Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.07.2010, 17:40   #1
Yannick S.
 
Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden. - Standard

Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden.



Hey Leute,

ich habe leider von Virusbekämpfung wenig Ahnung und finde mich bei Google und auch hier nur sehr schlecht zurecht.

Mein Antivir spuckt immer folgendes aus:

Zitat:
Gefährliches Backdoorprogramm BDS/Papras.GD gefunden.
Ich habe Spybot über den Rechner laufen lassen und auch den CCleaner seine Arbeit machen lassen. Spybot findet nichts.

Nach einigem Suchen habe ich dann auch OTL gestartet, wie es in einem anderen Thread beschrieben wurde.


Dabei kam folgendes raus:

Extras.txt:
Zitat:
OTL Extras logfile created on: 18.07.2010 18:21:47 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\OTL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17184)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 584,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 24,26 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YANNICK
Current User Name: Yannick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = jsfile] -- C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\xampp\apache\bin\Apache.exe" = C:\Programme\xampp\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\xampp\mysql\bin\mysqld.exe" = C:\Programme\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\SFT Loader\leecher.exe" = C:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher -- ()
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe" = C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000 -- File not found
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Programme\Sierra\FEAR\fpupdate.exe" = C:\Programme\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\Counter-Strike Source\hl2.exe" = C:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader\leecher.exe" = C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- (Darksoft Projects)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bohemia Interactive\ArmA\arma.exe" = C:\Program Files\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA -- File not found
"C:\Programme\Age of Empires II\Age2_x1\age2_x1.exe" = C:\Programme\Age of Empires II\Age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Programme\Age of Empires II\empires2.exe" = C:\Programme\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Navigo\Catan-Insel\Catan.exe" = C:\Programme\Navigo\Catan-Insel\Catan.exe:*:Enabled:Catan - Die erste Insel -- (Funatics Development)
"C:\Programme\Microsoft Games\Age of Empires\Empires.exe" = C:\Programme\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader 2009 RC2\leecher.exe" = C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader 2009 RC2\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"C:\Programme\Sierra\FEAR\FEAR.exe" = C:\Programme\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1B11537-EA51-4DD8-BF1E-098BEE48868D}" = VeohTV BETA
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"7-Zip" = 7-Zip 4.57
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Age of Empires" = Microsoft Age of Empires
"Age of Empires II - The Conquerors Expansion" = Age of Empires II - The Conquerors Expansion Uninstaller
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"AOE Trial" = Microsoft Age of Empires Trial
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"Catan" = Catan - Die erste Insel
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"FileZilla" = FileZilla (remove only)
"Fraps" = Fraps
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8 Beta 1
"InstallShield_{D1B11537-EA51-4DD8-BF1E-098BEE48868D}" = VeohTV BETA
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Lite 8.2.8.0
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoFiltre Studio" = PhotoFiltre Studio
"RealPlayer 12.0" = RealPlayer
"SFT Loader" = SFT Loader 2006
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"TmNationsForever_is1" = TmNationsForever
"Verbindungsassistent" = Verbindungsassistent
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"VideoEgg" = VideoEgg Publisher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.07.2010 16:06:50 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mrt.exe, Version 3.9.3901.0, fehlgeschlagenes
Modul mrt.exe, Version 3.9.3901.0, Fehleradresse 0x0002a301.

Error - 15.07.2010 16:07:37 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.

Error - 15.07.2010 16:08:03 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rundll32.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul hotplug.dll, Version 5.1.2600.2180, Fehleradresse 0x000054b2.

Error - 15.07.2010 16:09:10 | Computer Name = YANNICK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung MRT.exe, Version 3.9.3901.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 15.07.2010 16:11:31 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.3541, Fehleradresse 0x00012a6b.

[ System Events ]
Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 14.07.2010 05:04:46 | Computer Name = YANNICK | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0030846D6D0D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 15.07.2010 04:29:40 | Computer Name = YANNICK | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
0030846D6D0D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.js [@ = jsfile] -- C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\xampp\apache\bin\Apache.exe" = C:\Programme\xampp\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\xampp\mysql\bin\mysqld.exe" = C:\Programme\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\SFT Loader\leecher.exe" = C:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher -- ()
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe" = C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000 -- File not found
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Programme\Sierra\FEAR\fpupdate.exe" = C:\Programme\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\Counter-Strike Source\hl2.exe" = C:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader\leecher.exe" = C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- (Darksoft Projects)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bohemia Interactive\ArmA\arma.exe" = C:\Program Files\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA -- File not found
"C:\Programme\Age of Empires II\Age2_x1\age2_x1.exe" = C:\Programme\Age of Empires II\Age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Programme\Age of Empires II\empires2.exe" = C:\Programme\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Navigo\Catan-Insel\Catan.exe" = C:\Programme\Navigo\Catan-Insel\Catan.exe:*:Enabled:Catan - Die erste Insel -- (Funatics Development)
"C:\Programme\Microsoft Games\Age of Empires\Empires.exe" = C:\Programme\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader 2009 RC2\leecher.exe" = C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\SFT Loader 2009 RC2\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"C:\Programme\Sierra\FEAR\FEAR.exe" = C:\Programme\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1B11537-EA51-4DD8-BF1E-098BEE48868D}" = VeohTV BETA
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"7-Zip" = 7-Zip 4.57
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Age of Empires" = Microsoft Age of Empires
"Age of Empires II - The Conquerors Expansion" = Age of Empires II - The Conquerors Expansion Uninstaller
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"AOE Trial" = Microsoft Age of Empires Trial
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"Catan" = Catan - Die erste Insel
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"FileZilla" = FileZilla (remove only)
"Fraps" = Fraps
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8 Beta 1
"InstallShield_{D1B11537-EA51-4DD8-BF1E-098BEE48868D}" = VeohTV BETA
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Lite 8.2.8.0
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoFiltre Studio" = PhotoFiltre Studio
"RealPlayer 12.0" = RealPlayer
"SFT Loader" = SFT Loader 2006
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"TmNationsForever_is1" = TmNationsForever
"Verbindungsassistent" = Verbindungsassistent
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"VideoEgg" = VideoEgg Publisher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.07.2010 16:06:50 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mrt.exe, Version 3.9.3901.0, fehlgeschlagenes
Modul mrt.exe, Version 3.9.3901.0, Fehleradresse 0x0002a301.

Error - 15.07.2010 16:07:37 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.

Error - 15.07.2010 16:08:03 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rundll32.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul hotplug.dll, Version 5.1.2600.2180, Fehleradresse 0x000054b2.

Error - 15.07.2010 16:09:10 | Computer Name = YANNICK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung MRT.exe, Version 3.9.3901.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 15.07.2010 16:11:31 | Computer Name = YANNICK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spybotsd.exe, Version 1.6.2.46, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.3541, Fehleradresse 0x00012a6b.

[ System Events ]
Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error - 11.07.2010 18:01:52 | Computer Name = YANNICK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 14.07.2010 05:04:46 | Computer Name = YANNICK | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0030846D6D0D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 15.07.2010 04:29:40 | Computer Name = YANNICK | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
0030846D6D0D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).


< End of report >

und


OTL.txt:

Zitat:
OTL logfile created on: 18.07.2010 18:21:47 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\OTL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17184)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 584,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 24,26 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YANNICK
Current User Name: Yannick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Installer\OTL\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\convntsd.dll ()
MOD - C:\WINDOWS\system32\IESetting.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.icq.com/hxxp://start.icq.com/ [binary data]
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=105563
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-308236825-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.01.08 20:07:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 00:02:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009.09.25 07:03:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.15 07:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.29 21:38:43 | 000,000,000 | ---D | M]

[2010.07.18 16:15:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.11.29 19:45:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.03 12:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.15 07:03:35 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.01.08 20:08:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010.04.15 07:03:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2010.04.15 07:03:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.01 23:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\libdivx.dll
[2009.01.08 20:07:44 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.12 20:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2009.05.19 00:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007.12.19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010.04.15 07:03:27 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2003.07.14 22:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007.05.10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2009.09.25 07:03:42 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
[2009.09.25 07:03:52 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
[2009.09.25 07:03:32 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
[2009.05.01 23:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
[2010.02.11 21:38:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.11 21:38:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.11 21:38:33 | 000,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2010.02.11 21:38:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.06.22 21:12:27 | 000,005,632 | -HS- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\Thumbs.db
[2010.02.11 21:38:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.11 21:38:33 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-308236825-839522115-1005\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1715567821-308236825-839522115-1005..\Run: [] File not found
O4 - HKU\S-1-5-21-1715567821-308236825-839522115-1005..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1715567821-308236825-839522115-1005..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1715567821-308236825-839522115-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-308236825-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.15 14:08:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: bootnsta - (C:\WINDOWS\system32\convntsd.dll) - C:\WINDOWS\system32\convntsd.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.07.18 18:05:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.07.18 16:30:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Yannick\Recent
[2010.07.14 16:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
[2010.07.14 16:13:42 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2010.06.30 08:19:33 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Yannick\Eigene Dateien\Kopie von Eigene Bilder
[2010.06.24 07:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yannick\Desktop\Musik Handy Alt
[2010.06.24 00:55:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.18 17:56:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.18 17:47:02 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.07.18 17:36:40 | 000,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.18 17:28:30 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.07.18 16:16:02 | 011,272,192 | -H-- | M] () -- C:\Dokumente und Einstellungen\Yannick\NTUSER.DAT
[2010.07.18 12:43:30 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.18 12:43:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 12:43:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.18 12:43:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.16 01:13:45 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Yannick\ntuser.ini
[2010.07.15 14:12:39 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.14 16:13:38 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Yannick\Desktop\CCleaner.lnk
[2010.07.11 07:44:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.10 14:02:46 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.06 18:23:45 | 002,109,166 | -H-- | M] () -- C:\Dokumente und Einstellungen\Yannick\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.07.01 00:43:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\convntsd.dll
[2010.06.24 00:56:41 | 001,032,878 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.24 00:56:41 | 000,462,322 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.24 00:56:41 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.24 00:56:41 | 000,085,344 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.24 00:56:41 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.15 14:12:39 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.12 15:37:33 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.11 07:44:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.10 18:35:56 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.07.01 00:43:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\convntsd.dll
[2009.10.07 20:36:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.21 22:02:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.04.21 21:58:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2008.03.31 18:16:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.01.11 16:06:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.01.10 02:22:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.01.10 02:22:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.11.23 15:35:11 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.11.15 15:34:11 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007.11.15 14:10:47 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.02 16:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.08.02 16:35:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.08.02 16:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.08.02 16:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004.08.04 14:00:00 | 000,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.01.27 22:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2010.03.17 20:14:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.05.17 22:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.02.15 16:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2008.06.28 09:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\AVSMedia
[2008.02.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\BitTorrent
[2008.01.22 15:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2010.07.18 18:14:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\DNA
[2010.07.18 17:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\ICQ
[2007.11.18 19:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\ICQ Toolbar
[2007.11.15 14:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Opera
[2008.04.21 22:02:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Panasonic
[2010.03.06 14:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Verbindungsassistent
[2008.02.21 21:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\VideoEgg
[2010.07.18 17:56:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.18 17:47:02 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.04.02 20:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Adobe
[2008.05.06 20:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\AVS4YOU
[2008.06.28 09:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\AVSMedia
[2008.02.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\BitTorrent
[2008.01.22 15:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.12.15 15:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Corel
[2007.12.16 00:54:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\CyberLink
[2007.12.28 22:46:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\DivX
[2010.07.18 18:14:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\DNA
[2007.11.27 17:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Google
[2009.08.08 16:36:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Hamachi
[2007.12.09 20:36:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Help
[2010.07.18 17:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\ICQ
[2007.11.18 19:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\ICQ Toolbar
[2007.11.15 14:15:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Identities
[2007.11.15 15:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\InstallShield
[2007.11.15 23:24:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Macromedia
[2010.07.14 16:13:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Media Player Classic
[2010.01.18 07:37:06 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Microsoft
[2008.09.09 18:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Mozilla
[2007.11.15 14:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Opera
[2008.04.21 22:02:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Panasonic
[2009.09.25 07:04:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Real
[2008.01.21 01:07:50 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\SecuROM
[2009.06.01 13:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Skype
[2009.06.01 11:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\skypePM
[2008.02.27 01:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Sun
[2010.03.06 14:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Verbindungsassistent
[2008.02.21 21:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\VideoEgg
[2009.01.08 21:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\WinRAR
[2010.07.14 16:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Yahoo!

< %APPDATA%\*.exe /s >
[2009.12.25 13:27:20 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009.12.25 13:27:20 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009.12.25 13:27:20 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2008.02.21 21:12:35 | 000,084,897 | ---- | M] () -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\VideoEgg\Uninstall.exe
[2007.06.22 00:43:00 | 000,197,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\VideoEgg\Updater\updater.exe
[2007.06.22 00:42:48 | 000,083,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Yannick\Anwendungsdaten\VideoEgg\Updater\VideoEggBroker.exe

< %SYSTEMDRIVE%\*.exe >
[2006.12.20 19:00:38 | 000,237,056 | ---- | M] () -- C:\Build.exe
[2007.03.16 20:48:58 | 061,884,682 | ---- | M] () -- C:\Unlocker_v1.4.1.exe


< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004.09.26 15:24:54 | 000,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2004.05.18 15:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys

< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.11.15 14:57:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.11.15 14:57:01 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.11.15 14:57:01 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< 5. Klicke "run Scan" >

< 6. 2 reporte werden erstellt: >

< OTL.Txt >

< Extras.Txt >
< End of report >

< MD5 for: [2004.05.18 15:55:26 | 000,074,112 | ---- | M] (VIA TECHNOLOGIES INC,.LTD) >
[2004.05.18 15:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\OEM\viapdsk\viamraid.sys

< MD5 for: [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (MICROSOFT CORPORATION) >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< MD5 for: [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION) >
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

< MD5 for: [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (MICROSOFT CORPORATION) >
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA CORPORATION) >
[2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys

< MD5 for: [2004.09.26 15:24:54 | 000,477,952 | ---- | M] (INTEL CORPORATION) >
[2004.09.26 15:24:54 | 000,477,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\OEM\iaStor\iaStor.sys

< MD5 for: [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (MICROSOFT CORPORATION) >
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.11.15 14:57:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.11.15 14:57:01 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.11.15 14:57:01 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< 5. Klicke "run Scan" >

< 6. 2 reporte werden erstellt: >

< OTL.Txt >

< Extras.Txt >

< End of report >

Ich hoffe, ihr könnt mir nun weiterhelfen. Dieses "Backdoorprogramm" ist nämlich wirklich nervig. Ich bin bereit alles zu tun, nur Formatieren wäre sehr übel.


Vielen Dank schonmal,
Gruß Yannick

Alt 18.07.2010, 18:09   #2
Yannick S.
 
Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden. - Standard

Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden.



Entschudligung für den Doppelpost.
Ich kann leider das "Yannick" nicht durch "***" ersetzen, weil dann der Text nicht mehr in des Edit-Fenster passt...
__________________


Antwort

Themen zu Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden.
0x00000001, 7-zip, acroiehelper.dll, antivir, avgntflt.sys, avira, bereit, bho, bonjour, browser, components, counter-strike source, desktop, error, excel, excel.exe, firefox, flash player, google, grand theft auto, helper, home, homepage, iastor.sys, iexplore.exe, internet browser, jucheck.exe, jusched.exe, launch, location, locker, logfile, mozilla, mp3, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, realtek, registry, rundll, safer networking, saver, schannel.dll, searchplugins, security, server, shell32.dll, sierra, skype.exe, software, systray, torrent.exe, webcheck, wenig ahnung, windows internet, windows internet explorer, wma



Ähnliche Themen: Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden.


  1. Backdoorprogramm BDS/TDSS.3020846 gefunden u.a.
    Log-Analyse und Auswertung - 23.11.2010 (10)
  2. BDS/Papras.UW durch AntiVir in clipress.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (18)
  3. Backdoorprogramm BDS/Papras.VZ-Lösung
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (1)
  4. Backdoorprogramm BDS/Papras.VZ
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (12)
  5. gefährliches Backdooprogramm BDS/Papras.PK
    Log-Analyse und Auswertung - 03.10.2010 (22)
  6. BDS/Papras.pk durch AntiVir in mounkeys.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (13)
  7. Malware gefunden: autoougc.dll = TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (3)
  8. Gefährliches Backdoorprogramm
    Log-Analyse und Auswertung - 18.07.2010 (21)
  9. Backdoorprogramm BPS/Papras.KN entdeckt - lässt sich aber nicht entfernen
    Log-Analyse und Auswertung - 13.07.2010 (1)
  10. Backdoorprogramm BDS/Papras.JE
    Log-Analyse und Auswertung - 10.07.2010 (5)
  11. Werde das Backdoorprogramm BDS/Papras.JR nicht los
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (9)
  12. "gefährliches Backdoorprogramm BDS/Papras.HI" - krnlutou.dll
    Log-Analyse und Auswertung - 25.06.2010 (74)
  13. Gefährliches backdoorprogramm
    Plagegeister aller Art und deren Bekämpfung - 23.03.2009 (10)
  14. gefährliches Backdoorprogramm und TR/Qhost.kzn
    Log-Analyse und Auswertung - 19.01.2009 (1)
  15. bds/haxdoor.LJ.1 gefährliches backdoorprogramm, lässt sich nicht löschen
    Mülltonne - 03.11.2007 (0)
  16. BDS/Haxdoor.LJ.1 gefährliches backdoorprogramm...?
    Mülltonne - 24.08.2007 (5)
  17. Backdoorprogramm BDS/HacDef.BJ bei mir gefunden!
    Plagegeister aller Art und deren Bekämpfung - 10.09.2005 (5)

Zum Thema Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden. - Hey Leute, ich habe leider von Virusbekämpfung wenig Ahnung und finde mich bei Google und auch hier nur sehr schlecht zurecht. Mein Antivir spuckt immer folgendes aus: Zitat: Gefährliches Backdoorprogramm - Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden....
Archiv
Du betrachtest: Gefährliches Backdoorprogramm BDS/Papras.GD Gefunden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.