll

======List of files/folders modified in the last 1 months======

2010-05-19 12:18:35 ----D---- C:\WINDOWS\Prefetch
2010-05-19 12:18:29 ----D---- C:\Programme
2010-05-19 12:18:09 ----D---- C:\WINDOWS
2010-05-19 12:17:41 ----A---- C:\checkrun.txt
2010-05-19 12:16:35 ----D---- C:\WINDOWS\Temp
2010-05-19 11:58:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-19 11:58:23 ----SD---- C:\WINDOWS\Tasks
2010-05-19 11:57:40 ----D---- C:\WINDOWS\system32\drivers
2010-05-19 11:57:40 ----D---- C:\WINDOWS\system32
2010-05-19 11:57:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-19 11:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2010-05-19 09:42:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2010-05-18 22:12:07 ----D---- C:\WINDOWS\Registration
2010-05-18 19:15:44 ----SHD---- C:\WINDOWS\Installer
2010-05-18 19:14:34 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2010-05-18 18:49:11 ----HD---- C:\WINDOWS\inf
2010-05-18 18:48:54 ----D---- C:\WINDOWS\repair
2010-05-18 18:40:32 ----D---- C:\Programme\SGPSA
2010-05-18 18:40:32 ----D---- C:\Programme\Search Guard PlusU
2010-05-18 18:35:43 ----D---- C:\WINDOWS\WinSxS
2010-05-18 18:35:41 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-05-18 18:20:51 ----D---- C:\Programme\eMule
2010-05-18 17:38:46 ----D---- C:\Programme\Eset
2010-05-18 17:31:51 ----D---- C:\WINDOWS\network diagnostic
2010-05-18 17:24:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-18 17:24:20 ----D---- C:\Programme\Gemeinsame Dateien
2010-05-18 17:23:07 ----D---- C:\WINDOWS\system32\appmgmt
2010-05-18 17:12:07 ----D---- C:\WINDOWS\Debug
2010-05-18 16:57:34 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2010-05-18 16:48:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-18 16:48:28 ----D---- C:\Program Files
2010-05-17 09:54:48 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-05-16 21:44:49 ----D---- C:\Dokumente und Einstellungen\***Anwendungsdaten\Mozilla
2010-05-16 21:42:02 ----D---- C:\Programme\Mozilla Firefox
2010-05-16 20:27:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-16 15:49:47 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-05-13 01:30:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-05-13 01:29:49 ----D---- C:\Programme\Outlook Express
2010-05-12 19:10:59 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2010-05-12 18:57:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-07 18:00:52 ----D---- C:\Programme\Norton Security Scan
2010-05-07 18:00:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2010-05-07 18:00:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-16 21275]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-10 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-10 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 rspndr;Antwort für Verbindungsschicht-Topologieerkennung; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-12-13 62336]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-05-26 11264]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-08 3661312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 SNC;Sony Notebook-Steuergerät; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2001-08-17 20752]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-09-06 30976]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2006-11-21 113792]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2006-10-28 40960]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\DOKUME~1\Oswald\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTGUARD;NTGUARD; \??\C:\Programme\a1internetsecurity\bin\NTGUARD.SYS []
S3 se46bus;Sony Ericsson Device 070 driver (WDM); C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;Bluetooth HID Port; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2006-11-02 53504]
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 209408]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 17792]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-07 561152]
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-14 311296]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-08 143428]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-24 66872]
R2 Polar Daemon;Polar Daemon; C:\Programme\Polar\Daemon\polard.exe [2009-08-25 163840]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-03-24 323992]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 183280]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
         

Wie gesagt, weiss nicht ob noch etwas benötigt wird, auf alle Fälle würde ich mich sehr freuen, irgendetwas positives zu hören, bin nahezu verzweifelt, weil ich mich eben kaum mit solchen Sachen auskenne! Einstweilen herzlichen Dank!

Alt 19.05.2010, 15:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Auswertung Malewarebytes-Report erbeten!  Bin ich nun sauber? - Standard

Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 19.05.2010, 21:46   #3
Steirerbluat
 
Trojaner? Auswertung Malewarebytes-Report erbeten!  Bin ich nun sauber? - Standard

Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?



Danke erstmal!

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4116

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

19.05.2010 22:54:22
mbam-log-2010-05-19 (22-54-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|)
Durchsuchte Objekte: 215866
Laufzeit: 1 Stunde(n), 3 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{56C7B67B-FE44-4987-A57C-668864CDCD38}\RP951\A0101497.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C7B67B-FE44-4987-A57C-668864CDCD38}\RP951\A0101499.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C7B67B-FE44-4987-A57C-668864CDCD38}\RP951\A0101500.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C7B67B-FE44-4987-A57C-668864CDCD38}\RP951\A0101501.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C7B67B-FE44-4987-A57C-668864CDCD38}\RP951\A0101502.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C7B67B-FE44-4987-A57C-668864CDCD38}\RP953\A0102495.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STY70HM7\firewall[1].dll (Trojan.FakeAV) -> Quarantined and deleted successfully.
__________________

Alt 19.05.2010, 21:57   #4
Steirerbluat
 
Trojaner? Auswertung Malewarebytes-Report erbeten!  Bin ich nun sauber? - Standard

Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?



Code:
ATTFilter
OTL logfile created on: 19.05.2010 22:57:38 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): D:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 45,90 Gb Total Space | 5,45 Gb Free Space | 11,88% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 0,95 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
Drive E: | 98,27 Gb Total Space | 5,91 Gb Free Space | 6,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Polar\WebSync\WebSync.exe (Polar Electro Oy)
PRC - C:\Programme\Polar\Daemon\polard.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Obigo AB)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe (Pinnacle Systems)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Polar Daemon) -- C:\Programme\Polar\Daemon\polard.exe ()
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (se46unic) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM) -- C:\WINDOWS\system32\drivers\se46unic.sys (MCCI)
DRV - (se46obex) -- C:\WINDOWS\system32\drivers\se46obex.sys (MCCI)
DRV - (se46nd5) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS) -- C:\WINDOWS\system32\drivers\se46nd5.sys (MCCI)
DRV - (se46mgmt) Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se46mgmt.sys (MCCI)
DRV - (se46mdm) -- C:\WINDOWS\system32\drivers\se46mdm.sys (MCCI)
DRV - (se46mdfl) -- C:\WINDOWS\system32\drivers\se46mdfl.sys (MCCI)
DRV - (se46bus) Sony Ericsson Device 070 driver (WDM) -- C:\WINDOWS\system32\drivers\se46bus.sys (MCCI)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.orf.at/|about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.16 21:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.16 21:42:00 | 000,000,000 | ---D | M]
 
[2010.05.16 21:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Mozilla\Extensions
[2010.05.17 08:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Mozilla\Firefox\Profiles\1s5w5iwp.default\extensions
[2010.05.17 08:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Mozilla\Firefox\Profiles\1s5w5iwp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.16 21:42:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.19 12:17:35 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       loc
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Programme\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Lexmark 2200 Series] C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [Pinnacle WebUpdater] C:\Programme\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe (Pinnacle Systems)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [PMCS] C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe (Pinnacle Systems)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Polar WebSync.lnk = C:\WINDOWS\Installer\{D4B75A5A-2BA2-4761-BC27-9EA30FA5B483}\WebSync.exe2_4B58E052B1C94BE0AC42D7A472F5A651.exe (Acresso Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182619539890 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.16 09:21:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33c39612-cbd3-11de-aafe-0019d219ebab}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 19.05.2010 22:57:38 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): D:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 45,90 Gb Total Space | 5,45 Gb Free Space | 11,88% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 0,95 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
Drive E: | 98,27 Gb Total Space | 5,91 Gb Free Space | 6,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALDI
Current User Name: ***Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\Pinnacle\MediaCenter\PMC.exe" = C:\Programme\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe -- ( )
"C:\Programme\Pinnacle\MediaCenter\PSST.exe" = C:\Programme\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe -- (Pinnacle Systems)
"C:\Programme\Pinnacle\MediaCenter\PMSInstallInit.exe" = C:\Programme\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe -- ( )
"C:\Programme\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe" = C:\Programme\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe -- (Pinnacle Systems)
"C:\Programme\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe" = C:\Programme\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry -- File not found
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Reallusion\CrazyTalk for Skype\CT4Skype.exe" = C:\Programme\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk -- ()
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Programme\A1\A1 Installer\A1_broadband_Installer.exe" = C:\Programme\A1\A1 Installer\A1_broadband_Installer.exe:*:Enabled:Installer -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1) -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2) -- (Nero AG)
"C:\Programme\A1\A1 Installer\A1_mobile_Installer.exe" = C:\Programme\A1\A1 Installer\A1_mobile_Installer.exe:*:Enabled:A1 Breitband Unlimited Installer -- (mquadr.at software engineering und consulting GmbH, Web: www.mquadr.at)
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe" = C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs -- ()
"C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService -- (Pinnacle Systems)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA8C0785-3F20-43E0-BFA3-223FFB5D25AA}" = Polar Daemon
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AFFA5297-564F-404C-B9D9-CCFC78E4D405}" = A1 Breitband Unlimited Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4B75A5A-2BA2-4761-BC27-9EA30FA5B483}" = Polar WebSync
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DD120B1C-AE3B-46B4-996F-665FD2720558}" = A1 Dashboard
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"18FF359AE500F8C84B16BD7C8065F75AFEAE4CDF" = Windows Driver Package - Intel (w29n51) net  (10/25/2006 9.0.4.26)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel net  (11/01/2006 9.1.0.111)
"A1 Breitband Unlimited Installer" = A1 Breitband Unlimited Installer
"A1 Dashboard" = A1 Dashboard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C805F03D733C5C658A973935646FBB5296D72B14" = Windows Driver Package - Intel net  (10/30/2006 10.6.0.29)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CrashTime" = Cobra 11 - Crash Time (remove only)
"Digital Camera Driver" = Digital Camera Driver
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FF9C6C89964495D9F1AC86587EF985784D8AD152" = Windows Driver Package - Intel (NETw3x32) net  (10/17/2006 10.5.1.72)
"ffdshow_is1" = ffdshow [rev 382] [2006-10-12]
"FirstloadIkarus" = Firstload Ikarus
"foobar2000" = foobar2000 v0.9.4.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"Lexmark 2200 Series" = Lexmark 2200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.76
"RealAlt_is1" = Real Alternative 1.51
"Reimage Repair" = Reimage Repair
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Stellarium_is1" = Stellarium 0.9.1
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2010 09:38:36 | Computer Name = WALDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17023, fehlgeschlagenes
 Modul flash10e.ocx, Version 10.0.45.2, Fehleradresse 0x000bd1a7.
 
Error - 11.05.2010 11:21:05 | Computer Name = WALDI | Source = Google Update | ID = 20
Description = 
 
Error - 12.05.2010 13:21:05 | Computer Name = WALDI | Source = Google Update | ID = 20
Description = 
 
Error - 12.05.2010 13:39:17 | Computer Name = WALDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul wiashext.dll, Version 5.1.2600.5512, Fehleradresse 0x0000d3ff.
 
Error - 18.05.2010 10:57:33 | Computer Name = WALDI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 18.05.2010 10:58:16 | Computer Name = WALDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung websync.exe, Version 1.3.5.220, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 18.05.2010 11:16:54 | Computer Name = WALDI | Source = JavaQuickStarterService | ID = 1
Description = 
 
Error - 18.05.2010 11:22:08 | Computer Name = WALDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung websync.exe, Version 1.3.5.220, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 18.05.2010 12:41:18 | Computer Name = WALDI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 18.05.2010 12:41:18 | Computer Name = WALDI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
[ OSession Events ]
Error - 07.12.2007 16:30:38 | Computer Name = WALDI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2007 16:32:11 | Computer Name = WALDI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2007 16:36:43 | Computer Name = WALDI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.03.2008 20:40:45 | Computer Name = WALDI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14927
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2010 11:36:14 | Computer Name = WALDI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
   %%2147952450
 
Error - 18.05.2010 11:36:44 | Computer Name = WALDI | Source = DCOM | ID = 10010
Description = Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.05.2010 11:36:44 | Computer Name = WALDI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
   %%2147952450
 
Error - 18.05.2010 11:37:14 | Computer Name = WALDI | Source = DCOM | ID = 10010
Description = Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.05.2010 12:35:33 | Computer Name = WALDI | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 18.05.2010 12:35:33 | Computer Name = WALDI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 18.05.2010 12:35:33 | Computer Name = WALDI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\Oswald\LOKALE~1\Temp\RarSFX0\redist.dll
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 19.05.2010 03:27:56 | Computer Name = WALDI | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 10.0.0.1 über die   Netzwerkkarte
 mit der Netzwerkadresse 0019D219EBAB ist verloren gegangen.
 
Error - 19.05.2010 03:33:40 | Computer Name = WALDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 19.05.2010 05:58:10 | Computer Name = WALDI | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
 
< End of report >
         

Alt 20.05.2010, 09:09   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Auswertung Malewarebytes-Report erbeten!  Bin ich nun sauber? - Standard

Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?



Das OTL Log ist unvollständig. Versuch mal bitte beide hier anzuhängen, notfalls beide in einer ZIP Datei.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2010, 15:34   #6
Steirerbluat
 
Trojaner? Auswertung Malewarebytes-Report erbeten!  Bin ich nun sauber? - Standard

Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?



Code:
ATTFilter
OTL logfile created on: 20.05.2010 16:14:44 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\Oswald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): D:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 45,90 Gb Total Space | 5,27 Gb Free Space | 11,48% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 0,95 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
Drive E: | 98,27 Gb Total Space | 5,91 Gb Free Space | 6,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Polar\WebSync\WebSync.exe (Polar Electro Oy)
PRC - C:\Programme\Polar\Daemon\polard.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Obigo AB)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe (Pinnacle Systems)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Polar Daemon) -- C:\Programme\Polar\Daemon\polard.exe ()
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (se46unic) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM) -- C:\WINDOWS\system32\drivers\se46unic.sys (MCCI)
DRV - (se46obex) -- C:\WINDOWS\system32\drivers\se46obex.sys (MCCI)
DRV - (se46nd5) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS) -- C:\WINDOWS\system32\drivers\se46nd5.sys (MCCI)
DRV - (se46mgmt) Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se46mgmt.sys (MCCI)
DRV - (se46mdm) -- C:\WINDOWS\system32\drivers\se46mdm.sys (MCCI)
DRV - (se46mdfl) -- C:\WINDOWS\system32\drivers\se46mdfl.sys (MCCI)
DRV - (se46bus) Sony Ericsson Device 070 driver (WDM) -- C:\WINDOWS\system32\drivers\se46bus.sys (MCCI)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.orf.at/|about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.16 21:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.16 21:42:00 | 000,000,000 | ---D | M]
 
[2010.05.16 21:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Mozilla\Extensions
[2010.05.17 08:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Mozilla\Firefox\Profiles\1s5w5iwp.default\extensions
[2010.05.17 08:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Mozilla\Firefox\Profiles\1s5w5iwp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.16 21:42:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.19 12:17:35 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       loc
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Programme\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Lexmark 2200 Series] C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [Pinnacle WebUpdater] C:\Programme\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe (Pinnacle Systems)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [PMCS] C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe (Pinnacle Systems)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Polar WebSync.lnk = C:\WINDOWS\Installer\{D4B75A5A-2BA2-4761-BC27-9EA30FA5B483}\WebSync.exe2_4B58E052B1C94BE0AC42D7A472F5A651.exe (Acresso Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182619539890 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.16 09:21:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33c39612-cbd3-11de-aafe-0019d219ebab}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 22:56:56 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Oswald\Desktop\OTL.exe
[2010.05.19 12:18:29 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.05.19 12:18:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.19 12:18:03 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Oswald\Recent
[2010.05.19 10:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Malwarebytes
[2010.05.19 10:20:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.19 10:20:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.19 10:20:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.19 10:20:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.19 10:18:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\hubert.exe
[2010.05.19 10:13:39 | 000,000,000 | ---D | C] -- C:\rei
[2010.05.19 10:13:27 | 000,000,000 | ---D | C] -- C:\Programme\Reimage
[2010.05.18 21:13:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.05.18 19:15:15 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.05.18 19:15:15 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.05.18 18:52:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oswald\Anwendungsdaten\Avira
[2010.05.18 18:48:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.18 18:40:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.05.18 18:40:17 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.05.18 18:40:17 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.05.18 18:40:17 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.05.18 18:40:17 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.05.18 18:40:16 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.05.18 18:40:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.05.16 21:44:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oswald\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2010.05.11 16:02:08 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010.05.07 18:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010.05.07 18:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.20 10:13:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010.05.20 10:13:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010.05.20 09:23:49 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.20 09:23:39 | 000,001,894 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.05.20 09:14:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010.05.20 09:14:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010.05.20 09:01:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010.05.20 09:01:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010.05.20 00:21:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010.05.20 00:21:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010.05.20 00:17:33 | 005,767,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\Oswald\NTUSER.DAT
[2010.05.19 22:56:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Oswald\Desktop\OTL.exe
[2010.05.19 22:55:49 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cuekgjf.sys
[2010.05.19 16:34:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010.05.19 16:34:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010.05.19 16:33:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010.05.19 16:33:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010.05.19 13:55:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010.05.19 13:55:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010.05.19 13:47:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010.05.19 13:47:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010.05.19 13:40:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010.05.19 13:40:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010.05.19 13:40:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010.05.19 13:40:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010.05.19 12:18:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010.05.19 12:18:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010.05.19 12:17:55 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2010.05.19 12:17:25 | 000,002,335 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Polar WebSync.lnk
[2010.05.19 12:16:55 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.19 12:16:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.19 12:16:33 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.19 12:16:33 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.05.19 11:58:24 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.05.19 11:58:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.19 11:58:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.19 11:56:55 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Oswald\ntuser.ini
[2010.05.19 10:20:51 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 10:18:07 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\hubert.exe
[2010.05.19 10:16:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010.05.19 10:15:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010.05.19 10:13:44 | 000,001,694 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\Reimage Repair.lnk
[2010.05.19 10:07:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010.05.19 10:07:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010.05.18 22:39:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010.05.18 22:39:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010.05.18 21:19:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010.05.18 21:19:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010.05.18 21:15:00 | 000,589,974 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.05.18 21:13:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010.05.18 21:13:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010.05.18 20:07:14 | 000,000,544 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Oswald.job
[2010.05.18 19:27:01 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\RSIT.exe
[2010.05.18 19:15:26 | 000,001,962 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\SpyHunter.lnk
[2010.05.18 18:45:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21238.exe
[2010.05.18 18:40:42 | 000,001,678 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.05.18 18:25:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7719.exe
[2010.05.18 18:16:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010.05.18 18:16:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010.05.18 18:05:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\38.exe
[2010.05.18 16:49:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010.05.18 16:49:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010.05.18 16:47:58 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.05.18 15:16:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010.05.18 15:16:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010.05.18 10:48:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010.05.18 10:48:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010.05.17 23:52:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010.05.17 23:52:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010.05.16 21:44:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.05.16 21:42:04 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.05.16 20:27:07 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.11 16:02:08 | 001,380,403 | ---- | M] () -- C:\WINDOWS\System32\avgsdk.dll
[2010.05.11 16:02:08 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010.05.07 23:38:53 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.07 18:00:55 | 000,001,151 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton Security Scan.lnk
[2010.05.07 18:00:53 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010.04.29 15:50:24 | 005,762,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;50;24.PDF
[2010.04.29 15:49:15 | 005,208,332 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;49;15.PDF
[2010.04.29 15:48:24 | 005,208,332 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;48;24.PDF
[2010.04.29 15:45:39 | 005,156,767 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;45;39.PDF
[2010.04.29 15:44:39 | 005,720,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;44;39.PDF
[2010.04.29 15:43:16 | 005,497,566 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;43;16.PDF
[2010.04.29 15:42:05 | 005,647,643 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;42;05.PDF
[2010.04.29 15:40:38 | 004,510,149 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;40;38.PDF
[2010.04.29 15:39:41 | 006,185,237 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;39;41.PDF
[2010.04.29 15:38:23 | 005,580,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;38;23.PDF
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 23:28:32 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\Word.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.20 09:23:39 | 000,001,894 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.05.19 22:55:49 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cuekgjf.sys
[2010.05.19 10:20:51 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 10:15:15 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010.05.19 10:15:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010.05.19 10:13:44 | 000,001,694 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\Reimage Repair.lnk
[2010.05.18 19:26:58 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\RSIT.exe
[2010.05.18 19:15:26 | 000,001,962 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Desktop\SpyHunter.lnk
[2010.05.18 18:45:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21238.exe
[2010.05.18 18:40:42 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.05.18 18:25:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7719.exe
[2010.05.18 18:05:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\38.exe
[2010.05.18 16:47:58 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.05.16 21:44:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.16 21:42:04 | 000,001,573 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.05.11 16:02:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010.05.07 18:00:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010.04.29 15:50:24 | 005,762,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;50;24.PDF
[2010.04.29 15:49:15 | 005,208,332 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;49;15.PDF
[2010.04.29 15:48:24 | 005,208,332 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;48;24.PDF
[2010.04.29 15:45:39 | 005,156,767 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;45;39.PDF
[2010.04.29 15:44:39 | 005,720,111 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;44;39.PDF
[2010.04.29 15:43:16 | 005,497,566 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;43;16.PDF
[2010.04.29 15:42:05 | 005,647,643 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;42;05.PDF
[2010.04.29 15:40:38 | 004,510,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;40;38.PDF
[2010.04.29 15:39:41 | 006,185,237 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;39;41.PDF
[2010.04.29 15:38:23 | 005,580,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Oswald\Eigene Dateien\29-04-2010 15;38;23.PDF
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.05.20 12:35:30 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2008.09.24 17:57:40 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.03.20 01:41:06 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.03.20 01:41:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.03.20 01:40:37 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.03.20 01:21:51 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008.02.13 23:04:29 | 000,006,067 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2007.11.10 00:50:39 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.11.10 00:50:39 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.08.01 13:49:08 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007.08.01 13:45:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.07.23 23:30:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007.07.04 22:55:41 | 000,000,522 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007.06.24 00:31:12 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2007.06.24 00:31:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2007.06.24 00:31:12 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2007.06.24 00:31:12 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2007.06.24 00:31:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2007.06.24 00:30:41 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.06.23 18:27:01 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.06.16 12:09:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2007.06.16 11:50:24 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.06.16 11:50:24 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.06.16 10:59:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007.06.16 09:33:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.10.31 17:37:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006.08.10 15:00:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.08.10 00:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003.10.30 19:29:00 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbvcoin.ini
[2002.11.13 17:40:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbvvs.dll
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2010 16:14:44 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\Oswald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): D:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 45,90 Gb Total Space | 5,27 Gb Free Space | 11,48% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 0,95 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
Drive E: | 98,27 Gb Total Space | 5,91 Gb Free Space | 6,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALDI
Current User Name: Oswald
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\Pinnacle\MediaCenter\PMC.exe" = C:\Programme\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe -- ( )
"C:\Programme\Pinnacle\MediaCenter\PSST.exe" = C:\Programme\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe -- (Pinnacle Systems)
"C:\Programme\Pinnacle\MediaCenter\PMSInstallInit.exe" = C:\Programme\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe -- ( )
"C:\Programme\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe" = C:\Programme\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe -- (Pinnacle Systems)
"C:\Programme\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe" = C:\Programme\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry -- File not found
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Reallusion\CrazyTalk for Skype\CT4Skype.exe" = C:\Programme\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk -- ()
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Programme\A1\A1 Installer\A1_broadband_Installer.exe" = C:\Programme\A1\A1 Installer\A1_broadband_Installer.exe:*:Enabled:Installer -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1) -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe" = C:\Programme\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2) -- (Nero AG)
"C:\Programme\A1\A1 Installer\A1_mobile_Installer.exe" = C:\Programme\A1\A1 Installer\A1_mobile_Installer.exe:*:Enabled:A1 Breitband Unlimited Installer -- (mquadr.at software engineering und consulting GmbH, Web: www.mquadr.at)
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe" = C:\Programme\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs -- ()
"C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService -- (Pinnacle Systems)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA8C0785-3F20-43E0-BFA3-223FFB5D25AA}" = Polar Daemon
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AFFA5297-564F-404C-B9D9-CCFC78E4D405}" = A1 Breitband Unlimited Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4B75A5A-2BA2-4761-BC27-9EA30FA5B483}" = Polar WebSync
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DD120B1C-AE3B-46B4-996F-665FD2720558}" = A1 Dashboard
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"18FF359AE500F8C84B16BD7C8065F75AFEAE4CDF" = Windows Driver Package - Intel (w29n51) net  (10/25/2006 9.0.4.26)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel net  (11/01/2006 9.1.0.111)
"A1 Breitband Unlimited Installer" = A1 Breitband Unlimited Installer
"A1 Dashboard" = A1 Dashboard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C805F03D733C5C658A973935646FBB5296D72B14" = Windows Driver Package - Intel net  (10/30/2006 10.6.0.29)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CrashTime" = Cobra 11 - Crash Time (remove only)
"Digital Camera Driver" = Digital Camera Driver
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FF9C6C89964495D9F1AC86587EF985784D8AD152" = Windows Driver Package - Intel (NETw3x32) net  (10/17/2006 10.5.1.72)
"ffdshow_is1" = ffdshow [rev 382] [2006-10-12]
"FirstloadIkarus" = Firstload Ikarus
"foobar2000" = foobar2000 v0.9.4.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"Lexmark 2200 Series" = Lexmark 2200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.76
"RealAlt_is1" = Real Alternative 1.51
"Reimage Repair" = Reimage Repair
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Stellarium_is1" = Stellarium 0.9.1
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2010 09:38:36 | Computer Name = ***I | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17023, fehlgeschlagenes
 Modul flash10e.ocx, Version 10.0.45.2, Fehleradresse 0x000bd1a7.
 
Error - 11.05.2010 11:21:05 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 12.05.2010 13:21:05 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 12.05.2010 13:39:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul wiashext.dll, Version 5.1.2600.5512, Fehleradresse 0x0000d3ff.
 
Error - 18.05.2010 10:57:33 | Computer Name = ***| Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 18.05.2010 10:58:16 | Computer Name = WALDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung websync.exe, Version 1.3.5.220, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 18.05.2010 11:16:54 | Computer Name = *** | Source = JavaQuickStarterService | ID = 1
Description = 
 
Error - 18.05.2010 11:22:08 | Computer Name = ***| Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung websync.exe, Version 1.3.5.220, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 18.05.2010 12:41:18 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 18.05.2010 12:41:18 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
[ OSession Events ]
Error - 07.12.2007 16:30:38 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2007 16:32:11 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2007 16:36:43 | Computer Name = ***| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.03.2008 20:40:45 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14927
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2010 11:36:14 | Computer Name = ***| Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
   %%2147952450
 
Error - 18.05.2010 11:36:44 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.05.2010 11:36:44 | Computer Name = WALDI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
   %%2147952450
 
Error - 18.05.2010 11:37:14 | Computer Name = ***| Source = DCOM | ID = 10010
Description = Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.05.2010 12:35:33 | Computer Name = *** | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 18.05.2010 12:35:33 | Computer Name = ***| Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 18.05.2010 12:35:33 | Computer Name = ***| Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\Oswald\LOKALE~1\Temp\RarSFX0\redist.dll
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 19.05.2010 03:27:56 | Computer Name = ***| Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 10.0.0.1 über die   Netzwerkkarte
 mit der Netzwerkadresse 0019D219EBAB ist verloren gegangen.
 
Error - 19.05.2010 03:33:40 | Computer Name = WALDI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 19.05.2010 05:58:10 | Computer Name = ***| Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
 
< End of report >
         


Ich hoffe es ist alles komplett. Ich weiss nicht warum, aber anscheinend wird der Scan immer vorzeitig abgebrochen, so wie ich das sehe, oder?
Danke einstweilen!

Antwort

Themen zu Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?
.com, 32 bit, ad-aware, adware.mywebsearch, antivir guard, avgntflt.sys, avira, bho, breitband, browser, browseui preloader, c:\windows\system32\rundll32.exe, desktop, diagnostics, enigma, fontcache, frage, google, gupdate, hijackthis, hkus\s-1-5-18, home, installation, need for speed, object, pop-up-blocker, problem, registry, reimage, rogue.securityessentials, rogue.securityessentials2010, saver, searchscopes, security, security scan, security suite, senden, skype.exe, software, spyhunter 4, stick, svchost.exe, symantec, system, trojan.downloader, trojan.fakeav, trojaner, usbvideo.sys, viren, windows xp



Ähnliche Themen: Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?


  1. Werbungs Problem , Auswertung erbeten
    Log-Analyse und Auswertung - 28.09.2015 (3)
  2. OTL Auswertung erbeten
    Log-Analyse und Auswertung - 01.05.2015 (1)
  3. Maleware via Steam bekommen. Malewarebytes Log auswertung
    Log-Analyse und Auswertung - 21.01.2015 (32)
  4. GVU Trojaner Malewarebytes/Defogger/OTL Scannberichte - System sauber?
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (7)
  5. Report Malewarebytes
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (13)
  6. Trojan.Agent.CK -Auswertung erbeten
    Log-Analyse und Auswertung - 19.08.2012 (10)
  7. Verschlüsselungs-Trojaner: Report Auswertung etc.
    Log-Analyse und Auswertung - 25.07.2012 (6)
  8. malewarebytes Auswertung: Trojan.FakeFireFox
    Log-Analyse und Auswertung - 21.03.2012 (21)
  9. MALEWAREBYTES ÜBERSTETZUNG der Auswertung PLEASE!
    Log-Analyse und Auswertung - 19.07.2011 (1)
  10. Möglicher Trojaner? - Auswertung erbeten
    Log-Analyse und Auswertung - 15.06.2011 (14)
  11. Bitte um Hilfe zur Auswertung Hijackauszug, Malewarebytes, Virus HTML/Crypted.Gen
    Log-Analyse und Auswertung - 25.06.2009 (0)
  12. TR/dropper.gen Auswertung HiJackThis-Log erbeten
    Plagegeister aller Art und deren Bekämpfung - 08.04.2009 (2)
  13. Bitte um Logfile Auswertung (Malewarebytes´ Fund)
    Mülltonne - 11.01.2009 (4)
  14. Auswertung meines Logs erbeten.
    Log-Analyse und Auswertung - 26.03.2007 (1)
  15. System wieder sauber ? bitte um Auswertung !
    Log-Analyse und Auswertung - 07.02.2007 (6)
  16. eScan Auswertung erbeten...
    Log-Analyse und Auswertung - 28.04.2005 (7)
  17. Hijacklog Auswertung erbeten
    Log-Analyse und Auswertung - 15.01.2005 (1)

Zum Thema Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber? - Hallo ihr lieben! Das ist mein erster Beitrag. Hab versucht, mich genau an die Forumsregeln zu halten, und alles dementsprechend darzulegen. Hab natürlich zuerst versucht zu googeln, und bin dadurch - Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber?...
Archiv
Du betrachtest: Trojaner? Auswertung Malewarebytes-Report erbeten! Bin ich nun sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.