Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mein HijackThis Log - System sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.07.2010, 16:02   #1
TommyXP08
 
Mein HijackThis Log - System sauber? - Frage

Mein HijackThis Log - System sauber?



Hallo,
hatte vor kurzem irgendeine Spyware oder Virus auf meinem PC gehabt. Irgendetwas mit smss32.exe und eine Datei die sich unter C:\WINDOWS\SYSTEM32\ befand. Lies sich aber alles gut entfernen mit Antivir, Spyware Bot u.a.

Nun wollte ich von euch wissen anhand meines Hijackthis-Logs ob mein System wieder clean ist oder noch Rückstände vorhanden sind:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:43:55, on 17.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\ICQ7.0\ICQ.exe
P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe
P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
P:\Programme\Sonstige\BlueSoleil\BTNtService.exe
C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe
C:\Programme\Java\jre6\bin\jqs.exe
P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe
P:\Programme\Internet\Advanced VPN Client\ncprwsnt.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
P:\Programme\Internet\Advanced VPN Client\ncpsec.exe
C:\WINDOWS\system32\nvsvc32.exe
P:\Programme\Internet\Advanced VPN Client\rwsrsu.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Rühle\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Programme\Office\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - P:\Programme\Internet\robocom\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech SetPoint.lnk = P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://P:\PROGRA~1\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://P:\Programme\Internet\robocom\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://P:\Programme\Internet\robocom\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://P:\Programme\Internet\robocom\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://P:\Programme\Internet\robocom\RoboFormComShowToolbar.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://P:\Programme\Internet\robocom\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://P:\Programme\Internet\robocom\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://P:\Programme\Internet\robocom\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://P:\Programme\Internet\robocom\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://P:\Programme\Internet\robocom\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://P:\Programme\Internet\robocom\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\PROGRA~1\Office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: hxxp://*.cyber-deployment.com
O15 - Trusted Zone: hxxp://*.cyber-deployment.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - P:\Programme\Sonstige\BlueSoleil\BTNtService.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c9891622ea6ae6) (gupdate1c9891622ea6ae6) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - P:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ncpclcfg - Unknown owner - P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - P:\Programme\Internet\Advanced VPN Client\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - P:\Programme\Internet\Advanced VPN Client\ncpsec.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - P:\Programme\Internet\Advanced VPN Client\rwsrsu.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - P:\Programme\Video\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 12930 bytes
         
Vielen Dank schon mal im Voraus für eure Mühe!

Alt 17.07.2010, 21:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 18.07.2010, 16:05   #3
TommyXP08
 
Mein HijackThis Log - System sauber? - Ausrufezeichen

Mein HijackThis Log - System sauber?



Anbei die gewünschten Logs

Malwarebytes
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4323

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.07.2010 14:59:37
mbam-log-2010-07-18 (14-59-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|M:\|N:\|P:\|)
Durchsuchte Objekte: 319861
Laufzeit: 1 Stunde(n), 35 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Microsoft\Installer\{CCD58DA0-8FC9-40F6-9346-5B1528DEA638}\NewShortcut7_CCD58DA08FC940F693465B1528DEA638.reg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Microsoft\Installer\{CCD58DA0-8FC9-40F6-9346-5B1528DEA638}\NewShortcut8_CCD58DA08FC940F693465B1528DEA638.reg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\1C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\1E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\G56V8XYZ\exe[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\config\countryflag.dll (Malware.Packer) -> Quarantined and deleted successfully.
P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\config\countryflag32.dll (Malware.Packer) -> Quarantined and deleted successfully.
P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\lang\es_ES_T.dll (Trojan.KillAV) -> Quarantined and deleted successfully.
P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\lang\fr_FR.dll (Trojan.KillAV) -> Quarantined and deleted successfully.
P:\Programme\Music\BPM-Studio Profi\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
         
OTL Log
Code:
ATTFilter
OTL logfile created on: 18.07.2010 15:11:06 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Rühle\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 20,13 Gb Total Space | 0,64 Gb Free Space | 3,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 19,53 Gb Total Space | 4,79 Gb Free Space | 24,52% Space Free | Partition Type: NTFS
Drive G: | 29,30 Gb Total Space | 5,42 Gb Free Space | 18,49% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 39,07 Gb Total Space | 5,60 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive N: | 465,76 Gb Total Space | 371,47 Gb Free Space | 79,76% Space Free | Partition Type: NTFS
Drive P: | 41,01 Gb Total Space | 0,48 Gb Free Space | 1,17% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY
Current User Name: Rühle
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Rühle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe ()
PRC - P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - P:\Programme\Internet\Advanced VPN Client\NCPRWSNT.EXE (NCP Engineering GmbH)
PRC - P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe ()
PRC - P:\Programme\Internet\Advanced VPN Client\RWSRSU.exe ()
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe (IVT Corporation)
PRC - P:\Programme\Sonstige\BlueSoleil\BTNtService.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - P:\Programme\Internet\Advanced VPN Client\NCPSEC.EXE ()
PRC - P:\Programme\Office\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - P:\Programme\Office\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Rühle\Desktop\OTL.exe (OldTimer Tools)
MOD - P:\Programme\Sonstige\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- P:\Programme\iPod\bin\iPodService.exe File not found
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (WiselinkPro) -- P:\Programme\Video\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BRA_Scheduler) -- C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe ()
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ncprwsnt) -- P:\Programme\Internet\Advanced VPN Client\NCPRWSNT.EXE (NCP Engineering GmbH)
SRV - (ncpclcfg) -- P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe ()
SRV - (rwsrsu) -- P:\Programme\Internet\Advanced VPN Client\RWSRSU.exe ()
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (BlueSoleil Hid Service) -- P:\Programme\Sonstige\BlueSoleil\BTNtService.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NcpSec) -- P:\Programme\Internet\Advanced VPN Client\NCPSEC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (zntport) -- C:\WINDOWS\System32\zntport.sys File not found
DRV - (vvftUVC) -- C:\WINDOWS\System32\drivers\vvftUVC.sys File not found
DRV - (VMUVC) -- C:\WINDOWS\System32\Drivers\VMUVC.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys File not found
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys File not found
DRV - (Pcouffin) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys File not found
DRV - (mbr) -- C:\DOKUME~1\RHLE~1\LOKALE~1\Temp\mbr.sys File not found
DRV - (ASInsHelp) -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (ttBudget2) TechnoTrend BDA/DVB (BDA) -- C:\WINDOWS\system32\drivers\ttBudget2.sys (TechnoTrend AG)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ncplentp) -- C:\WINDOWS\system32\drivers\NCPLENTP.SYS ()
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\WINDOWS\system32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\WINDOWS\system32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTLUND) -- C:\WINDOWS\system32\drivers\ftlund.sys (FTDI Ltd.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (VHidMinidrv) -- C:\WINDOWS\system32\drivers\VHIDMini.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (cpuidlep) -- C:\WINDOWS\System32\drivers\cpuidlep.sys ()
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (DSDrv4) -- P:\Programme\TV-Karte\DScaler\DSDrv4.sys ()
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (HCWBT8XX) -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys (Hauppauge Computer Works)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (phil2vid) Philips VGA-Kamera (USB) -- C:\WINDOWS\system32\drivers\philcam2.sys (Microsoft Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.7
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.03.06 12:50:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 15:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 15:24:05 | 000,000,000 | ---D | M]
 
[2009.09.27 11:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Extensions
[2010.07.17 22:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions
[2008.07.02 21:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.02 00:47:38 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.05.09 18:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\exif_viewer@mozilla.doslash.org
[2009.09.27 11:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\piclens@cooliris.com
[2008.06.17 23:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\turntoolviewer@turntool.com
[2007.09.23 14:34:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\videodowloader@videodownloader.net
[2010.07.17 22:04:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin-1.xml
[2008.07.17 21:44:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin-2.xml
[2008.09.24 22:58:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin-3.xml
[2008.11.13 23:55:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin-4.xml
[2008.12.17 23:56:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin-5.xml
[2008.12.20 22:12:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin-6.xml
[2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\searchplugins\icqplugin.xml
[2010.07.17 22:04:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.07.02 21:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.08 19:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2004.07.03 22:09:11 | 000,140,800 | ---- | M] (Icenet LLC) -- C:\Programme\Mozilla Firefox\plugins\al2np.dll
[2008.08.16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll
[2008.08.16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll
[2008.08.16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll
[2008.05.21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcm80.dll
[2008.05.21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcp80.dll
[2008.05.21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcr80.dll
[2008.06.19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Programme\Mozilla Firefox\plugins\MyCamera.dll
[2008.06.19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Programme\Mozilla Firefox\plugins\NPCIG.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.08.16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll
[2008.08.16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.23 23:06:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Programme\Office\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - P:\Programme\Internet\robocom\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - P:\Programme\Internet\robocom\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - P:\Programme\Internet\robocom\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint - Drucken - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: In Adobe PDF konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\Programme\Office\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - P:\Programme\Internet\robocom\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - P:\Programme\Internet\robocom\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - P:\Programme\Internet\robocom\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - P:\Programme\Internet\robocom\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - P:\Programme\Internet\robocom\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - P:\Programme\Internet\robocom\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - P:\Programme\Internet\robocom\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - P:\Programme\Internet\robocom\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - P:\Programme\Internet\robocom\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - P:\Programme\Internet\robocom\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Programme\Office\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: cyber-deployment.com ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: cyber-deployment.com ([]http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Rühle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Rühle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.01.24 23:10:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:47 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:47 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:47 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:48 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:48 | 000,000,000 | RHSD | M] - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{04451b77-37cc-11de-bc7e-0011d849f781}\Shell\AutoRun\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
O33 - MountPoints2\{04451b77-37cc-11de-bc7e-0011d849f781}\Shell\open\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.18 11:29:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rühle\Desktop\OTL.exe
[2010.07.17 13:01:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rühle\Desktop\backups
[2010.07.17 12:58:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rühle\Desktop\lspfix
[2010.07.17 12:57:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Rühle\Desktop\HiJackThis204.exe
[2010.07.15 19:03:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macromedia
[2010.07.14 23:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Xilisoft
[2010.07.14 22:19:37 | 000,000,000 | ---D | C] -- C:\Programme\Video
[2010.07.10 19:20:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CSP
[2010.07.03 20:32:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rühle\Desktop\wm
[2010.06.27 12:49:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Brother
[2010.06.27 12:42:54 | 000,000,000 | ---D | C] -- C:\Programme\Brother
[2005.05.10 21:39:28 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005.05.10 21:39:28 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[349 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Rühle\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Rühle\Eigene Dateien\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.18 15:02:20 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.18 15:02:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-920026266-839522115-1003.job
[2010.07.18 15:02:15 | 000,205,884 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.18 15:02:15 | 000,002,191 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.07.18 15:02:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 15:02:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.18 15:00:30 | 021,233,664 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rühle\NTUSER.DAT
[2010.07.18 14:55:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.18 11:29:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rühle\Desktop\OTL.exe
[2010.07.18 00:06:19 | 000,196,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.17 12:57:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Rühle\Desktop\HiJackThis204.exe
[2010.07.16 19:49:16 | 000,001,099 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\ShiftN.ini
[2010.07.14 23:48:08 | 000,000,845 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2010.07.14 20:02:11 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.13 22:41:10 | 000,000,629 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Free Video Joiner.lnk
[2010.07.13 21:22:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.07.10 19:07:08 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SAMSUNG PC Share Manager.lnk
[2010.07.06 23:38:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.05 23:31:59 | 000,376,684 | ---- | M] () -- C:\Dokumente und Einstellungen\Rühle\Desktop\8_passig_gemacht.jpg
[2010.06.27 15:24:10 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.27 12:59:43 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010.06.27 12:53:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010.06.26 11:21:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-920026266-839522115-1003.job
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[349 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Rühle\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Rühle\Eigene Dateien\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.14 23:48:07 | 000,000,845 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2010.07.13 22:41:10 | 000,000,629 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Free Video Joiner.lnk
[2010.07.10 19:07:08 | 000,001,595 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SAMSUNG PC Share Manager.lnk
[2010.07.05 23:31:58 | 000,376,684 | ---- | C] () -- C:\Dokumente und Einstellungen\Rühle\Desktop\8_passig_gemacht.jpg
[2010.06.27 12:31:26 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.06.27 12:31:26 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.05.13 23:06:55 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.03.29 16:24:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.12.06 16:46:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.04.06 16:23:37 | 000,073,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\NCPLENTP.SYS
[2008.04.02 00:15:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2008.03.13 20:45:39 | 000,000,353 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008.03.13 20:30:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2008.03.13 20:14:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.03.13 20:14:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.11.19 23:33:52 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.11.19 23:33:51 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.10.06 00:29:42 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007.10.06 00:29:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007.09.23 14:55:56 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2007.09.23 14:55:56 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll
[2007.09.23 14:55:56 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007.05.05 21:27:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\GaebGetter.INI
[2007.02.11 16:24:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2006.11.11 11:55:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006.10.19 23:05:32 | 000,000,444 | ---- | C] () -- C:\WINDOWS\3gptoavi3.INI
[2006.07.17 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006.07.17 02:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006.05.27 18:00:43 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\vscfdx.dll
[2006.05.27 17:58:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\batchrec.ini
[2006.04.15 10:00:04 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006.03.09 15:29:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.03.09 15:29:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.03.09 15:29:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.03.09 15:29:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.03.09 15:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.03.09 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.02.18 16:48:28 | 000,000,071 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2006.02.09 01:06:12 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006.01.22 22:39:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\TSetup.INI
[2005.12.26 13:40:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005.12.26 13:38:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2005.10.30 21:39:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.10.27 23:26:05 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.01 11:19:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005.09.16 20:01:21 | 000,012,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2005.09.16 19:58:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005.09.09 17:11:43 | 000,001,798 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.08.27 14:51:15 | 000,000,203 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2005.08.27 14:47:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.08.27 14:37:53 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005.08.27 14:37:52 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.08.05 01:07:47 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2005.08.05 01:07:47 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2005.07.29 16:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005.07.16 23:02:00 | 000,001,071 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.07.13 15:05:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\winxp32.sys
[2005.05.05 15:52:47 | 000,000,272 | ---- | C] () -- C:\WINDOWS\BUHL.INI
[2005.05.05 15:51:26 | 000,209,920 | ---- | C] () -- C:\WINDOWS\fpuninst.dll
[2005.03.29 21:09:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005.03.26 21:04:45 | 000,000,701 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2005.03.12 23:19:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.02.19 19:44:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.02.19 19:44:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.02.19 19:44:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.02.19 19:44:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.02.19 19:44:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.02.19 19:44:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.02.19 19:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI
[2005.02.19 18:57:18 | 000,000,877 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005.02.19 00:18:04 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005.02.14 18:03:44 | 000,000,468 | ---- | C] () -- C:\WINDOWS\bobdown.ini
[2005.02.13 01:43:00 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2005.01.30 22:35:59 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.01.30 21:09:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.01.26 21:37:33 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005.01.26 21:05:27 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.01.25 00:52:21 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005.01.25 00:51:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PTSPEECH.INI
[2005.01.25 00:51:38 | 000,000,190 | ---- | C] () -- C:\WINDOWS\LangIDlib.INI
[2005.01.25 00:51:38 | 000,000,143 | ---- | C] () -- C:\WINDOWS\DICTEDIT.INI
[2005.01.25 00:51:34 | 000,001,140 | ---- | C] () -- C:\WINDOWS\tm.ini
[2005.01.25 00:51:30 | 000,002,364 | ---- | C] () -- C:\WINDOWS\PTP2004G.INI
[2005.01.25 00:35:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.01.24 23:52:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005.01.24 23:52:47 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.01.24 23:45:37 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2005.01.24 23:45:18 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005.01.24 23:45:17 | 000,006,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005.01.24 23:45:15 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005.01.15 10:31:58 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2004.12.16 16:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2004.12.14 12:19:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.08.12 12:33:02 | 000,321,024 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2004.08.12 11:50:46 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2004.08.04 02:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.06.04 21:22:14 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2004.05.18 22:20:50 | 000,622,592 | ---- | C] () -- C:\WINDOWS\System32\contfilt.dll
[2004.03.18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003.11.26 10:47:24 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2003.03.11 12:56:52 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2003.03.11 12:56:36 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2003.03.11 12:56:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.04.01 18:45:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2000.04.03 23:00:00 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998.04.24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:8FF81EB0
< End of report >
         
OTL Extras Log
Code:
ATTFilter
OTL Extras logfile created on: 18.07.2010 15:11:06 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Rühle\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 20,13 Gb Total Space | 0,64 Gb Free Space | 3,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 19,53 Gb Total Space | 4,79 Gb Free Space | 24,52% Space Free | Partition Type: NTFS
Drive G: | 29,30 Gb Total Space | 5,42 Gb Free Space | 18,49% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 39,07 Gb Total Space | 5,60 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive N: | 465,76 Gb Total Space | 371,47 Gb Free Space | 79,76% Space Free | Partition Type: NTFS
Drive P: | 41,01 Gb Total Space | 0,48 Gb Free Space | 1,17% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY
Current User Name: Rühle
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "P:\Programme\Grafik\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [Betrachten mit XnView] -- "P:\Programme\Grafik\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [Digital Photo Professional] -- P:\Programme\Grafik\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "P:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "P:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "P:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\TEMP\alg.exe" = C:\WINDOWS\TEMP\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\emule.exe" = P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\emule.exe:*:Enabled:eMule iONiX Mod -- (hxxp://www.emule-project.net)
"G:\Programme\GameSpy Arcade\Aphex.exe" = G:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"G:\Programme\EA GAMES\Need for Speed Underground 2\SPEED2.EXE" = G:\Programme\EA GAMES\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2 -- ()
"G:\Programme\Electronic Arts\Need for Speed Carbon\NFSC.exe" = G:\Programme\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC -- ()
"P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe" = P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Programme\Java\jre1.5.0_10\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"P:\Programme\Internet\Azureus\Azureus.exe" = P:\Programme\Internet\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"P:\Programme\Video\VideoLAN\vlc.exe" = P:\Programme\Video\VideoLAN\vlc.exe:*:Enabled:VLC media player -- ()
"P:\utorrent161.exe" = P:\utorrent161.exe:*:Enabled:µTorrent -- ()
"P:\Programme\Hardware\WMU-6500FS\Configure.exe" = P:\Programme\Hardware\WMU-6500FS\Configure.exe:*:Enabled:Configure -- (OvisLink Corp.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\ITscope MarketViewer 2.0\jre\bin\javaw.exe" = C:\Programme\ITscope MarketViewer 2.0\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre1.6.0_03\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"P:\Programme\Internet\Advanced VPN Client\NCPMON.exe" = P:\Programme\Internet\Advanced VPN Client\NCPMON.exe:*:Enabled:ncpmon.exe -- (NCP engineering GmbH)
"C:\Programme\Java\jre1.6.0_05\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"G:\Programme\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe" = G:\Programme\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage -- (Empire Interactive Ltd.)
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"P:\Programme\Music\MusicBrainz Picard\picard.exe" = P:\Programme\Music\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger -- ()
"C:\Programme\Brother\BRAdmin Professional 3\discover.exe" = C:\Programme\Brother\BRAdmin Professional 3\discover.exe:*:Enabled:BRAdmin Professional 3 -- ()
"C:\Programme\Brother\BRAdmin Professional 3\AuditorServer.exe" = C:\Programme\Brother\BRAdmin Professional 3\AuditorServer.exe:*:Enabled:BRAdmin Professional 3 -- ()
"C:\Programme\Brother\BRAdmin Professional 3\bradminv3.exe" = C:\Programme\Brother\BRAdmin Professional 3\bradminv3.exe:*:Enabled:BRAdmin Professional 3 -- (Brother Industries, Ltd.)
"P:\Programme\Video\SAMSUNG PC Share Manager\WiselinkPro.exe" = P:\Programme\Video\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- ()
"P:\Programme\Video\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = P:\Programme\Video\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- ()
"C:\WINDOWS\TEMP\alg.exe" = C:\WINDOWS\TEMP\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune3.6_Client_pivot
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{339E14FF-8FDC-4809-AAF2-87BA22905C7F}" = DirectX for Managed Code Update (December 2004)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin für gehostete Anwendungen
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0BAA62-FE2F-4C93-A10B-5E6DE3B424A5}" = BlueSoleil
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{53480880-18E0-4097-A460-F22DD3AC6D70}" = O&O DiskRecovery
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA9CCD6A-495C-43B3-8CBC-71BE9B0B9DC2}" = Zeitungen und Visitenkarten
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Anmelde-Assistent
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD58DA0-8FC9-40F6-9346-5B1528DEA638}" = IndyCar Series
"{CD522250-7AEE-4266-A821-6FB7C7018F13}" = ImageShack QuickLoad
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3GP Video Converter 3" = 3GP Video Converter 3
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AI RoboForm" = AI RoboForm (All Users)
"AirLive WMU-6500FS" = AirLive WMU-6500FS
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"baywotch3_is1" = BayWotch Update v3.1.101
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DRI Tool 2.0_is1" = DRI Tool 2.0
"DScaler 4.1.10_is1" = DScaler 4.1.10
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.5
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"Exif-Viewer" = Exif-Viewer 2.40 
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"FLV Player" = FLV Player 2.0, build 24
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Freez FLV to AVI/MPEG/WMV Converter 1.5_is1" = Freez FLV to AVI/MPEG/WMV Converter
"FTDICOMM" = SEMC DSS SyncStation Driver
"GameSpy Arcade" = GameSpy Arcade
"GcMail_is1" = GcMail
"Indeo® software" = Indeo® software
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.7
"MAGIX Media Manager 2004 gold" = MAGIX Media Manager 2004 gold
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MAGIX Video deLuxe 2005 PLUS" = MAGIX Video deLuxe 2005 PLUS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketViewer" = MarketViewer 2.0.8
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MPE" = MyPhoneExplorer
"MusicBrainz Picard" = MusicBrainz Picard
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NCP RWS/GA" = LANCOM Advanced VPN Client
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDFill PDF Writer" = PDFill PDF Writer
"PDF-XChange 3_is1" = PDF-XChange 3
"Personal Translator 2004 Office plus" = Personal Translator 2004 Office plus
"Phlips Vesta (Pro) Camera Uninstall" = Philips Vesta (Pro) Camera
"Phlips Vesta Camera WebUpdate Uninstall" = Philips Vesta Camera WebUpdate
"Photomatix Basic_is1" = Photomatix Basic version 1.0
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Qtpfsgui_is1" = Qtpfsgui 1.9.1
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ShapeCollage" = Shape Collage
"ShiftN_is1" = ShiftN 3.5
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"Tunatic" = Tunatic
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.1
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
"XnView_is1" = XnView 1.96
"XP Codec Pack" = XP Codec Pack
"YouTube Downloader_is1" = YouTube Downloader 2.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ITscope MarketViewer 2.0" = ITscope MarketViewer 2.0
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2010 16:04:18 | Computer Name = TOMMY | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 12.07.2010 16:04:20 | Computer Name = TOMMY | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 14.07.2010 14:11:08 | Computer Name = TOMMY | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
[ System Events ]
Error - 24.05.2010 13:28:37 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 25.05.2010 16:17:11 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 25.05.2010 16:17:11 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NTPort Library Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.05.2010 16:17:11 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 26.05.2010 04:23:27 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.05.2010 04:23:27 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NTPort Library Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 26.05.2010 04:23:27 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 26.05.2010 07:59:26 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.05.2010 07:59:26 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NTPort Library Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 26.05.2010 07:59:26 | Computer Name = TOMMY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
[ TuneUp Events ]
Error - 26.08.2009 05:45:27 | Computer Name = TOMMY | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 26.08.2009 06:47:13 | Computer Name = TOMMY | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 26.08.2009 08:49:14 | Computer Name = TOMMY | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         

Besten Dank!
__________________

Alt 18.07.2010, 17:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - AutoRun File - [2009.02.23 22:33:47 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:47 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:47 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:48 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.02.23 22:33:48 | 000,000,000 | RHSD | M] - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{04451b77-37cc-11de-bc7e-0011d849f781}\Shell\AutoRun\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
O33 - MountPoints2\{04451b77-37cc-11de-bc7e-0011d849f781}\Shell\open\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:8FF81EB0
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2010, 18:15   #5
TommyXP08
 
Mein HijackThis Log - System sauber? - Ausrufezeichen

Mein HijackThis Log - System sauber?



Wurde alles durchgeführt:

Code:
ATTFilter
All processes killed
========== OTL ==========
File  not found.
File  not found.
File  not found.
File  not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04451b77-37cc-11de-bc7e-0011d849f781}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04451b77-37cc-11de-bc7e-0011d849f781}\ not found.
File RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04451b77-37cc-11de-bc7e-0011d849f781}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04451b77-37cc-11de-bc7e-0011d849f781}\ not found.
File RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:8FF81EB0 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33186 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32985 bytes
 
User: remoteservice
 
User: Rühle
->Temp folder emptied: 907629172 bytes
->Temporary Internet Files folder emptied: 241609444 bytes
->Java cache emptied: 38174869 bytes
->FireFox cache emptied: 66918122 bytes
->Flash cache emptied: 105892 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 441660353 bytes
%systemroot%\System32 .tmp files removed: 11125774 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 9568128 bytes
Windows Temp folder emptied: 78696844 bytes
RecycleBin emptied: 68001619 bytes
 
Total Files Cleaned = 1.777,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07182010_174647

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         


Alt 18.07.2010, 19:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Mein HijackThis Log - System sauber?

Alt 18.07.2010, 21:43   #7
TommyXP08
 
Mein HijackThis Log - System sauber? - Ausrufezeichen

Mein HijackThis Log - System sauber?



Wurde alles ausgeführt!

Anbei die Combofix Log:

Code:
ATTFilter
ComboFix 10-07-16.02 - Rühle 18.07.2010  21:25:34.6.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Rühle\Desktop\Cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macromedia\SwUpdate
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macromedia\SwUpdate\Flags.dtd
c:\programme\pdfforge Toolbar\SeARchsettings.dll
C:\system.txt
C:\Thumbs.db
c:\windows\daemon.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-18 bis 2010-07-18  ))))))))))))))))))))))))))))))
.

2010-07-18 15:46 . 2010-07-18 15:46	--------	d-----w-	C:\_OTL
2010-07-14 20:19 . 2010-07-14 20:19	--------	d-----w-	c:\programme\Video
2010-07-10 17:20 . 2010-07-10 17:20	--------	d-----w-	c:\windows\system32\CSP
2010-06-27 10:42 . 2010-06-27 10:42	--------	d-----w-	c:\programme\Brother

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 19:32 . 2009-05-13 21:07	--------	d-----w-	c:\programme\pdfforge Toolbar
2010-07-18 19:08 . 2005-01-24 21:49	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-06-13 09:21 . 2010-05-28 18:22	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-06-13 09:20 . 2007-10-21 12:13	--------	d-----w-	c:\programme\DivX
2010-06-10 17:10 . 2010-01-25 19:47	--------	d-----w-	c:\programme\ICQ7.0
2010-06-06 19:43 . 2008-12-03 07:39	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Temp
2010-05-28 18:28 . 2010-05-28 18:28	57344	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-28 18:22 . 2010-05-28 18:27	1180952	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
2010-05-24 17:41 . 2005-02-26 10:45	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-08 17:06 . 2001-08-18 10:00	84872	-c--a-w-	c:\windows\system32\perfc007.dat
2010-05-08 17:06 . 2001-08-18 10:00	442514	-c--a-w-	c:\windows\system32\perfh007.dat
2010-04-29 13:39 . 2009-08-21 14:06	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-21 14:06	20952	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2000-01-28 16:17 . 2004-08-30 17:28	557328	-c--a-w-	c:\programme\Gemeinsame Dateien\dao360.dll
2004-07-03 20:09 . 2006-03-12 22:08	140800	-c--a-w-	c:\programme\mozilla firefox\plugins\al2np.dll
2008-08-16 16:42 . 2008-08-16 16:42	13112	-c--a-w-	c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42	70456	-c--a-w-	c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42	91448	-c--a-w-	c:\programme\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42	20800	-c--a-w-	c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43	206136	-c--a-w-	c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42	31032	-c--a-w-	c:\programme\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42	40248	-c--a-w-	c:\programme\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41	479232	-c--a-w-	c:\programme\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41	548864	-c--a-w-	c:\programme\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41	626688	-c--a-w-	c:\programme\mozilla firefox\plugins\msvcr80.dll
2008-06-19 08:16 . 2008-06-19 08:16	118784	-c--a-w-	c:\programme\mozilla firefox\plugins\MyCamera.dll
2008-06-05 12:58 . 2008-06-05 12:58	648504	-c--a-w-	c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42	23864	-c--a-w-	c:\programme\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\programme\ICQ7.0\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SearchSettings"="c:\programme\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2006-07-17 15360]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-5-17 25214]
BlueSoleil.lnk - p:\programme\Sonstige\BlueSoleil\BlueSoleil.exe [2005-8-31 1196032]
Logitech SetPoint.lnk - p:\programme\Sonstige\Logitech\SetPoint\SetPoint.exe [2008-12-30 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42	72208	----a-w-	c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="p:\programme\Office\Acrobat 7.0\Distillr\Acrotray.exe"
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"SearchSettings"=c:\programme\pdfforge Toolbar\SearchSettings.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"p:\\Programme\\Internet\\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\\eMule0.46c-ionix-4.33-uni-bin\\emule.exe"=
"g:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"g:\\Programme\\EA GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=
"g:\\Programme\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"p:\\Programme\\Sonstige\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"p:\\Programme\\Internet\\Azureus\\Azureus.exe"=
"p:\\Programme\\Video\\VideoLAN\\vlc.exe"=
"p:\\utorrent161.exe"=
"p:\\Programme\\Hardware\\WMU-6500FS\\Configure.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\ITscope MarketViewer 2.0\\jre\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"p:\\Programme\\Internet\\Advanced VPN Client\\NCPMON.exe"=
"c:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"g:\\Programme\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\ICQ7.0\\ICQ.exe"=
"c:\\Programme\\ICQ7.0\\aolload.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"p:\\Programme\\Music\\MusicBrainz Picard\\picard.exe"=
"p:\\Programme\\Video\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"p:\\Programme\\Video\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [10.05.2005 21:39 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [10.05.2005 21:39 5248]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.11.2009 20:07 108289]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]
R2 ncprwsnt;ncprwsnt;p:\programme\Internet\Advanced VPN Client\NCPRWSNT.EXE [06.04.2008 16:23 1019904]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [19.02.2005 19:47 446020]
R3 ncplentp;LANCOM Secure Client Adapter Driver;c:\windows\system32\drivers\NCPLENTP.SYS [06.04.2008 16:23 73408]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c9891622ea6ae6;Google Update Service (gupdate1c9891622ea6ae6);c:\programme\Google\Update\GoogleUpdate.exe [07.02.2009 13:20 133104]
S2 ncpclcfg;ncpclcfg;p:\programme\Internet\Advanced VPN Client\ncpclcfg.exe [06.04.2008 16:23 77824]
S2 NcpSec;NcpSec;p:\programme\Internet\Advanced VPN Client\NCPSEC.EXE [06.04.2008 16:23 45056]
S2 rwsrsu;RwsRsu;p:\programme\Internet\Advanced VPN Client\RWSRSU.exe [06.04.2008 16:23 266240]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [05.09.2008 03:01 4352]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [09.02.2006 01:06 6828]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [05.09.2008 03:01 265088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.02.2009 15:21 13224]
S3 phil2vid;Philips VGA-Kamera (USB);c:\windows\system32\drivers\philcam2.sys [22.08.2005 20:07 173696]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [03.10.2007 12:39 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [03.10.2007 12:39 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [03.10.2007 12:39 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [03.10.2007 12:39 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [03.10.2007 12:39 98568]
S3 ttBudget2;TechnoTrend BDA/DVB (BDA);c:\windows\system32\drivers\ttBudget2.sys [07.01.2009 22:20 455296]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;p:\programme\Video\SAMSUNG PC Share Manager\WiselinkPro.exe [06.11.2009 10:29 4235264]
.
Inhalt des "geplante Tasks" Ordners

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-07 11:20]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-07 11:20]

2010-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-920026266-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-06-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-920026266-839522115-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - p:\progra~1\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://p:\programme\Internet\robocom\RoboFormComFillForms.html
IE: RF - Formular speichern - file://p:\programme\Internet\robocom\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://p:\programme\Internet\robocom\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://p:\programme\Internet\robocom\RoboFormComShowToolbar.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: cyber-deployment.com
Trusted Zone: cyber-deployment.com
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\dokumente und einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\programme\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin2.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin3.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin4.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin5.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin6.dll
FF - plugin: p:\programme\DVD\quicktime\Plugins\npqtplugin7.dll
FF - plugin: p:\programme\Sonstige\Acrobat 7.0\Reader\browser\nppdf32.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-18 21:32
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B242628]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> 0x8b242628
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d3c
 ParseProcedure -> ntkrnlpa.exe @ 0x8057695c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d3c
 ParseProcedure -> ntkrnlpa.exe @ 0x8057695c
Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Hauppauge\NT]
@DACL=(02 0000)
"Version"="3.11.19205"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2010-07-18  21:35:23
ComboFix-quarantined-files.txt  2010-07-18 19:35

Vor Suchlauf: 2.394.361.856 Bytes frei
Nach Suchlauf: 2.331.160.576 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=3 Default=3 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B80F9B5E1BEACD83ADD2A6042098C5B5
         

Besten Dank!

Alt 21.07.2010, 22:03   #8
TommyXP08
 
Mein HijackThis Log - System sauber? - Ausrufezeichen

Mein HijackThis Log - System sauber?



@cosinus

Möchte ja keinen Druck machen. Hab von dir aber leider noch keine Rückmeldugng bekommen wie es mit meinem System jetzt ausschaut. Ob alles ok ist oder nicht.

Würde mich über kurze Rückmeldung freuen.


Besten Dank im Voraus!

Alt 22.07.2010, 15:03   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Hab Deinen Strang übersehen. Kann schonmal passieren wenn man täglich um die 50 Threads bearbeitet

CF hat da "nur" ein paar Dateien gelöscht, sonst sieht das Log rel. unauffällig aus.
Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2010, 23:33   #10
TommyXP08
 
Mein HijackThis Log - System sauber? - Frage

Mein HijackThis Log - System sauber?



Alles klar kein Problem. :-)

GMER hat wie vermutet leider nicht funktioniert.

Aber OSAM anbei die gewünschte Log
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:27:09 on 22.07.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"RealUpgradeLogonTaskS-1-5-21-1844237615-920026266-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-1844237615-920026266-839522115-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - P:\Programme\Sonstige\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl
"QuickTime" - "Apple Inc." - P:\programme\DVD\quicktime\QTSystem\QuickTime.cpl
"Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASInsHelp" (ASInsHelp) - ? - C:\WINDOWS\system32\drivers\AsInsHelp32.sys  (File not found)
"AsIO" (AsIO) - ? - C:\WINDOWS\system32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys
"Bluetooth Audio Service" (BlueletAudio) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys
"Bluetooth HID Device Service" (VHidMinidrv) - "IVT Corporation" - C:\WINDOWS\System32\drivers\VHIDMini.sys
"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\DRIVERS\vbtenum.sys  (File found, but it contains no detailed information)
"Bluetooth HID Manager Service" (BTHidMgr) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\BTHidMgr.sys
"Bluetooth PAN Network Adapter" (BT) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys
"Bluetooth SCO Audio Service" (BlueletSCOAudio) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys
"Bluetooth USB For Bluetooth Service" (Btcsrusb) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\btcusb.sys
"Bluetooth VComm Manager Service" (VcommMgr) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\VcommMgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\RHLE~1\LOKALE~1\Temp\catchme.sys  (File not found)
"cdrbsvsd" (cdrbsvsd) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsvsd.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"CpuIdle Pro System Driver" (cpuidlep) - ? - C:\WINDOWS\system32\drivers\cpuidlep.sys  (File found, but it contains no detailed information)
"d347bus" (d347bus) - " " - C:\WINDOWS\System32\DRIVERS\d347bus.sys
"d347prt" (d347prt) - " " - C:\WINDOWS\System32\Drivers\d347prt.sys
"DSDrv4" (DSDrv4) - ? - P:\PROGRA~1\TV-Karte\DScaler\DSDrv4.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"fxtdipoc" (fxtdipoc) - ? - C:\DOKUME~1\RHLE~1\LOKALE~1\Temp\fxtdipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"Hauppauge WinTV 848/9 WDM Video Driver" (HCWBT8XX) - "Hauppauge Computer Works" - C:\WINDOWS\System32\drivers\HCWBT8XX.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"LANCOM Secure Client Adapter Driver" (ncplentp) - ? - C:\WINDOWS\System32\DRIVERS\ncplentp.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Low level access layer for CD devices" (Pcouffin) - ? - C:\WINDOWS\System32\Drivers\Pcouffin.sys  (File not found)
"MagicTune" (MagicTune) - ? - C:\WINDOWS\system32\drivers\MTictwl.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\DOKUME~1\RHLE~1\LOKALE~1\Temp\mbr.sys  (File not found)
"NTPort Library Driver" (zntport) - ? - C:\WINDOWS\system32\zntport.sys  (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27bus.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)" (se27nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se27nd5.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)" (se27unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se27unic.sys
"Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)" (SE27mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys
"Sony Ericsson Device 039 USB WMC Modem Driver" (SE27mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mdm.sys
"Sony Ericsson Device 039 USB WMC Modem Filter" (SE27mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys
"Sony Ericsson Device 039 USB WMC OBEX Interface" (SE27obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27obex.sys
"sptd" (sptd) - ? - C:\WINDOWS\System32\Drivers\sptd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - ? - C:\WINDOWS\System32\drivers\sfvfs02.sys  (File not found)
"TechnoTrend BDA/DVB (BDA)" (ttBudget2) - "TechnoTrend AG" - C:\WINDOWS\System32\drivers\ttBudget2.sys
"Vimicro Camera Filter Service VMUVC" (vvftUVC) - ? - C:\WINDOWS\System32\drivers\vvftUVC.sys  (File not found)
"Vimicro Camera Service VMUVC" (VMUVC) - ? - C:\WINDOWS\System32\Drivers\VMUVC.sys  (File not found)
"Virtual Serial port driver" (VComm) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\VComm.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - P:\Programme\Office\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - P:\Programme\Office\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -   (File not found | COM-object registry key not found)
{330417E8-EF62-4047-82BE-D8305CEFF572} "AMEncShlExt extension" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - P:\Programme\Office\Microsoft Office\Visio11\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpowerAMP Music Converter" - ? -   (File not found | COM-object registry key not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpowerAMP Music Converter 1" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - P:\Programme\Office\Microsoft Office\Visio11\VISSHE.DLL
{0f0a4d40-adf0-4e8f-98d8-7208b98be01e} "ImageShack QuickLoad Image Uploader" - ? -   (File not found | COM-object registry key not found)
{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internetverknüpfung" - ? - C:\WINDOWS\system32\ieframe.dll  (File not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - P:\Programme\Sonstige\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - P:\Programme\Sonstige\Logitech\SetPoint\mcplext.dll
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - P:\Programme\Office\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - P:\PROGRA~1\Office\MICROS~1\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - P:\PROGRA~1\Office\MICROS~1\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - P:\Programme\Sonstige\Sony Ericsson\Mobile2\File Manager\FM.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - P:\Programme\Sonstige\Sony Ericsson\Mobile2\File Manager\FM.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - P:\Programme\Sonstige\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&RoboForm" - "Siber Systems" - P:\Programme\Internet\robocom\roboform.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -   (File not found | COM-object registry key not found) / 
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / 
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Ausfüllen" - ? - P:\Programme\Internet\robocom\RoboFormComFillForms.html
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File not found)
"ICQ7" - "ICQ, LLC." - C:\Programme\ICQ7.0\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - P:\PROGRA~1\Office\MICROS~1\OFFICE11\REFIEBAR.DLL
"RoboForm" - ? - P:\Programme\Internet\robocom\RoboFormComShowToolbar.html
"Speichern" - ? - P:\Programme\Internet\robocom\RoboFormComSavePass.html
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&RoboForm" - "Siber Systems" - P:\Programme\Internet\robocom\roboform.dll
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - P:\Programme\Office\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - P:\Programme\Office\Acrobat 7.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"BlueSoleil.lnk" - "IVT Corporation" - P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Rühle\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"SearchSettings" - "Spigot, Inc." - C:\Programme\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"CUSTPDF Writer Monitor" - ? - C:\WINDOWS\system32\custmon2k.dll  (File found, but it contains no detailed information)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"BlueSoleil Hid Service" (BlueSoleil Hid Service) - ? - P:\Programme\Sonstige\BlueSoleil\BTNtService.exe  (File found, but it contains no detailed information)
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Fismad" (Fismad) - ? - C:\WINDOWS\system32\drivers\Fismad.sys  (File not found)
"Google Update Service (gupdate1c9891622ea6ae6)" (gupdate1c9891622ea6ae6) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod Service" (iPod Service) - ? - "P:\Programme\iPod\bin\iPodService.exe"  (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\usnsvc.exe
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
"ncpclcfg" (ncpclcfg) - ? - P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe  (File found, but it contains no detailed information)
"ncprwsnt" (ncprwsnt) - "NCP Engineering GmbH" - P:\Programme\Internet\Advanced VPN Client\ncprwsnt.exe
"NcpSec" (NcpSec) - ? - P:\Programme\Internet\Advanced VPN Client\ncpsec.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
"RwsRsu" (rwsrsu) - ? - P:\Programme\Internet\Advanced VPN Client\rwsrsu.exe  (File found, but it contains no detailed information)
"SAMSUNG WiselinkPro Service" (WiselinkPro) - ? - P:\Programme\Video\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
"Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Anbei der Screenshot von bootkit_remover mit dem Ergebnis:




Besten Dank im Voraus!

Alt 22.07.2010, 23:42   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
ATTFilter
remover.exe fix \\.\PhysicalDrive0
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2010, 23:58   #12
TommyXP08
 
Mein HijackThis Log - System sauber? - Ausrufezeichen

Mein HijackThis Log - System sauber?



Alles gut verlaufen.



Danke

Alt 23.07.2010, 00:16   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Dann zur Kontrolle, ob der MBR auch wirklich ok ist, die remover.exe per Doppelklick ausführen und die Ausgabe hier wieder posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.07.2010, 20:24   #14
TommyXP08
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Hallo,
hatte ein wenig gedauert mit der Rückmeldung von mir. sorry.

Vorab erst mal eine kleine Anmerkung:
Als ich am nächsten Tag meinen Rechner gestartet hatte, waren auf einmal alle Laufwerksbuchstaben vertauscht bzw. geändert gewesen. Das Windows ist normal auf C: geblieben aber bei meinen anderen Partitionen wurde entweder die Laufwerksbuchstaben vertauscht oder es waren komplett andere gewesen. Verschiedene Programme die ich auf der einen Partition hatte, wurde nicht mehr gefunden.
Durch die Datenträgerverwaltung konnte ich aber gott sei Dank die Laufwerksbuchstaben wieder manuell abändern. Nach einem Neustart war dann alles wieder OK gewesen und die Programme wurden auch wieder gefunden.

Entweder war ein Eingriff zu sehr stark ins System gewesen oder die ganze Sache war ganz unabhängig von dem gewesen.

Was meinst du dazu?


Hier nun der Screenshot von der remover.exe.




Besten Dank für deine Unterstützung.

Alt 29.07.2010, 14:27   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein HijackThis Log - System sauber? - Standard

Mein HijackThis Log - System sauber?



Zitat:
Was meinst du dazu?
Ist mir bei einer Bereinigung noch nicht untergekommen. Die Ursache kann ich Dir nicht nennen.
Der MBR sieht soweit auch ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Mein HijackThis Log - System sauber?
adobe, antivir, antivir guard, avg, avira, bho, defender, desktop, einstellungen, entfernen, excel, explorer, forum, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, log file, logfile, pdfforge toolbar, rundll, software, spigot, spyware, system, system sauber?, virus, windows, windows xp



Ähnliche Themen: Mein HijackThis Log - System sauber?


  1. Ist mein System sauber ?
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  2. Ist mein System Sauber ?
    Log-Analyse und Auswertung - 27.09.2011 (0)
  3. Ist mein System sauber?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (5)
  4. Mein HijackThis log, wie bekomm ich mein System sauber?
    Log-Analyse und Auswertung - 29.07.2010 (6)
  5. Ist mein System sauber?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2009 (2)
  6. Ist mein System sauber?
    Log-Analyse und Auswertung - 18.09.2009 (20)
  7. ist mein System sauber??
    Log-Analyse und Auswertung - 18.09.2009 (6)
  8. ist mein system sauber ?
    Log-Analyse und Auswertung - 23.05.2009 (1)
  9. Ist mein System nun sauber?
    Mülltonne - 17.10.2008 (0)
  10. Ist mein System sauber?
    Log-Analyse und Auswertung - 24.06.2008 (4)
  11. Ist mein System sauber?
    Mülltonne - 27.01.2008 (3)
  12. ist mein system sauber?
    Log-Analyse und Auswertung - 18.10.2007 (1)
  13. Ist mein System sauber?
    Log-Analyse und Auswertung - 04.09.2006 (5)
  14. Ist mein System sauber?
    Log-Analyse und Auswertung - 21.12.2005 (5)
  15. Ist mein System sauber????
    Log-Analyse und Auswertung - 10.12.2005 (5)
  16. Ist mein System sauber
    Log-Analyse und Auswertung - 20.05.2005 (9)
  17. Ist mein System sauber???
    Log-Analyse und Auswertung - 16.02.2005 (1)

Zum Thema Mein HijackThis Log - System sauber? - Hallo, hatte vor kurzem irgendeine Spyware oder Virus auf meinem PC gehabt. Irgendetwas mit smss32.exe und eine Datei die sich unter C:\WINDOWS\SYSTEM32\ befand. Lies sich aber alles gut entfernen mit - Mein HijackThis Log - System sauber?...
Archiv
Du betrachtest: Mein HijackThis Log - System sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.