Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AntiVir Pro Solution- ist es noch da?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.08.2010, 19:32   #1
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Hallo, zuerst muss ich sagen, dass ich es super finde, dass es euch gibt und wie gut ihr hier helft.
Nun zu meinem Problem:
Vorhin ging plötzlich das Fenster von Windows Media Player auf und ne Meldung, dass dieser irgend eine Datei nicht öffnen kann. Plötzlich das Bild von Antivir Pro Solution. (Hatte das vor Wochen schon, wurde im Computerladen entfernt)
Habe rkill laufen lassen, dann den Haken bei Interneteinstellungen raus und dann kompletter Scan mit Malewarebytes gemacht und Neustart.
Als der PC hochfuhr, kam die Meldung, dass das System nach einem schwerwiegenden Fehler wieder ausgeführt wird und nun kommt unten rechts öfters mal die Sprechblase von Antimaleware, dass der Zugang zu einer potentiellen schwerwiegenden Seite geblockt wird. Also muss da doch noch was sein.
Was soll ich nun machen? Meine PC-Kenntnisse sind auf dem Gebiet doch recht mau, also verzeiht mir, falls ich mich blöd ausdrücke.
Hier mal der Bericht von Antimalware, hoffe, es ist ok so:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.08.2010 20:10:39
mbam-log-2010-08-08 (20-10-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 217307
Laufzeit: 1 Stunde(n), 11 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkjvqdvm (Malware.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkjvqdvm (Malware.Gen) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\kmermvsyi\lxnltautssd.exe (Malware.Gen) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Desktop\Privat\diverses\AI.Roboform.Pro.v6.9.82 100% OK\Patch.exe (RiskWare.Tool.CK) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Temp\0.9069686363966039.exe (Malware.Gen) -> No action taken.
C:\Programme\Navilog1\gnc.exe (Trojan.Dropper) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Wäre super, wenn mir jemand kurz sagen könnte, was da los ist und was ich noch machen muss/soll. Ich sag schon mal danke!

Alt 08.08.2010, 20:33   #2
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________

__________________

Alt 08.08.2010, 21:01   #3
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



schreibe gerade vom Netbook. Hab load jetzt drauf, und die Schritte durchgeführt, aber: bei GMER stürzt Laptop ab, sobald der Scann startet und bei tfc hab ich das Problem, dass da steht: stopping running processes, aber wenn ich start klicke, passiert nichts. Hab letzt nen leeren Hintergrund und diese Sanduhr statts Mauszeiger, geht auch nicht zu schließen. Was nun? Die anderen Sachen hab ich gemacht
__________________

Alt 08.08.2010, 21:47   #4
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



kannst Du im Taskmanager (strg+alt+entf) den Process tfc.exe killen ?

Starte danach den Rechner neu auf und poste mir die Logfiles aus der .pdf
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.08.2010, 22:19   #5
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Ging auch nicht, musste den AUS-Knopf drücken.
Was mir noch auffiel, seit ich antivir pro solution draufhatte, öffneten sich ständig Pornoseiten, selber konnte ich jedoch keine Seite im Internet öffnen.
gmer stürzt immer ab, also xp startet neu, wenn ich scannen will. Die Sprechblase unten rechts (potent. gefährl. Seite) kommt noch immer.
Hier mal die Reports der anderen:

OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.08.2010 22:54:51 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Kerstin\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
8,00 Gb Paging File | 8,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 4985 9970 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 24,90 Gb Free Space | 24,89% Space Free | Partition Type: NTFS
Drive D: | 197,10 Gb Total Space | 197,03 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 835,88 Mb Free Space | 83,25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PB
Current User Name: Kerstin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.08 21:36:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerstin\Desktop\MFTools\OTL.exe
PRC - [2010.07.23 15:48:45 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010.07.23 08:24:42 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.07.23 08:24:42 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.07.23 08:24:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.29 12:19:20 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.04.29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.03.02 10:29:55 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:29:19 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.02.18 18:04:54 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2009.02.03 09:01:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.02.13 00:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.08 21:36:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerstin\Desktop\MFTools\OTL.exe
MOD - [2008.04.14 07:51:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010.07.23 08:24:42 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.07.23 08:24:42 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.07.23 08:24:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:29:19 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.02.18 18:04:54 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2009.02.03 00:03:18 | 000,603,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.02.03 00:03:14 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.12.11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.02.13 00:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (O2Flash)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.03.01 09:06:38 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.28 10:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.03 00:27:27 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.01.14 09:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.12.25 18:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.11.08 10:55:18 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.11.04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.11.04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008.11.04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008.11.04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008.11.04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.11.04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008.11.04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008.11.03 13:16:06 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.10.30 22:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.10.02 20:01:46 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.01.15 18:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.02.20 17:01:00 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005.04.14 00:00:00 | 000,085,120 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctxusbtv.sys -- (CXLWIRE) USB Hybrid Video Capture (DVB-T/PAL)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.01.16 14:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2002.09.16 18:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2009.04.21 21:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Mozilla\Extensions
[2009.04.21 21:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
 
O1 HOSTS File: ([2009.02.03 00:04:49 | 000,292,082 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10056 more lines...
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Yahoo! Toolbar) - {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} - C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\YahooToolbar\IE\YahooToolbar.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\Shell - "" = AutoRun
O33 - MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\Shell - "" = AutoRun
O33 - MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\Shell - "" = AutoRun
O33 - MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.08 21:39:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.08 21:38:54 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.08.08 21:36:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Desktop\MFTools
[2010.08.08 19:34:03 | 009,157,960 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Kerstin\Desktop\SUPERAntiSpyware.exe
[2010.08.08 18:53:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.08 18:53:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.08 18:53:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.08 18:21:59 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Kerstin\Desktop\dududu.exe
[2010.08.08 17:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\kmermvsyi
[2010.08.08 10:33:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Desktop\KindskoepfeSCRMD_M2sbf
[2010.08.06 11:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.07.30 06:24:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
[2010.07.29 20:19:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Desktop\ToyStory3DVDSCREENERChefflo_M1sbf
[2010.07.26 14:40:13 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys
[2010.07.23 22:22:29 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2010.07.23 19:33:09 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.07.23 19:33:03 | 000,228,784 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010.07.23 19:33:03 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCtrl.dll
[2010.07.23 19:33:03 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010.07.23 19:33:03 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010.07.23 19:33:02 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCOM.dll
[2010.07.23 16:00:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\YahooToolbar
[2010.07.23 09:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010.07.23 09:20:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010.07.23 09:20:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.07.23 09:20:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010.07.23 08:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.07.23 08:28:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Avira
[2010.07.23 08:20:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.07.23 08:20:50 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.07.23 08:20:50 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.07.23 08:20:50 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.07.23 08:20:50 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.07.23 08:20:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.07.22 16:10:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.07.22 15:02:59 | 000,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2010.07.22 15:02:59 | 000,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2010.07.22 15:02:59 | 000,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2010.07.22 15:02:59 | 000,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2010.07.22 15:02:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\PC Tools
[2010.07.22 14:58:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Kerstin\IECompatCache
[2010.07.22 14:57:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Kerstin\PrivacIE
[2010.07.22 14:38:18 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Kerstin\IETldCache
[2010.07.22 14:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.07.22 14:30:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.07.22 13:34:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Malwarebytes
[2010.07.22 13:34:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.02 18:18:10 | 000,621,056 | R--- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2010.06.02 18:18:10 | 000,113,664 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2010.06.02 18:18:10 | 000,101,376 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010.06.02 18:18:10 | 000,024,448 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2010.06.02 18:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Surf & E-Mail-Stick
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.08 23:03:12 | 000,585,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\rhqnk.sys
[2010.08.08 23:03:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\hjjchzm.sys
[2010.08.08 23:00:04 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.08.08 22:55:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.08 22:52:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.08 22:52:03 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.08 22:51:37 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.08 22:51:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.08 22:51:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.08 22:13:00 | 000,001,216 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003UA.job
[2010.08.08 21:43:17 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.08 21:38:55 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\NTREGOPT.lnk
[2010.08.08 21:38:55 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\ERUNT.lnk
[2010.08.08 21:36:11 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Gmer.zip
[2010.08.08 21:35:32 | 000,410,850 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Load.exe
[2010.08.08 20:35:00 | 009,961,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\Kerstin\NTUSER.DAT
[2010.08.08 20:35:00 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Kerstin\ntuser.ini
[2010.08.08 20:13:00 | 000,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003Core.job
[2010.08.08 20:08:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.08 20:08:04 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.08 19:34:11 | 009,157,960 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Kerstin\Desktop\SUPERAntiSpyware.exe
[2010.08.08 18:53:30 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 18:21:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Kerstin\Desktop\dududu.exe
[2010.08.08 15:37:54 | 000,502,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\amaz.doc
[2010.07.28 15:13:44 | 000,002,385 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Google Chrome.lnk
[2010.07.26 20:26:11 | 002,357,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\rowenta.doc
[2010.07.26 14:40:15 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\EVEREST Home Edition.lnk
[2010.07.24 17:06:27 | 000,019,811 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\sigpic7772_3.gif
[2010.07.23 22:22:30 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\SpeedFan.lnk
[2010.07.23 22:22:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.07.23 22:21:58 | 001,891,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\installspeedfan440.exe
[2010.07.23 19:33:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.07.23 19:33:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.07.23 19:33:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.23 16:02:26 | 001,140,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\ernsthafte_Frage.pps
[2010.07.23 09:25:42 | 001,184,714 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.23 09:25:42 | 000,510,698 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.23 09:25:42 | 000,488,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.23 09:25:42 | 000,098,314 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.23 09:25:42 | 000,081,840 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.23 08:21:05 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.07.22 14:48:58 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.07.22 13:26:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.17 16:39:15 | 000,005,446 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\blackberry.jpg
[2010.07.16 21:13:41 | 000,017,940 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\pzr1(2).pdf
[2010.06.30 14:04:02 | 000,364,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\screen odol.doc
[2010.06.13 13:23:24 | 003,303,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\P1030248.JPG
[2010.06.10 18:34:03 | 000,013,679 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\1255835726103.jpg
[2010.06.02 20:32:27 | 000,016,358 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Z40420_321.jpg
[2010.05.24 18:34:49 | 000,227,021 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\dancing_cat-12753.gif
[2010.05.21 14:58:48 | 000,001,892 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.08 21:41:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\gmer.exe
[2010.08.08 21:38:55 | 000,000,596 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\NTREGOPT.lnk
[2010.08.08 21:38:55 | 000,000,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\ERUNT.lnk
[2010.08.08 21:36:11 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Gmer.zip
[2010.08.08 21:35:37 | 000,410,850 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Load.exe
[2010.08.08 18:53:30 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 15:35:33 | 000,502,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\amaz.doc
[2010.08.08 10:33:14 | 000,004,755 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Kindskoepfe.SCR.MD_M2.sbf
[2010.07.28 23:09:02 | 000,768,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\hjjchzm.sys
[2010.07.28 23:08:48 | 000,585,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\rhqnk.sys
[2010.07.28 23:08:41 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\bawuho.dat
[2010.07.26 14:40:15 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\EVEREST Home Edition.lnk
[2010.07.25 16:34:07 | 002,357,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\rowenta.doc
[2010.07.24 17:06:40 | 000,019,811 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\sigpic7772_3.gif
[2010.07.23 22:22:30 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\SpeedFan.lnk
[2010.07.23 22:22:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.07.23 22:21:58 | 001,891,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\installspeedfan440.exe
[2010.07.23 19:33:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.07.23 19:33:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.07.23 16:02:25 | 001,140,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\ernsthafte_Frage.pps
[2010.07.23 08:21:05 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.07.23 08:19:36 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\HBEDV.KEY
[2010.07.22 13:26:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.17 16:39:26 | 000,005,446 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\blackberry.jpg
[2010.07.16 21:13:41 | 000,017,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\pzr1(2).pdf
[2010.06.30 14:04:02 | 000,364,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\screen odol.doc
[2010.06.13 13:25:56 | 003,303,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\P1030248.JPG
[2010.06.10 18:34:30 | 000,013,679 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\1255835726103.jpg
[2010.06.02 20:33:55 | 000,016,358 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\Z40420_321.jpg
[2010.05.24 18:36:40 | 000,227,021 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerstin\Desktop\dancing_cat-12753.gif
[2010.05.21 14:58:48 | 000,001,892 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.01.07 20:40:58 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009.09.18 17:28:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.08.14 22:20:42 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.08.14 22:20:28 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.04.27 16:43:13 | 000,001,322 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.02.10 18:50:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.02.10 18:36:39 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009.02.07 16:35:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.03 00:21:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.02.02 23:08:04 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\NC_INST.DLL
[2005.06.02 00:01:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005.01.21 13:02:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.08.19 20:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2009.08.10 14:57:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.02.28 14:57:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2009.08.10 15:40:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX
[2009.08.10 15:04:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
[2010.08.08 22:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2010.02.28 14:25:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2009.08.10 15:06:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu
[2009.02.03 22:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.12.27 14:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.07.03 22:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2009.02.08 18:09:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLiveVA
[2009.02.02 23:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2009.02.03 19:01:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm
[2010.07.23 08:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.02.03 00:02:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.02.03 00:02:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.08.19 22:36:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.02.03 00:27:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\ACD Systems
[2010.02.28 14:25:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Canon
[2009.09.27 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\COMPUTERBILD-Abzockschutz
[2009.02.03 01:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\DasTelefonbuch Deutschland
[2010.05.01 16:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.10.06 23:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\gtk-2.0
[2009.02.04 15:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\ICQ
[2009.08.14 22:23:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\MAGIX
[2009.02.03 15:51:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\MSNInstaller
[2009.02.04 20:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\MyPhoneExplorer
[2009.08.14 22:51:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Netscape
[2010.07.15 06:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Ogpili
[2009.02.05 10:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Opera
[2009.12.27 14:35:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Panasonic
[2009.08.14 22:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Photodex
[2009.02.08 18:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\PPLiveVA
[2009.12.27 14:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\PTV AG
[2009.04.21 21:39:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Songbird2
[2009.08.19 20:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Sony
[2009.02.03 00:03:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\TuneUp Software
[2009.02.03 01:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\TVG
[2009.05.14 16:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\WEBDE
[2010.07.14 21:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Wifu
[2010.07.23 16:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\YahooToolbar
[2010.08.08 23:00:04 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.02.03 00:45:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001.08.18 21:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009.09.15 19:59:21 | 000,000,127 | ---- | M] () -- C:\Notizen.rtf
[2008.04.13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 00:01:56 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.08.08 22:51:29 | 932,184,063 | -HS- | M] () -- C:\pagefile.sys
[2009.08.14 22:51:25 | 000,001,734 | ---- | M] () -- C:\photodex-presenter-install.log
[2010.08.08 18:45:29 | 000,000,484 | ---- | M] () -- C:\rkill.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.04.18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.02.02 21:04:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.03.31 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9H.DLL
[2008.03.31 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9H.DLL
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005.05.05 09:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007.04.09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2007.10.11 09:19:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Sim AQUARIUM 2.scr
[2009.02.26 22:23:38 | 010,366,976 | ---- | M] (Anders und Seim Neue Medien AG) -- C:\WINDOWS\SuesswasserAquarium3D.scr
[2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.02.08 18:39:33 | 001,131,176 | ---- | M] (Blizzard Entertainment) -- C:\Programme\WoW-installer-3.0.1.8874-x86-Win-deDE.exe
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[29 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.02.02 21:52:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.02.02 21:52:50 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.02.02 21:52:50 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[29 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 07:52:34 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll
[29 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 07:52:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll
[29 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 21:15:59
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 156 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 147 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
         
--- --- ---

Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.08.2010 22:54:51 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Kerstin\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
8,00 Gb Paging File | 8,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 4985 9970 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 24,90 Gb Free Space | 24,89% Space Free | Partition Type: NTFS
Drive D: | 197,10 Gb Total Space | 197,03 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 835,88 Mb Free Space | 83,25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PB
Current User Name: Kerstin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Kerstin\Desktop\sbf-loader_2009_final\leecher.exe" = C:\Dokumente und Einstellungen\Kerstin\Desktop\sbf-loader_2009_final\leecher.exe:*:Enabled:SBF Loader -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{283D4576-CBF8-4F65-84D3-7C5DC75F144E}" = ServicePack 1 Großer Reiseplaner 2008/2009
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.007.01
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7096C1-7BF8-483E-9CF1-E303842349BF}" = COMPUTERBILD-Abzockschutz
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"ArtistScope Plugin IE 424.2.0.0" = ArtistScope Plugin IE 42
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"E.M. Free Photo Collage 1.30_is1" = E.M. Free Photo Collage 1.30
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fantasy Moon 3D Screensaver_is1" = Fantasy Moon 3D Screensaver 1.3
"FotoWorks_is1" = FotoWorks
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"Kalenderchen_is1" = Kalenderchen 4
"LiveUpdate" = LiveUpdate
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MPE" = MyPhoneExplorer
"MSNINST" = MSN
"Navilog1_is1" = Navilog1 3.7.6
"Nero - Burning Rom!UninstallKey" = Nero 6
"Norton Commander" = Norton Commander
"Photodex Presenter" = Photodex Presenter
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ShapeCollage" = Shape Collage
"Sim AQUARIUM 2_is1" = Sim AQUARIUM 2
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"SuesswasserAquarium3D" = Süßwasser-Aquarium 3D
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SWR3 RauchFrei_is1" = SWR3 RauchFrei Version 1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"X10Hardware" = X10 Hardware(TM)
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2010 14:12:29 | Computer Name = PB | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 06.08.2010 12:58:07 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:08 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:09 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:09 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:10 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:10 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:11 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 06.08.2010 12:58:12 | Computer Name = PB | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 08.08.2010 16:02:21 | Computer Name = PB | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TFC.exe, Version 3.1.7.0, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 08.08.2010 16:07:50 | Computer Name = PB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TfFsMon  TfSysMon
 
Error - 08.08.2010 16:11:22 | Computer Name = PB | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.08.2010 16:11:23 | Computer Name = PB | Source = Service Control Manager | ID = 7034
Description = Dienst "CopySafe Helper Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 08.08.2010 16:11:23 | Computer Name = PB | Source = Service Control Manager | ID = 7034
Description = Dienst "Inkjet Printer/Scanner Extended Survey Program" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 08.08.2010 16:11:24 | Computer Name = PB | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.08.2010 16:11:24 | Computer Name = PB | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 08.08.2010 16:52:00 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "B's Recorder GOLD Library General Service" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%2
 
Error - 08.08.2010 16:52:43 | Computer Name = PB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TfFsMon  TfSysMon
 
Error - 08.08.2010 16:55:45 | Computer Name = PB | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 08.08.2010 16:55:45 | Computer Name = PB | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
 
< End of report >
         
--- --- ---

Gmer:
ging nicht

MBAM:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.08.2010 20:10:39
mbam-log-2010-08-08 (20-10-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 217307
Laufzeit: 1 Stunde(n), 11 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkjvqdvm (Malware.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkjvqdvm (Malware.Gen) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\kmermvsyi\lxnltautssd.exe (Malware.Gen) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Desktop\Privat\diverses\AI.Roboform.Pro.v6.9.82 100% OK\Patch.exe (RiskWare.Tool.CK) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Temp\0.9069686363966039.exe (Malware.Gen) -> No action taken.
C:\Programme\Navilog1\gnc.exe (Trojan.Dropper) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\Kerstin\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.


Alt 08.08.2010, 22:36   #6
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Du musst die Funde von Malwarebytes schon auch löschen

Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
O33 - MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\Shell - "" = AutoRun
O33 - MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\Shell - "" = AutoRun
O33 - MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\Shell - "" = AutoRun
O33 - MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
[2010.08.08 17:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\kmermvsyi
[2010.08.08 23:03:12 | 000,585,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\rhqnk.sys
[2010.08.08 23:03:11 | 000,768,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\hjjchzm.sys
[2010.07.28 23:08:41 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\bawuho.dat
@Alternate Data Stream - 156 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 147 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

:services
rhqnk
hjjchzm
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.


Bitte poste in Deiner nächsten Antwort
OTLFix Log
COmbofix.txt
__________________
--> AntiVir Pro Solution- ist es noch da?

Alt 09.08.2010, 15:36   #7
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



So, alles ausgeführt. Die Meldung von Malwarebytes erscheint immer noch. Was mir noch dazu aufgefallen ist, in den letzten Tagen bricht ständig unsere Internetverbinung zusammen, laut Provider alles ok. Hängt das eventuell damit zusammen?

OTL:
All processes killed
========== OTL ==========
Service bgsvcgen stopped successfully!
Service bgsvcgen deleted successfully!
File C:\WINDOWS\System32\bgsvcgen.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437a4f46-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437a4f46-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437a4f46-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437a4f46-6e62-11df-9456-00238b4d8905}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437a4f49-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437a4f49-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437a4f49-6e62-11df-9456-00238b4d8905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437a4f49-6e62-11df-9456-00238b4d8905}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae1122f7-304f-11df-93ab-00238b4d8905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae1122f7-304f-11df-93ab-00238b4d8905}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae1122f7-304f-11df-93ab-00238b4d8905}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae1122f7-304f-11df-93ab-00238b4d8905}\ not found.
File G:\USBAutoRun.exe not found.
C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\kmermvsyi folder moved successfully.
File move failed. C:\WINDOWS\system32\drivers\rhqnk.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\hjjchzm.sys scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\bawuho.dat moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP1B5B4F1 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named rhqnk was found to stop!
Service\Driver key rhqnk not found.
Error: No service named hjjchzm was found to stop!
Service\Driver key hjjchzm not found.
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Kerstin
->Temp folder emptied: 2785734 bytes
->Temporary Internet Files folder emptied: 148900424 bytes
->Java cache emptied: 1294872 bytes
->Google Chrome cache emptied: 25701287 bytes
->Opera cache emptied: 22014630 bytes
->Flash cache emptied: 64641 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 11059901 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1249933 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 29913991 bytes
%systemroot%\System32\dllcache .tmp files removed: 243200 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2149063 bytes
RecycleBin emptied: 4150839347 bytes

Total Files Cleaned = 4.195,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08092010_085643

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\rhqnk.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\hjjchzm.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...


combofix:
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-08.02 - Kerstin 09.08.2010  15:56:43.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3323.2781 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Kerstin\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe11D.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-09 bis 2010-08-09  ))))))))))))))))))))))))))))))
.

2010-08-08 19:38 . 2010-08-08 19:38	--------	d-----w-	c:\programme\ERUNT
2010-08-08 16:53 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 16:53 . 2010-08-08 16:53	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-08-08 16:53 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-30 04:24 . 2010-07-30 04:24	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira
2010-07-28 21:09 . 2010-08-09 14:02	768512	----a-w-	c:\windows\system32\drivers\hjjchzm.sys
2010-07-28 21:08 . 2010-08-09 14:02	585472	----a-w-	c:\windows\system32\drivers\rhqnk.sys
2010-07-26 12:40 . 2010-07-26 12:40	--------	d-----w-	c:\programme\Lavalys
2010-07-23 20:22 . 2010-07-26 19:44	--------	d-----w-	c:\programme\SpeedFan
2010-07-23 17:33 . 2008-11-07 16:55	16928	------w-	c:\windows\system32\spmsgXP_2k3.dll
2010-07-23 17:33 . 2010-07-23 17:33	--------	d-----w-	c:\programme\Synaptics
2010-07-23 17:33 . 2009-08-28 08:33	228784	----a-w-	c:\windows\system32\drivers\SynTP.sys
2010-07-23 17:33 . 2009-08-28 08:32	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2010-07-23 17:33 . 2009-08-28 08:32	161064	----a-w-	c:\windows\system32\SynTPAPI.dll
2010-07-23 17:33 . 2009-08-28 08:32	206120	----a-w-	c:\windows\system32\SynCtrl.dll
2010-07-23 17:33 . 2009-08-28 08:32	169256	----a-w-	c:\windows\system32\SynCOM.dll
2010-07-23 17:33 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2010-07-23 14:00 . 2010-07-23 14:00	--------	d-----w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\YahooToolbar
2010-07-23 07:20 . 2010-07-23 07:20	--------	d-----w-	c:\windows\system32\winrm
2010-07-23 07:20 . 2010-07-23 07:20	--------	d-----w-	c:\windows\system32\GroupPolicy
2010-07-23 07:20 . 2010-07-23 07:20	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2010-07-23 06:30 . 2010-07-23 07:09	--------	d-----w-	c:\windows\system32\NtmsData
2010-07-23 06:28 . 2010-07-23 06:28	--------	d-----w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\Avira
2010-07-23 06:20 . 2010-07-23 06:20	--------	d-----w-	c:\programme\Avira
2010-07-23 06:20 . 2010-03-01 07:06	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-07-23 06:20 . 2010-02-16 11:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-07-23 06:20 . 2009-05-11 09:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-07-23 06:20 . 2009-05-11 09:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-07-22 14:10 . 2010-07-23 06:12	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-07-22 13:57 . 2010-07-22 13:57	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2010-07-22 13:02 . 2008-08-25 09:36	81288	----a-w-	c:\windows\system32\drivers\iksyssec.sys
2010-07-22 13:02 . 2008-08-25 09:36	66952	----a-w-	c:\windows\system32\drivers\iksysflt.sys
2010-07-22 13:02 . 2008-08-25 09:36	40840	----a-w-	c:\windows\system32\drivers\ikfilesec.sys
2010-07-22 13:02 . 2008-06-02 13:19	29576	----a-w-	c:\windows\system32\drivers\kcom.sys
2010-07-22 13:02 . 2010-07-22 13:02	--------	d-----w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\PC Tools
2010-07-22 12:58 . 2010-07-22 12:58	--------	d-sh--w-	c:\dokumente und einstellungen\Kerstin\IECompatCache
2010-07-22 12:57 . 2010-07-22 12:57	--------	d-sh--w-	c:\dokumente und einstellungen\Kerstin\PrivacIE
2010-07-22 12:38 . 2010-07-22 12:38	--------	d-sh--w-	c:\dokumente und einstellungen\Kerstin\IETldCache
2010-07-22 12:32 . 2010-05-06 10:31	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-07-22 12:32 . 2010-05-06 10:31	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-07-22 12:32 . 2010-05-06 10:31	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-07-22 12:32 . 2010-07-23 07:20	--------	d-----w-	c:\windows\ie8updates
2010-07-22 12:31 . 2010-04-16 11:43	41984	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2010-07-22 12:30 . 2010-07-22 12:31	--------	dc-h--w-	c:\windows\ie8
2010-07-22 11:34 . 2010-07-22 11:34	--------	d-----w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\Malwarebytes
2010-07-22 11:34 . 2010-07-22 11:34	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-22 11:29 . 2009-08-06 17:23	215920	----a-w-	c:\windows\system32\muweb.dll
2010-07-22 11:26 . 2010-07-22 11:26	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-07-16 09:13 . 2010-07-16 09:13	201728	----a-w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\YahooToolbar\IE\YahooToolbar.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 20:09 . 2009-08-10 13:04	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2010-08-08 16:52 . 2009-02-03 07:01	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2010-07-29 17:43 . 2009-08-12 20:06	--------	d-----w-	c:\programme\BEWERBUNGSMASTER
2010-07-24 06:48 . 2009-03-15 21:52	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2010-07-23 17:33 . 2010-07-23 17:33	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-07-23 17:33 . 2010-07-23 17:33	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-23 07:25 . 2001-08-18 19:00	98314	----a-w-	c:\windows\system32\perfc007.dat
2010-07-23 07:25 . 2001-08-18 19:00	510698	----a-w-	c:\windows\system32\perfh007.dat
2010-07-23 06:20 . 2009-02-03 06:48	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-07-23 06:12 . 2009-02-02 22:02	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-07-21 13:07 . 2009-04-21 19:26	--------	d-----w-	c:\programme\Navilog1
2010-07-15 04:56 . 2010-02-23 09:08	--------	d-----w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\Ogpili
2010-07-14 19:08 . 2009-10-09 12:54	--------	d-----w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\Wifu
2010-07-03 20:04 . 2009-07-04 15:27	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2010-07-03 19:54 . 2009-07-04 12:13	--------	d-----w-	c:\programme\Messenger Plus! Live
2010-06-24 14:15 . 2009-02-03 21:57	--------	d-----w-	c:\programme\FotoWorks
2010-06-22 19:20 . 2010-06-22 19:20	501936	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google\Google Toolbar\Update\gtb158.tmp.exe
2010-06-14 14:31 . 2009-02-02 19:02	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-02-08 16:39 . 2009-02-08 16:39	1131176	----a-w-	c:\programme\WoW-installer-3.0.1.8874-x86-Win-deDE.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF2D6E36-5C05-4F40-B861-9E909B5BAE09}]
2010-07-16 09:13	201728	----a-w-	c:\dokumente und einstellungen\Kerstin\Anwendungsdaten\YahooToolbar\IE\YahooToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-23 160592]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-26 413696]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
"CanonSolutionMenu"=c:\programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"RemoteControl"="c:\programme\Home Cinema\PowerDVD\PDVDServ.exe"
"UCam_Menu"="c:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\programme\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Dokumente und Einstellungen\\Kerstin\\Desktop\\sbf-loader_2009_final\\leecher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.02.2006 17:01 29056]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [23.07.2010 08:20 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [23.07.2010 08:20 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [23.07.2010 08:20 405672]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [08.08.2010 18:53 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08.08.2010 18:53 20952]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.02.2006 16:00 48472]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [02.02.2009 23:27 712704]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [18.02.2009 18:04 266240]
S2 gupdate1c985cd4d3753d2;Google Update Service (gupdate1c985cd4d3753d2);c:\programme\Google\Update\GoogleUpdate.exe [03.02.2009 09:01 133104]
S3 CXLWIRE;USB Hybrid Video Capture (DVB-T/PAL);c:\windows\system32\drivers\ctxusbtv.sys [10.02.2009 18:50 85120]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [19.08.2009 20:51 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [19.08.2009 20:51 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [19.08.2009 20:51 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [19.08.2009 20:51 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [19.08.2009 20:51 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [19.08.2009 20:51 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [19.08.2009 20:51 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [19.08.2009 20:51 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [19.08.2009 20:51 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [19.08.2009 20:51 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [19.08.2009 20:51 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [19.08.2009 20:51 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [19.08.2009 20:51 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [19.08.2009 20:51 109736]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.04.2008 07:53 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [03.02.2009 22:35 222456]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - hjjchzm
*Deregistered* - rhqnk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-09 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]

2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 12:29]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-03 07:01]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-03 07:01]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003Core.job
- c:\dokumente und einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-01-12 10:40]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003UA.job
- c:\dokumente und einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-01-12 10:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ebay.de/
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RF - Formular ausfüllen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-09 16:01
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjjchzm]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rhqnk]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1152)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2010-08-09  16:04:02
ComboFix-quarantined-files.txt  2010-08-09 14:03

Vor Suchlauf: 9 Verzeichnis(se), 31.733.850.112 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 31.799.037.952 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BBE0C3F6DE6EF7900BE3726D6A83280A
         
--- --- ---

Alt 09.08.2010, 16:10   #8
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Zitat:
Die Meldung von Malwarebytes erscheint immer noch.
Welche Meldung ?

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
KillAll::
Driver::
hjjchzm
rhqnk

Rootkit::
c:\windows\system32\drivers\hjjchzm.sys
c:\windows\system32\drivers\rhqnk.sys
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.

  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.08.2010, 17:27   #9
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Ich meinte damit die Meldung von Antimalware. Unten rechts kommt immer wieder eine Sprechblase, dass der Zugang zu einer potentiell gefährlichen Seite geblockt wurde.

Hab combofix wie du es gesagt hast, laufen lassen, ist dann zwischendurch abgestürzt, Laptop startete neu und beim Hochfahren kam gleich ein blaues Bild mit weißer Schrift, dass Windows abgestürtzt ist usw, also weißer Text über den ganzen Bildschirm.

Was soll ich nun machen? Wie ist das, wenn ich Antimalware abschalte, kommt dann dieser Trojaner wieder zum Vorschein? Weil das ja noch an ist und mir das immer meldet und ich Angst habe, wenn ich das auch deaktiviere, dass dann wieder alles von vorn los geht- und dann kann ich ja auch nicht mehr irgendwas öffnen, nicht ins Internet usw

Alt 09.08.2010, 18:53   #10
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Doppelklick auf die OTS.exe
Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.
  • Mache einen Haken bei "Scan All Users und Include MD5".
  • Kopiere folgenden Text in die Box.
Code:
ATTFilter
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
         
  • Unter der Box klicke auf den Button.
    Hake nun folgende Einträge an:

    • Reg- Active Sub Paths
    • App Paths
    • Approved Shell Extensions
    • Disabled MS Config Items
    • Drivers32
    • NetSvcs
    • File Lop Check
    • File Purity Check
    Mache währenddessen nichts anderes an dem Rechner.
    Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit dem Logfile.

    Auch zu finden auf dem Desktop ( OTS.txt )
  • Schließe nun alle laufenden Programme sowie deinen Browser.
  • Klicke auf den links oben, um die Untersuchung zu starten
Hänge diese Log bitte hier an, die ist nicht gerade kurz.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.08.2010, 20:00   #11
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Text ist zu lang, deshalb hab ich den jetzt geteilt, sonst hätte ich den nicht posten können

[code]
OTS logfile created on: 09.08.2010 20:44:24 - Run 1
OTS by OldTimer - Version 3.1.34.0 Folder = C:\Dokumente und Einstellungen\Kerstin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
8,00 Gb Paging File | 8,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 4985 9970 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 29,47 Gb Free Space | 29,47% Space Free | Partition Type: NTFS
Drive D: | 197,10 Gb Total Space | 197,03 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 835,86 Mb Free Space | 83,25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PB
Current User Name: Kerstin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\OTS.exe -> [2010.08.09 20:40:15 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
robotaskbaricon.exe -> C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe -> [2010.07.23 15:48:45 | 000,160,592 | ---- | M | MD5 = 21C288938A80741C1ADB013D2C1DCCFD] (Siber Systems)
avwebgrd.exe -> C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -> [2010.07.23 08:24:42 | 000,405,672 | ---- | M | MD5 = 1354BB52E16B9384A279B2F758F02696] (Avira GmbH)
avmailc.exe -> C:\Programme\Avira\AntiVir Desktop\avmailc.exe -> [2010.07.23 08:24:42 | 000,337,064 | ---- | M | MD5 = 8ECBE255BE055A7814C0CA0CD75963A0] (Avira GmbH)
avguard.exe -> C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2010.07.23 08:24:42 | 000,267,432 | ---- | M | MD5 = 9912A9C6A45C0D2AC18AB9A93C04C109] (Avira GmbH)
googlecrashhandler.exe -> C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.29\GoogleCrashHandler.exe -> [2010.06.16 20:08:24 | 000,134,808 | ---- | M | MD5 = 5D9C470085DDFEF1CAE10755E03CA7C3] (Google Inc.)
mbamgui.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe -> [2010.04.29 12:19:20 | 000,437,584 | ---- | M | MD5 = 1DB5FAEEDCE631434A4DF3B951AF4058] (Malwarebytes Corporation)
mbamservice.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -> [2010.04.29 12:19:20 | 000,304,464 | ---- | M | MD5 = 00619B8F1DDD5D11F540D1832B7249DB] (Malwarebytes Corporation)
avgnt.exe -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe -> [2010.03.02 10:29:55 | 000,282,792 | ---- | M | MD5 = A852942874AA2DDF277EEF84AB468B8F] (Avira GmbH)
sched.exe -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2010.02.24 09:29:19 | 000,135,336 | ---- | M | MD5 = 2B1D34C5019BD0C56C1BD6CE8F17AE0F] (Avira GmbH)
avshadow.exe -> C:\Programme\Avira\AntiVir Desktop\avshadow.exe -> [2010.01.14 21:12:14 | 000,076,968 | ---- | M | MD5 = B5427F89DE9D366E2521F83234CAF9F9] (Avira GmbH)
cshelper.exe -> C:\WINDOWS\system32\CSHelper.exe -> [2009.02.18 18:04:54 | 000,266,240 | ---- | M | MD5 = AEFB8558199BD5212B268B09BFA1D71A] ()
googletoolbarnotifier.exe -> C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009.02.03 09:01:10 | 000,039,408 | ---- | M | MD5 = 5D61BE7DB55B026A5D61A3EED09D0EAD] (Google Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 07:52:46 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation)
bjmyprt.exe -> C:\Programme\Canon\MyPrinter\BJMYPRT.EXE -> [2008.03.03 18:06:00 | 001,848,648 | ---- | M | MD5 = 9BC8AB2A35C8F91A29C1C91DC50C557F] (CANON INC.)
ijplmsvc.exe -> C:\Programme\Canon\IJPLM\ijplmsvc.exe -> [2008.01.22 10:35:52 | 000,103,808 | ---- | M | MD5 = 755519F49906B73C1FE9CBBF75E347EA] ()
o2flash.exe -> C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007.02.13 00:43:44 | 000,065,536 | ---- | M | MD5 = D955D5DE998DB2476BF0892BE3A96C26] (O2Micro International)
mdm.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003.06.20 00:25:00 | 000,322,120 | ---- | M | MD5 = 11F714F85530A2BD134074DC30E99FCA] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\OTS.exe -> [2010.08.09 20:40:15 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 07:51:08 | 000,110,592 | ---- | M | MD5 = 8354A33FC0CD75F34D310B7EE8CBD621] (Microsoft Corporation)

[Win32 Services - Safe List]
(HidServ) Eingabegerätezugang [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(AntiVirWebService) Avira AntiVir WebGuard [Auto | Running] -> C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -> [2010.07.23 08:24:42 | 000,405,672 | ---- | M | MD5 = 1354BB52E16B9384A279B2F758F02696] (Avira GmbH)
(AntiVirMailService) Avira AntiVir MailGuard [Auto | Running] -> C:\Programme\Avira\AntiVir Desktop\avmailc.exe -> [2010.07.23 08:24:42 | 000,337,064 | ---- | M | MD5 = 8ECBE255BE055A7814C0CA0CD75963A0] (Avira GmbH)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2010.07.23 08:24:42 | 000,267,432 | ---- | M | MD5 = 9912A9C6A45C0D2AC18AB9A93C04C109] (Avira GmbH)
(MBAMService) MBAMService [Auto | Running] -> C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -> [2010.04.29 12:19:20 | 000,304,464 | ---- | M | MD5 = 00619B8F1DDD5D11F540D1832B7249DB] (Malwarebytes Corporation)
(WPFFontCache_v0400) Windows Presentation Foundation Font Cache 4.0.0.0 [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010.03.18 13:16:28 | 000,753,504 | ---- | M | MD5 = DCF3E3EDF5109EE8BC02FE6E1F045795] (Microsoft Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010.03.18 13:16:28 | 000,130,384 | ---- | M | MD5 = C5A75EB48E2344ABDC162BDA79E16841] (Microsoft Corporation)
(AntiVirSchedulerService) Avira AntiVir Planer [Auto | Running] -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2010.02.24 09:29:19 | 000,135,336 | ---- | M | MD5 = 2B1D34C5019BD0C56C1BD6CE8F17AE0F] (Avira GmbH)
(Apple Mobile Device) Apple Mobile Device [Disabled | Stopped] -> C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009.07.09 12:22:18 | 000,144,712 | ---- | M | MD5 = 557F35D1CA42AEA14A6690E21887A31F] (Apple Inc.)
(CSHelper) CopySafe Helper Service [Auto | Running] -> C:\WINDOWS\system32\CSHelper.exe -> [2009.02.18 18:04:54 | 000,266,240 | ---- | M | MD5 = AEFB8558199BD5212B268B09BFA1D71A] ()
(TuneUp.ProgramStatisticsSvc) TuneUp Program Statistics Service [Disabled | Stopped] -> C:\WINDOWS\system32\TUProgSt.exe -> [2009.02.03 00:03:18 | 000,603,904 | ---- | M | MD5 = 02E5F68A55CD413C5BFB9F2DF677DD01] (TuneUp Software)
(TuneUp.Defrag) TuneUp Drive Defrag-Dienst [On_Demand | Stopped] -> C:\WINDOWS\system32\TuneUpDefragService.exe -> [2009.02.03 00:03:14 | 000,360,192 | ---- | M | MD5 = 4196D7BC21786883201747DCC0DC84A0] (TuneUp Software)
(UxTuneUp) TuneUp Designerweiterung [Auto | Running] -> C:\WINDOWS\system32\uxtuneup.dll -> [2008.12.11 14:31:36 | 000,027,904 | ---- | M | MD5 = 4360D5653E885479FED75C378E9FAAB3] (TuneUp Software)
(ICQ Service) ICQ Service [Disabled | Stopped] -> C:\Programme\ICQ6Toolbar\ICQ Service.exe -> [2008.06.10 20:26:28 | 000,222,456 | ---- | M | MD5 = A4E43A7AB1202356BEBEB6B798F15488] ()
(IJPLMSVC) Inkjet Printer/Scanner Extended Survey Program [Auto | Running] -> C:\Programme\Canon\IJPLM\ijplmsvc.exe -> [2008.01.22 10:35:52 | 000,103,808 | ---- | M | MD5 = 755519F49906B73C1FE9CBBF75E347EA] ()
(O2Flash) O2Micro Flash Memory Card Service [Auto | Running] -> C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007.02.13 00:43:44 | 000,065,536 | ---- | M | MD5 = D955D5DE998DB2476BF0892BE3A96C26] (O2Micro International)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004.10.22 04:24:18 | 000,073,728 | ---- | M | MD5 = 6F95324909B502E2651442C1548AB12F] (Macrovision Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004.09.29 13:14:36 | 000,069,632 | ---- | M | MD5 = 9D84376931440F3679BEEF2A414FA493] (HP)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -> [2003.07.28 13:28:22 | 000,089,136 | ---- | M | MD5 = 7A56CF3E3F12E8AF599963B16F50FB6A] (Microsoft Corporation)
(MDM) Machine Debug Manager [Auto | Running] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003.06.20 00:25:00 | 000,322,120 | ---- | M | MD5 = 11F714F85530A2BD134074DC30E99FCA] (Microsoft Corporation)
(x10nets) X10 Device Network Service [On_Demand | Stopped] -> C:\Programme\Common Files\X10\Common\X10nets.exe -> [2001.11.12 14:31:48 | 000,020,480 | ---- | M | MD5 = 5A0C788C5BC5F2C993CB60940ADCF95E] (X10)

Alt 09.08.2010, 20:02   #12
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



[Driver Services - Safe List]
(TfSysMon) TfSysMon [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\drivers\TfSysMon.sys -> File not found
(TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\TfNetMon.sys -> File not found
(TfFsMon) TfFsMon [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\drivers\TfFsMon.sys -> File not found
(SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOKUME~1\Kerstin\LOKALE~1\Temp\catchme.sys -> File not found
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2010.04.29 12:19:14 | 000,020,952 | ---- | M | MD5 = A02C631493AB553A1112A6B699FE61B3] (Malwarebytes Corporation)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2010.03.01 09:06:38 | 000,124,784 | ---- | M | MD5 = 41A6FCDC898B9710430876784627412E] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010.02.16 13:24:01 | 000,060,936 | ---- | M | MD5 = A88D29D928AD2B830E87B53E3F9BC182] (Avira GmbH)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2009.08.28 10:33:50 | 000,228,784 | ---- | M | MD5 = 6BEF3ACD6EE22EEC55B68699E8AACE09] (Synaptics Incorporated)
(avgio) avgio [Kernel | System | Running] -> C:\Programme\Avira\AntiVir Desktop\avgio.sys -> [2009.05.11 11:49:19 | 000,011,608 | ---- | M | MD5 = 0B497C79824F8E1BF22FA6AACD3DE3A0] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009.05.11 09:12:49 | 000,028,520 | ---- | M | MD5 = A36EE93698802CD899F98BFD553D8185] (Avira GmbH)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2009.02.03 00:27:27 | 000,010,368 | ---- | M | MD5 = 957B82EC80AD7EAD64E5E47DF6B0DC40] (Padus, Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2009.01.14 09:14:01 | 003,455,488 | ---- | M | MD5 = 1DB0E5F78A67307F9C68D777873C1164] (ATI Technologies Inc.)
(RTHDMIAzAudService) Service for HDMI [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtKHDMI.sys -> [2008.12.25 18:32:32 | 003,721,664 | ---- | M | MD5 = A5A9F4B77D7FF2B02633999FF71A7E9B] (Realtek Semiconductor Corp.)
(USBModem) LGE Mobile USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgusbmodem.sys -> [2008.11.19 18:09:10 | 000,024,832 | ---- | M | MD5 = F74A54774A9B0AFEB3C40ADEC68AA600] (LG Electronics Inc.)
(UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgusbdiag.sys -> [2008.11.19 18:09:08 | 000,019,968 | ---- | M | MD5 = C0A466FA4FFEC464320E159BC1BBDC0C] (LG Electronics Inc.)
(usbbus) LGE Mobile Composite USB Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgusbbus.sys -> [2008.11.19 18:09:08 | 000,013,056 | ---- | M | MD5 = 9419FAAC6552A51542DBBA02971C841C] (LG Electronics Inc.)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ewusbmdm.sys -> [2008.11.08 10:55:18 | 000,101,376 | R--- | M | MD5 = 008ADA74E3028FCED5145F4F74230D4B] (Huawei Technologies Co., Ltd.)
(s1018mdm) Sony Ericsson Device 1018 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018mdm.sys -> [2008.11.04 10:52:38 | 000,114,472 | ---- | M | MD5 = 07D430E4B2BFDE6B07F31F1DA6E7CAB0] (MCCI Corporation)
(s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018mgmt.sys -> [2008.11.04 10:52:38 | 000,108,328 | ---- | M | MD5 = D73C20D3F0F825C8FD23F841CDCB14C0] (MCCI Corporation)
(s1018bus) Sony Ericsson Device 1018 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018bus.sys -> [2008.11.04 10:52:38 | 000,086,696 | ---- | M | MD5 = 12A851F30853A5A8E7B50341FA4B0FFB] (MCCI Corporation)
(s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018nd5.sys -> [2008.11.04 10:52:38 | 000,026,024 | ---- | M | MD5 = 895A1A2812DBD5AFDD5CA4686A89A33C] (MCCI Corporation)
(s1018mdfl) Sony Ericsson Device 1018 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018mdfl.sys -> [2008.11.04 10:52:38 | 000,015,016 | ---- | M | MD5 = A0141D5DC689A892B3F30446CBE52575] (MCCI Corporation)
(s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018unic.sys -> [2008.11.04 10:52:36 | 000,109,736 | ---- | M | MD5 = DA83525924C23F30F37AC1D1F11D6F15] (MCCI Corporation)
(s1018obex) Sony Ericsson Device 1018 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s1018obex.sys -> [2008.11.04 10:52:36 | 000,104,616 | ---- | M | MD5 = A986E9683C74FA06456FD2AD34BA1490] (MCCI Corporation)
(RT80x86) Ralink 802.11n Wireless Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rt2860.sys -> [2008.11.03 13:16:06 | 000,712,704 | ---- | M | MD5 = ED36E76A08971E133C3C5E2440BFBE84] (Ralink Technology, Corp.)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtenicxp.sys -> [2008.10.30 22:14:20 | 000,117,888 | ---- | M | MD5 = 839141088AD7EE90F5B441B2D1AFD22C] (Realtek Semiconductor Corporation )
(s0017mdm) Sony Ericsson Device 0017 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017mdm.sys -> [2008.10.21 10:22:48 | 000,114,600 | ---- | M | MD5 = 1DE4F6607FEB17A15DBD4F1B139E6D2F] (MCCI Corporation)
(s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017unic.sys -> [2008.10.21 10:22:48 | 000,109,736 | ---- | M | MD5 = DF5E7360A0AFA5956BF75DA683D0679F] (MCCI Corporation)
(s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017mgmt.sys -> [2008.10.21 10:22:48 | 000,108,328 | ---- | M | MD5 = 9814E6BACC06D2526CD52981C7EEEDF0] (MCCI Corporation)
(s0017obex) Sony Ericsson Device 0017 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017obex.sys -> [2008.10.21 10:22:48 | 000,104,616 | ---- | M | MD5 = F87C3422E84B2FB1B43E0A26247AD5A5] (MCCI Corporation)
(s0017bus) Sony Ericsson Device 0017 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017bus.sys -> [2008.10.21 10:22:48 | 000,086,824 | ---- | M | MD5 = 594FF5620661D1386475406E78CB6F2F] (MCCI Corporation)
(s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017nd5.sys -> [2008.10.21 10:22:48 | 000,026,024 | ---- | M | MD5 = 2C62CD58225973F26682CD4F783DDEDE] (MCCI Corporation)
(s0017mdfl) Sony Ericsson Device 0017 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s0017mdfl.sys -> [2008.10.21 10:22:48 | 000,015,016 | ---- | M | MD5 = 7258F550419D543BC5C8E80C578A5D54] (MCCI Corporation)
(KMWDFILTER) HIDUASDesc [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\KMWDFILTER.sys -> [2008.10.09 16:42:42 | 000,017,408 | ---- | M | MD5 = 566C5FD480FDBCE3BA5CF9FBCFFAEA9A] (Windows (R) Codename Longhorn DDK provider)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008.10.02 20:01:46 | 004,878,336 | ---- | M | MD5 = 6F336C2D18BA1E7CE8D0F31541C87A1D] (Realtek Semiconductor Corp.)
(MPE) BDA MPE-Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MPE.sys -> [2008.04.14 01:16:24 | 000,015,232 | ---- | M | MD5 = C0F8E0C2C3C0437CF37C6781896DC3EC] (Microsoft Corporation)
(HDAudBus) Microsoft UAA-Bustreiber für High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008.04.13 22:06:06 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(O2MDRDR) O2MDRDR [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\o2media.sys -> [2008.01.15 18:34:58 | 000,048,472 | ---- | M | MD5 = D51942F12090FC947CA8AA01736DADE2] (O2Micro )
(speedfan) speedfan [Kernel | Boot | Running] -> C:\WINDOWS\system32\speedfan.sys -> [2006.09.24 15:28:46 | 000,005,248 | ---- | M | MD5 = 5D6401DB90EC81B71F8E2C5C8F0FEF23] (Windows (R) 2000 DDK provider)
(O2SDRDR) O2SDRDR [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\o2sd.sys -> [2006.02.20 17:01:00 | 000,029,056 | ---- | M | MD5 = 12A6D826A1A27818170552F2495A567A] (O2Micro )
(CXLWIRE) USB Hybrid Video Capture (DVB-T/PAL) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ctxusbtv.sys -> [2005.04.14 00:00:00 | 000,085,120 | R--- | M | MD5 = B23932E9F60459487CAEB06BDFF83DD5] (Conexant Systems, Inc.)
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\afc.sys -> [2005.02.23 14:58:56 | 000,011,776 | ---- | M | MD5 = A7B8A3A79D35215D798A300DF49ED23F] (Arcsoft, Inc.)
(XUIF) X10 USB Wireless Transceiver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\x10ufx2.sys -> [2004.01.16 14:02:58 | 000,017,408 | ---- | M | MD5 = 93692D6B2FCBB63F517642048F5295FB] (X10 Wireless Technology, Inc.)
(PQNTDrv) PQNTDrv [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\PQNTDRV.sys -> [2002.09.16 18:32:08 | 000,004,228 | ---- | M | MD5 = 7E8BE4D11F5AC1E5CAE42719A7230508] (PowerQuest Corporation)
(giveio) giveio [Kernel | Boot | Running] -> C:\WINDOWS\system32\giveio.sys -> [1996.04.03 21:33:26 | 000,005,248 | ---- | M | MD5 = 77EBF3E9386DAA51551AF429052D88D0] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> ->
HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\: Main\\"Start Page" -> eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen ->
HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
-> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Mozilla\Extensions -> [2009.04.21 21:39:05 | 000,000,000 | ---D | M]
-> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com -> [2009.04.21 21:39:05 | 000,000,000 | ---D | M]
< HOSTS File > ([2010.08.09 18:09:29 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value error.] -> [2010.07.23 15:48:45 | 005,702,472 | ---- | M | MD5 = C041AB4DC46C0B5C0442748CBC88DC0A] (Siber Systems)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010.07.23 16:02:06 | 000,278,192 | ---- | M | MD5 = 389947CAD1A9C504DF6285AA1E7BE6F1] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010.07.23 18:25:48 | 000,814,648 | ---- | M | MD5 = 42CB4EE0B0FC259C8AD20B460FA7D72A] (Google Inc.)
{EF2D6E36-5C05-4F40-B861-9E909B5BAE09} [HKLM] -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\YahooToolbar\IE\YahooToolbar.dll [Yahoo! Toolbar] -> [2010.07.16 11:13:54 | 000,201,728 | ---- | M | MD5 = 25A9AED98DAAECFADB502AD6B06A718F] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010.07.23 16:02:06 | 000,278,192 | ---- | M | MD5 = 389947CAD1A9C504DF6285AA1E7BE6F1] (Google Inc.)
"{724d43a0-0d85-11d4-9908-00400523e39a}" [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2010.07.23 15:48:45 | 005,702,472 | ---- | M | MD5 = C041AB4DC46C0B5C0442748CBC88DC0A] (Siber Systems)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010.07.23 16:02:06 | 000,278,192 | ---- | M | MD5 = 389947CAD1A9C504DF6285AA1E7BE6F1] (Google Inc.)
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2010.07.23 15:48:45 | 005,702,472 | ---- | M | MD5 = C041AB4DC46C0B5C0442748CBC88DC0A] (Siber Systems)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe ["C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010.03.02 10:29:55 | 000,282,792 | ---- | M | MD5 = A852942874AA2DDF277EEF84AB468B8F] (Avira GmbH)
"CanonMyPrinter" -> C:\Programme\Canon\MyPrinter\BJMyPrt.exe [C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2008.03.03 18:06:00 | 001,848,648 | ---- | M | MD5 = 9BC8AB2A35C8F91A29C1C91DC50C557F] (CANON INC.)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"Malwarebytes' Anti-Malware" -> C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2010.04.29 12:19:20 | 000,437,584 | ---- | M | MD5 = 1DB5FAEEDCE631434A4DF3B951AF4058] (Malwarebytes Corporation)
< Run [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"RoboForm" -> C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe ["C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"] -> [2010.07.23 15:48:45 | 000,160,592 | ---- | M | MD5 = 21C288938A80741C1ADB013D2C1DCCFD] (Siber Systems)
"swg" -> C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009.02.03 09:01:10 | 000,039,408 | ---- | M | MD5 = 5D61BE7DB55B026A5D61A3EED09D0EAD] (Google Inc.)
< Default User Startup Folder > -> C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Google Sidewiki... -> C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> [2010.07.23 16:02:34 | 001,697,456 | ---- | M | MD5 = 4954BCC5B642D63C44131AAC39D3C406] (Google Inc.)
RF - Formular ausfüllen -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html [file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html] -> [2010.07.23 15:48:54 | 000,000,206 | ---- | M | MD5 = FE62A2884D8A77A6B8DF56C312785F35] ()
RF - Formular speichern -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html [file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html] -> [2010.07.23 15:48:54 | 000,000,205 | ---- | M | MD5 = B8861045BAE0245FB595C0E7DA5E363D] ()
RF - Menü anpassen -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html] -> [2010.07.23 15:48:54 | 000,000,212 | ---- | M | MD5 = A99D2C4356115C233F504FF1EB21E081] ()
RF - RoboForm-Leiste ein/aus -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html] -> [2010.07.23 15:48:54 | 000,000,208 | ---- | M | MD5 = CBD1F4AD1842CFF7BFB5936ECCB63645] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Button: Ausfüllen] -> [2010.07.23 15:48:54 | 000,000,206 | ---- | M | MD5 = FE62A2884D8A77A6B8DF56C312785F35] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Menu: RF - Formular ausfüllen] -> [2010.07.23 15:48:54 | 000,000,206 | ---- | M | MD5 = FE62A2884D8A77A6B8DF56C312785F35] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Button: Speichern] -> [2010.07.23 15:48:54 | 000,000,205 | ---- | M | MD5 = B8861045BAE0245FB595C0E7DA5E363D] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Menu: RF - Formular speichern] -> [2010.07.23 15:48:54 | 000,000,205 | ---- | M | MD5 = B8861045BAE0245FB595C0E7DA5E363D] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Button: RoboForm] -> [2010.07.23 15:48:54 | 000,000,208 | ---- | M | MD5 = CBD1F4AD1842CFF7BFB5936ECCB63645] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Menu: RF - RoboForm-Leiste ein/aus] -> [2010.07.23 15:48:54 | 000,000,208 | ---- | M | MD5 = CBD1F4AD1842CFF7BFB5936ECCB63645] ()
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> hxxp://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5253 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5253 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0F12EBF5-9EBA-406C-90D6-7BB68FE6045B}\\DhcpNameServer -> 192.168.3.1 (Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC) ->
{38C38E81-2146-4385-A01B-139F37255595}\\DhcpNameServer -> 192.168.2.1 (Ralink 802.11n Wireless LAN Card) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 07:52:46 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2009.01.14 06:35:38 | 000,155,648 | ---- | M | MD5 = 6E4083F6C1617EB85695EE9D7C7041BB] (ATI Technologies Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Dokumente und Einstellungen\Kerstin\Desktop\sbf-loader_2009_final\leecher.exe" -> C:\Dokumente und Einstellungen\Kerstin\Desktop\sbf-loader_2009_final\leecher.exe [C:\Dokumente und Einstellungen\Kerstin\Desktop\sbf-loader_2009_final\leecher.exe:*:Enabled:SBF Loader] -> [2010.02.04 22:22:46 | 001,577,787 | ---- | M | MD5 = 54375E8578164EB1FDD0C6E2D8F6A7B2] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM-Laufwerktreiber ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2008.11.10 07:00:34 | 000,262,144 | ---- | M | MD5 = BFFC7808524CD816B9DF472581B9F1D7] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00 [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] ->
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] ->
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{3C3901C5-3455-3E0A-A214-0B093A5070A6} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] ->
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> Reg Error: Key error. [(default): Sicherheitsupdate für Windows XP (KB923789); IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] ->
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] ->
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] -> [(default): Webordner; IsInstalled: 1] ->
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] ->
{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] ->
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C314CE45-3392-3B73-B4E1-139CD41CA933} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx [(default): Adobe Flash Player; IsInstalled: 01 00 00 00 [binary data]] -> [2010.07.23 19:42:43 | 005,712,336 | R--- | M | MD5 = F366D1694E4D244A73F4E52817C38D5B] (Adobe Systems, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] -> File not found
{EF289A85-8E57-408d-BE47-73B55609861A} [HKLM] -> Reg Error: Key error. [(default): RootsUpdate; IsInstalled: 1] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] ->
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browseranpassungen; IsInstalled: 1] ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] ->
Microsoft Base Smart Card Crypto Provider Package [HKLM] -> Reg Error: Key error. [(no name); IsInstalled: 1] -> File not found
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->
AcroRd32.exe -> C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2009.12.22 02:57:30 | 000,349,616 | ---- | M | MD5 = C528536BF4E4C14C2E3171900E588443] (Adobe Systems Incorporated)
BackItUp.EXE -> C:\Programme\Ahead\Nero BackItUp\BackItUp.exe [C:\Programme\Ahead\Nero BackItUp\BackItUp.exe] -> [2006.09.15 14:25:14 | 006,537,216 | ---- | M | MD5 = D06CBED66320D58706C0CD7C8310897E] (Ahead Software AG)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2001.08.18 21:00:00 | 000,042,577 | ---- | M | MD5 = 201CA5901895B439557C945A73F213FD] (Microsoft Corporation)
BJMYPRT.EXE -> C:\Programme\Canon\MyPrinter\BJMYPRT.EXE [C:\Programme\Canon\MyPrinter\BJMyPrt.exe] -> [2008.03.03 18:06:00 | 001,848,648 | ---- | M | MD5 = 9BC8AB2A35C8F91A29C1C91DC50C557F] (CANON INC.)
ccleaner.exe -> C:\Programme\CCleaner\CCleaner.exe [C:\Programme\CCleaner\ccleaner.exe] -> [2008.12.19 20:28:02 | 001,434,864 | ---- | M | MD5 = 77B5DEED233A831C5B7B7307BF523FA5] (Piriform Ltd)
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2001.08.18 21:00:00 | 000,042,575 | ---- | M | MD5 = 5CB19E77D8D7EDE3F803B52D3C8CDE16] (Microsoft Corporation)
chrome.exe -> C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe [C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe] -> [2010.07.23 00:02:16 | 000,945,720 | ---- | M | MD5 = ACFB580CF019C28EC17E34398BE199AA] (Google Inc.)
CNELMAIN.EXE -> C:\Programme\Canon\Easy-PhotoPrint EX\CNELMAIN.EXE [C:\Programme\Canon\Easy-PhotoPrint EX\CNELMAIN.EXE] -> [2008.04.15 19:00:00 | 000,067,160 | ---- | M | MD5 = DBC3FAB938D87599F21F941FAE93DBCC] (CANON INC.)
CNEZMAIN.EXE -> C:\Programme\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE [C:\Programme\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE] -> [2008.04.15 19:00:00 | 002,655,576 | ---- | M | MD5 = B79854A40C38A0D284C0089BEC65F326] (CANON INC.)
CNSLMAIN.EXE -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
combofix.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Combo-Fix.exe [C:\Dokumente und Einstellungen\Kerstin\Desktop\Combo-Fix.exe] -> [2010.08.09 17:58:59 | 003,817,853 | R--- | M | MD5 = 627CB4D3CB47FE5CD586CCA5C182832E] ()
CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 07:52:40 | 001,040,384 | ---- | M | MD5 = D52FA0554CC9A767299710BBE7454A35] (Microsoft Corporation)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 07:52:44 | 000,545,280 | ---- | M | MD5 = 32540B63C37A6592E0FEB8AE598154A7] (Microsoft Corporation)
gimp-2.6.exe -> C:\Programme\GIMP-2.0\bin\gimp-2.6.exe [C:\Programme\GIMP-2.0\bin\gimp-2.6.exe] -> [2009.08.14 00:45:44 | 004,186,264 | ---- | M | MD5 = 937837ACB15AC8E8D40AC0E0C6181613] ()
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe [%Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 07:52:48 | 000,769,024 | ---- | M | MD5 = B63C804F5777FB0694D083F321ED6071] (Microsoft Corporation)
HijackThis.exe -> C:\Programme\Trend Micro\HijackThis\HijackThis.exe [C:\Programme\Trend Micro\HijackThis\hijackthis.exe] -> [2009.04.20 17:40:07 | 000,396,288 | ---- | M | MD5 = C4CA7416A6DF6D95075F81D9E3B41AD1] (Trend Micro Inc.)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2001.08.18 21:00:00 | 000,042,573 | ---- | M | MD5 = 3889F32864A1BCB40B52BAB8DAE7CD79] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2001.08.18 21:00:00 | 000,028,160 | ---- | M | MD5 = 8430D122A2889AEF9F2783B70A1312F0] (Hilgraeve, Inc.)
ICQ.exe -> C:\Programme\ICQ6.5\ICQ.exe [C:\Programme\ICQ6.5\ICQ.exe] -> [2009.03.01 12:59:42 | 000,172,792 | ---- | M | MD5 = E4C751DE871A863271889B4177D52F66] (ICQ, LLC.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 07:52:50 | 000,218,624 | ---- | M | MD5 = 2E7A34FE32391BE7E355CF2112CBFDA2] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 07:52:50 | 000,086,016 | ---- | M | MD5 = BF8908D9736640CD2B568C360AABAAAD] (Microsoft Corporation)
ImageDrive.exe -> C:\Programme\Ahead\ImageDrive\ImageDrive.exe [C:\Programme\Ahead\ImageDrive\ImageDrive.exe] -> [2005.03.03 20:34:30 | 000,893,016 | ---- | M | MD5 = 4137F411580940BBF88390A03B6D0C78] (Ahead Software AG)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 07:52:50 | 000,020,480 | ---- | M | MD5 = B0C09CCBD188660FBEC6780638F7D430] (Microsoft Corporation)
infopath.exe -> C:\Programme\Microsoft Office\OFFICE11\INFOPATH.EXE [C:\Programme\Microsoft Office\OFFICE11\INFOPATH.EXE] -> [2008.08.18 17:51:58 | 007,088,648 | ---- | M | MD5 = 3D458750347E43CF7950E4A3B7FD3A4C] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2001.08.18 21:00:00 | 000,016,384 | ---- | M | MD5 = F692F7AAA0A5C08D7C86E9EB799D4FE8] (Microsoft Corporation)
iTunes.exe -> C:\Programme\iTunes\iTunes.exe [C:\Programme\iTunes\iTunes.exe] -> [2009.07.13 14:02:56 | 014,074,656 | ---- | M | MD5 = F5BDBF356BC29A09C12F7BF576A7CD2E] (Apple Inc.)
javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2009.02.08 15:37:30 | 000,148,888 | ---- | M | MD5 = 69B31B8DC82934B6ABEE215C6C6654C7] (Sun Microsystems, Inc.)
LGInternetKit.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29 12:19:18 | 001,090,952 | ---- | M | MD5 = 47EA3CF0F509480554A058C6D7641ED0] (Malwarebytes Corporation)
MediaGo.exe -> C:\Programme\Sony\Media Go\MediaGo.exe [C:\Programme\Sony\Media Go\MediaGo.exe] -> [2009.02.12 12:48:34 | 012,430,080 | ---- | M | MD5 = 2B3C79BA90D7B42EF7E3B549146D5BE7] (Sony Creative Software Inc.)
MediaShow -> C:\Programme\Home Cinema\MediaShow\MediaShow.exe [C:\Programme\Home Cinema\MediaShow\MediaShow.exe] -> [2005.01.06 23:08:50 | 008,159,232 | ---- | M | MD5 = 1A83067A5AD76FFCDAB5365153055B0E] (CyberLink Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 07:52:52 | 000,252,416 | ---- | M | MD5 = A85632ECE7174A730217BEA3B18FAE76] (Microsoft Corporation)
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2009.10.23 17:28:37 | 003,558,912 | ---- | M | MD5 = E002A7E05185BD7FC7646CD229311B22] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 07:52:54 | 000,004,639 | ---- | M | MD5 = 74454AD03540B9E8B9C39563A4F10FB7] (Microsoft Corporation)
mpnex.exe -> C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe [C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe] -> [2008.04.15 14:02:24 | 006,358,352 | ---- | M | MD5 = ACA656DCEABD15E4A8A32523BBB695C4] (CANON INC.)
mpnex20.exe -> C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe [C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe] -> [2008.04.15 14:02:24 | 006,358,352 | ---- | M | MD5 = ACA656DCEABD15E4A8A32523BBB695C4] (CANON INC.)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2008.04.14 07:52:54 | 000,172,544 | ---- | M | MD5 = 07224089294758E956FA1DBCBF51B801] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 07:52:54 | 000,060,416 | ---- | M | MD5 = 426DC783E4E718B9F38A4C31436154FA] (Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2001.08.18 21:00:00 | 000,040,448 | ---- | M | MD5 = 7A4FB4C5ABEB89628D69AEC1BFD68449] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msoxmled.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE [C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE] -> [2007.03.22 20:13:38 | 000,058,720 | ---- | M | MD5 = C8E603EF810C0EDF63C5597E9704534B] (Microsoft Corporation)
MSPUB.EXE -> C:\Programme\Microsoft Office\OFFICE11\MSPUB.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\MSPUB.EXE] -> [2010.04.17 00:16:12 | 006,656,336 | ---- | M | MD5 = E61F79E93FA67AFC1C315A126295D76F] (Microsoft Corporation)
mspview.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [C:\PROGRA~1\GEMEIN~1\MICROS~1\MODI\11.0\MSPVIEW.EXE] -> [2007.04.09 14:24:00 | 000,367,496 | ---- | M | MD5 = 5EBDE1FA0EAB847933E45FBE9A0C7EDF] (Microsoft Corporation)
myphoneexplorer.exe -> C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe [C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe] -> [2007.07.22 12:54:18 | 002,867,200 | ---- | M | MD5 = 60E7A63CB9731A080CBA046C654E94BB] (F.J. Wechselberger)
NC.EXE -> C:\Programme\Symantec\Norton Commander\NC.EXE [C:\Programme\Symantec\Norton Commander\NC.EXE] -> [1998.11.05 23:48:34 | 000,025,088 | ---- | M | MD5 = 5A148D4167578B218C517F537151A9A5] ()
NCoverEd.exe -> C:\Programme\Ahead\CoverDesigner\CoverDes.exe [C:\Programme\Ahead\CoverDesigner\CoverDes.exe] -> [2006.12.13 14:28:24 | 002,945,110 | ---- | M | MD5 = BAEE8DD1618833D26F14653524BBCC2A] (Nero AG)
nero.exe -> C:\Programme\Ahead\Nero\nero.exe [C:\Programme\Ahead\nero\nero.exe] -> [2006.12.13 13:51:46 | 016,855,108 | ---- | M | MD5 = F4F774F6FEC271F49BE0356E6138C088] (Ahead Software AG)
NeroStartSmart.exe -> C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe [C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe] -> [2006.12.13 14:43:22 | 004,866,135 | ---- | M | MD5 = EA15D76C2E8AEBCE8A011AEA8E403214] (Ahead Software AG)
ois.exe -> C:\Programme\Microsoft Office\OFFICE11\OIS.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\OIS.EXE] -> [2007.03.22 20:06:22 | 000,287,576 | ---- | M | MD5 = DEDC406BFC5AC20E397480DC772119D5] (Microsoft Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M | MD5 = 8B9D6800D0CAC42132CD1573A13CFE7B] (Microsoft Corporation)
PCI_FR_40 -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
PhotoNow.exe -> C:\Programme\Home Cinema\PhotoNow\PhotoNow.exe [C:\Programme\Home Cinema\PhotoNow\PhotoNow.exe] -> [2005.01.06 23:09:32 | 002,248,704 | ---- | M | MD5 = DE1E02E81557726317D2FAD2052C9134] ()
PictureViewer.exe -> C:\Programme\QuickTime\PictureViewer.exe [C:\Programme\QuickTime\PictureViewer.exe] -> [2009.05.26 17:18:26 | 000,548,864 | ---- | M | MD5 = C7ED7E51B4F2DE3BB1B86C33A2A9743F] (Apple Inc.)
pinball.exe -> C:\Programme\Windows NT\Pinball\PINBALL.EXE [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 07:52:58 | 000,282,624 | ---- | M | MD5 = 97738A3B0AC3CD5C52BB350CBEEC2F23] (Cinematronics)
PowerCinema -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
PowerCinema.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
PowerDirector -> C:\Programme\Home Cinema\PowerDirector\PowerDirector.exe [C:\Programme\Home Cinema\PowerDirector\PowerDirector.exe] -> [2005.04.19 23:24:18 | 003,346,432 | ---- | M | MD5 = 0D4AFC7D262F99D909C90D183ABB4E91] (Cyberlink Corp.)
PowerDVD -> C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe [C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe] -> [2005.02.24 21:29:20 | 000,512,000 | ---- | M | MD5 = CD2398E799D793255C7F77EDFD9936BE] (CyberLink Corp.)
PowerDVD.exe -> C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe [C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe] -> [2005.02.24 21:29:20 | 000,512,000 | ---- | M | MD5 = CD2398E799D793255C7F77EDFD9936BE] (CyberLink Corp.)
powerpnt.exe -> C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\POWERPNT.EXE] -> [2010.04.17 00:14:14 | 006,418,776 | ---- | M | MD5 = 845311B9DCE25F9267D4EE52CC263941] (Microsoft Corporation)
PowerProducer -> C:\Programme\Home Cinema\PowerProducer\Producer.exe [C:\Programme\Home Cinema\PowerProducer\Producer.exe] -> [2005.04.20 12:17:08 | 001,703,936 | ---- | M | MD5 = BA011932877814D1E1319DD0C6C18E1B] (CyberLink)
QuickTimePlayer.exe -> C:\Programme\QuickTime\QuickTimePlayer.exe [C:\Programme\QuickTime\QuickTimePlayer.exe] -> [2009.05.26 17:18:52 | 007,697,712 | ---- | M | MD5 = 6D52C9E4E025252E989677245C79FD52] (Apple Inc.)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2001.08.18 21:00:00 | 000,042,574 | ---- | M | MD5 = 155494D43CEDCCF40760ACB148A303E3] (Microsoft Corporation)
SEPCSuite.exe -> C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe] -> [2009.02.16 12:15:58 | 000,405,504 | ---- | M | MD5 = AE4B5E7C2B314A5D0474053BF89C38FA] (Sony Ericsson Mobile Communications AB)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2001.08.18 21:00:00 | 000,042,573 | ---- | M | MD5 = 0C06802AE1870C4143021803079FCC99] (Microsoft Corporation)
SopCast.exe -> C:\Programme\SopCast\SopCast.exe [C:\Programme\SopCast\SopCast.exe] -> [2008.04.30 10:32:48 | 001,892,352 | ---- | M | MD5 = D2C63C0E561ACCDADCBA382C8867EF33] (SopCast - Free P2P internet TV | live football, NBA, cricket)
Surf & E-Mail-Stick.exe -> C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe [C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe] -> [2009.03.12 09:53:30 | 000,114,688 | ---- | M | MD5 = 1BE2827362C20C6BF7C9A7B359A67FD0] ()
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 07:53:06 | 000,046,080 | ---- | M | MD5 = 72AD946DD359A5E3C69B90205007230B] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 07:53:06 | 000,030,208 | ---- | M | MD5 = 06526C5E456F78B90593CEC8D4C955E8] (Microsoft Corporation)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
WinRAR.exe -> C:\Programme\WinRAR\WinRAR.exe [C:\Programme\WinRAR\WinRAR.exe] -> [2009.08.16 18:04:42 | 001,037,312 | ---- | M | MD5 = B6A214BACD0C5BE45C4D093032DD884B] ()
Winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\WINWORD.EXE] -> [2010.04.17 00:18:36 | 012,315,992 | ---- | M | MD5 = 5F0F0950D6A294C7FF6DB818967AD8BA] (Microsoft Corporation)
winzip.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WinZip\winzip32.exe] -> [2009.02.02 23:09:13 | 001,458,240 | ---- | M | MD5 = 03A8F1D73EF542B0BA81670FCAA413A6] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
winzip32.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WinZip\winzip32.exe] -> [2009.02.02 23:09:13 | 001,458,240 | ---- | M | MD5 = 03A8F1D73EF542B0BA81670FCAA413A6] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
wlmail.exe -> C:\Programme\Windows Live\Mail\wlmail.exe [C:\Programme\Windows Live\Mail\wlmail.exe] -> [2009.07.26 17:44:14 | 000,112,464 | ---- | M | MD5 = CC9D6AC0B725CBA911E267F79660D15B] (Microsoft Corporation)
WMPBurn.exe -> C:\Programme\Ahead\WMPBurn\WMPBurn.exe [C:\Programme\Ahead\WMPBurn\WMPBurn.exe] -> [2004.01.08 17:19:24 | 001,265,664 | ---- | M | MD5 = 095AFAB8590191E9C801A795D2EBA6C9] (Ahead Software AG)
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.11.03 10:56:14 | 000,064,000 | ---- | M | MD5 = 3F65D5D0A00427D19B2D1461580E2777] (Microsoft Corporation)
WORDPAD.EXE -> C:\Programme\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> File not found
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M | MD5 = A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008.07.29 22:26:06 | 000,301,568 | ---- | M | MD5 = D14A3D769A9B831D82021DBC1B7DB844] (Microsoft Corporation)
YouCam -> C:\Programme\CyberLink\YouCam\YouCam.exe [C:\Programme\CyberLink\YouCam\YouCam.exe] -> [2008.05.07 17:39:30 | 001,336,616 | ---- | M | MD5 = D0964FF36CED9075E5ED41FB5220FD6D] (CyberLink Corp.)
yourapp.Exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Viewer Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Autoplay Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Viewer Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Editor Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F374B7-B390-4884-B372-2FC349F2172B}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Editor Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{0563DB41-F538-4B37-A92D-4659049B7766}" [HKLM] -> C:\Programme\Windows Live\Mail\mailcomm.dll [WLMD Message Handler] -> [2009.07.26 17:44:48 | 000,789,824 | ---- | M | MD5 = 021E1FA87DAB47ACE09F900B00074774] (Microsoft Corporation)
"{06A2568A-CED6-4187-BB20-400B8C02BE5A}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [] -> [2009.07.10 13:12:00 | 000,230,256 | ---- | M | MD5 = 08BABBC59A813C24A4815ECD8DF881DF] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 07:52:24 | 000,487,424 | ---- | M | MD5 = 56330321BEF8767D8E952886EFD854E0] (Microsoft Corporation)
"{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Autoplay Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" [HKLM] -> C:\Programme\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> [2009.08.28 10:32:36 | 001,066,280 | ---- | M | MD5 = 56C41554C3FC3F9969BC5A4404191844] (Synaptics Incorporated)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 07:52:34 | 000,032,768 | ---- | M | MD5 = 77CD31AAC4A19DC893E613893DB9AA91] (Microsoft Corporation)
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2003.07.14 23:52:58 | 000,067,128 | ---- | M | MD5 = 165AE7A443F2139DD2C078AD87699F91] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
"{44440D00-FF19-4AFC-B765-9A0970567D97}" [HKLM] -> C:\WINDOWS\system32\uxtuneup.dll [TuneUp Theme Extension] -> [2008.12.11 14:31:36 | 000,027,904 | ---- | M | MD5 = 4360D5653E885479FED75C378E9FAAB3] (TuneUp Software)
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir Desktop\shlext.dll [Shell Extension for Malware scanning] -> [2010.02.02 12:54:55 | 000,086,376 | ---- | M | MD5 = 902C61F27C86B4A0C0BFF31F154DDBEB] (Avira GmbH)
"{4838CD50-7E5D-4811-9B17-C47A85539F28}" [HKLM] -> C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll [TuneUp Disk Space Explorer Shell Extension] -> [2008.12.11 14:31:56 | 000,025,856 | ---- | M | MD5 = D0931C71B6204817B54E56089A484CB9] (TuneUp Software)
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" [HKLM] -> C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> [2008.12.11 14:32:10 | 000,027,392 | ---- | M | MD5 = D74613A548B310661D3C2E8EE1D2E6D5] (TuneUp Software)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2001.08.18 21:00:00 | 000,044,544 | ---- | M | MD5 = A0273EDC903D503BE8747A1DB6928879] (Hilgraeve, Inc.)
"{94586423-855F-4EB2-9F6A-D9DA5658DBE3}" [HKLM] -> C:\Programme\Free M4a to MP3 Converter\m4a_menu.dll [SxContextMenu1stConv] -> [2008.07.03 17:57:58 | 000,201,728 | ---- | M | MD5 = 22828E87A47716D1563663C939A3CD6D] ()
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Programme\WinRAR\RarExt.dll [WinRAR shell extension] -> [2009.08.16 18:06:02 | 000,141,312 | ---- | M | MD5 = A070B8C38CEB3A30CC18D1B7C433144C] ()
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" [HKLM] -> C:\Programme\iTunes\iTunesMiniPlayer.dll [iTunes] -> [2009.07.13 14:03:10 | 000,124,200 | ---- | M | MD5 = 5A5B242EA6904522F0023881C3847C7C] (Apple Inc.)
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2005.09.20 13:33:08 | 001,293,008 | ---- | M | MD5 = 32E82A0C6D4272407DC8547354EFA42B] (Microsoft Corporation)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2000.05.29 09:00:00 | 000,024,645 | ---- | M | MD5 = 5D37602E869519F68E39BB4855B4D6E7] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2000.05.29 09:00:00 | 000,024,645 | ---- | M | MD5 = 5D37602E869519F68E39BB4855B4D6E7] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2000.05.29 09:00:00 | 000,024,645 | ---- | M | MD5 = 5D37602E869519F68E39BB4855B4D6E7] (WinZip Computing, Inc.)
< Approved Shell Extensions [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ ->
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2005.09.20 13:33:08 | 001,293,008 | ---- | M | MD5 = 32E82A0C6D4272407DC8547354EFA42B] (Microsoft Corporation)
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008.04.14 07:53:08 | 000,199,680 | ---- | M | MD5 = 793600E335B7D7936FCBE9EB38BA3E0B] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010.01.29 16:43:35 | 000,307,260 | ---- | M | MD5 = BBD34DCBCEC28E415F634E03C0AB4DF4] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009.07.26 17:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008.04.14 07:51:30 | 000,086,016 | ---- | M | MD5 = 07C878A1F49E5BD6677366664F68561D] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2001.08.18 21:00:00 | 000,008,192 | ---- | M | MD5 = E5BECBCCE3AC3E8D594FCBE9A0338DF5] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008.04.14 08:52:32 | 000,054,272 | ---- | M | MD5 = 5B8DD211BBEA1410CE4D7B57BD6BB872] (Microsoft Corporation)
"VIDC.ACDV" -> C:\WINDOWS\System32\ACDV.dll [ACDV.dll] -> [2005.06.20 13:56:52 | 000,462,848 | ---- | M | MD5 = 5CC3F75623EEEC199CDAAA0E37525166] (ACD Systems)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008.04.14 07:52:14 | 000,080,384 | ---- | M | MD5 = 032958A69BB93CB042FECAFC7498BBDE] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001.08.18 21:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001.08.18 21:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008.04.14 07:53:08 | 000,848,384 | ---- | M | MD5 = CADC53118EA7B95D1EA7EBB068871689] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008.04.14 07:52:14 | 000,755,200 | ---- | M | MD5 = E92343AC6AA48A062FE970FA9E5CCF23] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002.04.24 13:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.)
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

Alt 09.08.2010, 20:05   #13
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



Kannst Du LESEN ?!

Zitat:
Zitat von Larusso
Hänge die Logfile hier an, die ist nicht gerade kurz
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.08.2010, 20:07   #14
shari4480
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2008.11.10 07:00:34 | 000,262,144 | ---- | M | MD5 = BFFC7808524CD816B9DF472581B9F1D7] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00 [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] ->
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] ->
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{3C3901C5-3455-3E0A-A214-0B093A5070A6} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] ->
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> Reg Error: Key error. [(default): Sicherheitsupdate für Windows XP (KB923789); IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] ->
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] ->
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] -> [(default): Webordner; IsInstalled: 1] ->
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] ->
{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] ->
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C314CE45-3392-3B73-B4E1-139CD41CA933} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx [(default): Adobe Flash Player; IsInstalled: 01 00 00 00 [binary data]] -> [2010.07.23 19:42:43 | 005,712,336 | R--- | M | MD5 = F366D1694E4D244A73F4E52817C38D5B] (Adobe Systems, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] -> File not found
{EF289A85-8E57-408d-BE47-73B55609861A} [HKLM] -> Reg Error: Key error. [(default): RootsUpdate; IsInstalled: 1] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] ->
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browseranpassungen; IsInstalled: 1] ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] ->
Microsoft Base Smart Card Crypto Provider Package [HKLM] -> Reg Error: Key error. [(no name); IsInstalled: 1] -> File not found
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->
AcroRd32.exe -> C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2009.12.22 02:57:30 | 000,349,616 | ---- | M | MD5 = C528536BF4E4C14C2E3171900E588443] (Adobe Systems Incorporated)
BackItUp.EXE -> C:\Programme\Ahead\Nero BackItUp\BackItUp.exe [C:\Programme\Ahead\Nero BackItUp\BackItUp.exe] -> [2006.09.15 14:25:14 | 006,537,216 | ---- | M | MD5 = D06CBED66320D58706C0CD7C8310897E] (Ahead Software AG)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2001.08.18 21:00:00 | 000,042,577 | ---- | M | MD5 = 201CA5901895B439557C945A73F213FD] (Microsoft Corporation)
BJMYPRT.EXE -> C:\Programme\Canon\MyPrinter\BJMYPRT.EXE [C:\Programme\Canon\MyPrinter\BJMyPrt.exe] -> [2008.03.03 18:06:00 | 001,848,648 | ---- | M | MD5 = 9BC8AB2A35C8F91A29C1C91DC50C557F] (CANON INC.)
ccleaner.exe -> C:\Programme\CCleaner\CCleaner.exe [C:\Programme\CCleaner\ccleaner.exe] -> [2008.12.19 20:28:02 | 001,434,864 | ---- | M | MD5 = 77B5DEED233A831C5B7B7307BF523FA5] (Piriform Ltd)
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2001.08.18 21:00:00 | 000,042,575 | ---- | M | MD5 = 5CB19E77D8D7EDE3F803B52D3C8CDE16] (Microsoft Corporation)
chrome.exe -> C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe [C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe] -> [2010.07.23 00:02:16 | 000,945,720 | ---- | M | MD5 = ACFB580CF019C28EC17E34398BE199AA] (Google Inc.)
CNELMAIN.EXE -> C:\Programme\Canon\Easy-PhotoPrint EX\CNELMAIN.EXE [C:\Programme\Canon\Easy-PhotoPrint EX\CNELMAIN.EXE] -> [2008.04.15 19:00:00 | 000,067,160 | ---- | M | MD5 = DBC3FAB938D87599F21F941FAE93DBCC] (CANON INC.)
CNEZMAIN.EXE -> C:\Programme\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE [C:\Programme\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE] -> [2008.04.15 19:00:00 | 002,655,576 | ---- | M | MD5 = B79854A40C38A0D284C0089BEC65F326] (CANON INC.)
CNSLMAIN.EXE -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
combofix.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Combo-Fix.exe [C:\Dokumente und Einstellungen\Kerstin\Desktop\Combo-Fix.exe] -> [2010.08.09 17:58:59 | 003,817,853 | R--- | M | MD5 = 627CB4D3CB47FE5CD586CCA5C182832E] ()
CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 07:52:40 | 001,040,384 | ---- | M | MD5 = D52FA0554CC9A767299710BBE7454A35] (Microsoft Corporation)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 07:52:44 | 000,545,280 | ---- | M | MD5 = 32540B63C37A6592E0FEB8AE598154A7] (Microsoft Corporation)
gimp-2.6.exe -> C:\Programme\GIMP-2.0\bin\gimp-2.6.exe [C:\Programme\GIMP-2.0\bin\gimp-2.6.exe] -> [2009.08.14 00:45:44 | 004,186,264 | ---- | M | MD5 = 937837ACB15AC8E8D40AC0E0C6181613] ()
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe [%Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 07:52:48 | 000,769,024 | ---- | M | MD5 = B63C804F5777FB0694D083F321ED6071] (Microsoft Corporation)
HijackThis.exe -> C:\Programme\Trend Micro\HijackThis\HijackThis.exe [C:\Programme\Trend Micro\HijackThis\hijackthis.exe] -> [2009.04.20 17:40:07 | 000,396,288 | ---- | M | MD5 = C4CA7416A6DF6D95075F81D9E3B41AD1] (Trend Micro Inc.)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2001.08.18 21:00:00 | 000,042,573 | ---- | M | MD5 = 3889F32864A1BCB40B52BAB8DAE7CD79] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2001.08.18 21:00:00 | 000,028,160 | ---- | M | MD5 = 8430D122A2889AEF9F2783B70A1312F0] (Hilgraeve, Inc.)
ICQ.exe -> C:\Programme\ICQ6.5\ICQ.exe [C:\Programme\ICQ6.5\ICQ.exe] -> [2009.03.01 12:59:42 | 000,172,792 | ---- | M | MD5 = E4C751DE871A863271889B4177D52F66] (ICQ, LLC.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 07:52:50 | 000,218,624 | ---- | M | MD5 = 2E7A34FE32391BE7E355CF2112CBFDA2] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 07:52:50 | 000,086,016 | ---- | M | MD5 = BF8908D9736640CD2B568C360AABAAAD] (Microsoft Corporation)
ImageDrive.exe -> C:\Programme\Ahead\ImageDrive\ImageDrive.exe [C:\Programme\Ahead\ImageDrive\ImageDrive.exe] -> [2005.03.03 20:34:30 | 000,893,016 | ---- | M | MD5 = 4137F411580940BBF88390A03B6D0C78] (Ahead Software AG)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 07:52:50 | 000,020,480 | ---- | M | MD5 = B0C09CCBD188660FBEC6780638F7D430] (Microsoft Corporation)
infopath.exe -> C:\Programme\Microsoft Office\OFFICE11\INFOPATH.EXE [C:\Programme\Microsoft Office\OFFICE11\INFOPATH.EXE] -> [2008.08.18 17:51:58 | 007,088,648 | ---- | M | MD5 = 3D458750347E43CF7950E4A3B7FD3A4C] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2001.08.18 21:00:00 | 000,016,384 | ---- | M | MD5 = F692F7AAA0A5C08D7C86E9EB799D4FE8] (Microsoft Corporation)
iTunes.exe -> C:\Programme\iTunes\iTunes.exe [C:\Programme\iTunes\iTunes.exe] -> [2009.07.13 14:02:56 | 014,074,656 | ---- | M | MD5 = F5BDBF356BC29A09C12F7BF576A7CD2E] (Apple Inc.)
javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2009.02.08 15:37:30 | 000,148,888 | ---- | M | MD5 = 69B31B8DC82934B6ABEE215C6C6654C7] (Sun Microsystems, Inc.)
LGInternetKit.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29 12:19:18 | 001,090,952 | ---- | M | MD5 = 47EA3CF0F509480554A058C6D7641ED0] (Malwarebytes Corporation)
MediaGo.exe -> C:\Programme\Sony\Media Go\MediaGo.exe [C:\Programme\Sony\Media Go\MediaGo.exe] -> [2009.02.12 12:48:34 | 012,430,080 | ---- | M | MD5 = 2B3C79BA90D7B42EF7E3B549146D5BE7] (Sony Creative Software Inc.)
MediaShow -> C:\Programme\Home Cinema\MediaShow\MediaShow.exe [C:\Programme\Home Cinema\MediaShow\MediaShow.exe] -> [2005.01.06 23:08:50 | 008,159,232 | ---- | M | MD5 = 1A83067A5AD76FFCDAB5365153055B0E] (CyberLink Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 07:52:52 | 000,252,416 | ---- | M | MD5 = A85632ECE7174A730217BEA3B18FAE76] (Microsoft Corporation)
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2009.10.23 17:28:37 | 003,558,912 | ---- | M | MD5 = E002A7E05185BD7FC7646CD229311B22] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 07:52:54 | 000,004,639 | ---- | M | MD5 = 74454AD03540B9E8B9C39563A4F10FB7] (Microsoft Corporation)
mpnex.exe -> C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe [C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe] -> [2008.04.15 14:02:24 | 006,358,352 | ---- | M | MD5 = ACA656DCEABD15E4A8A32523BBB695C4] (CANON INC.)
mpnex20.exe -> C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe [C:\Programme\Canon\MP Navigator EX 2.0\mpnex20.exe] -> [2008.04.15 14:02:24 | 006,358,352 | ---- | M | MD5 = ACA656DCEABD15E4A8A32523BBB695C4] (CANON INC.)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2008.04.14 07:52:54 | 000,172,544 | ---- | M | MD5 = 07224089294758E956FA1DBCBF51B801] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 07:52:54 | 000,060,416 | ---- | M | MD5 = 426DC783E4E718B9F38A4C31436154FA] (Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2001.08.18 21:00:00 | 000,040,448 | ---- | M | MD5 = 7A4FB4C5ABEB89628D69AEC1BFD68449] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msoxmled.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE [C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE] -> [2007.03.22 20:13:38 | 000,058,720 | ---- | M | MD5 = C8E603EF810C0EDF63C5597E9704534B] (Microsoft Corporation)
MSPUB.EXE -> C:\Programme\Microsoft Office\OFFICE11\MSPUB.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\MSPUB.EXE] -> [2010.04.17 00:16:12 | 006,656,336 | ---- | M | MD5 = E61F79E93FA67AFC1C315A126295D76F] (Microsoft Corporation)
mspview.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [C:\PROGRA~1\GEMEIN~1\MICROS~1\MODI\11.0\MSPVIEW.EXE] -> [2007.04.09 14:24:00 | 000,367,496 | ---- | M | MD5 = 5EBDE1FA0EAB847933E45FBE9A0C7EDF] (Microsoft Corporation)
myphoneexplorer.exe -> C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe [C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe] -> [2007.07.22 12:54:18 | 002,867,200 | ---- | M | MD5 = 60E7A63CB9731A080CBA046C654E94BB] (F.J. Wechselberger)
NC.EXE -> C:\Programme\Symantec\Norton Commander\NC.EXE [C:\Programme\Symantec\Norton Commander\NC.EXE] -> [1998.11.05 23:48:34 | 000,025,088 | ---- | M | MD5 = 5A148D4167578B218C517F537151A9A5] ()
NCoverEd.exe -> C:\Programme\Ahead\CoverDesigner\CoverDes.exe [C:\Programme\Ahead\CoverDesigner\CoverDes.exe] -> [2006.12.13 14:28:24 | 002,945,110 | ---- | M | MD5 = BAEE8DD1618833D26F14653524BBCC2A] (Nero AG)
nero.exe -> C:\Programme\Ahead\Nero\nero.exe [C:\Programme\Ahead\nero\nero.exe] -> [2006.12.13 13:51:46 | 016,855,108 | ---- | M | MD5 = F4F774F6FEC271F49BE0356E6138C088] (Ahead Software AG)
NeroStartSmart.exe -> C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe [C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe] -> [2006.12.13 14:43:22 | 004,866,135 | ---- | M | MD5 = EA15D76C2E8AEBCE8A011AEA8E403214] (Ahead Software AG)
ois.exe -> C:\Programme\Microsoft Office\OFFICE11\OIS.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\OIS.EXE] -> [2007.03.22 20:06:22 | 000,287,576 | ---- | M | MD5 = DEDC406BFC5AC20E397480DC772119D5] (Microsoft Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M | MD5 = 8B9D6800D0CAC42132CD1573A13CFE7B] (Microsoft Corporation)
PCI_FR_40 -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
PhotoNow.exe -> C:\Programme\Home Cinema\PhotoNow\PhotoNow.exe [C:\Programme\Home Cinema\PhotoNow\PhotoNow.exe] -> [2005.01.06 23:09:32 | 002,248,704 | ---- | M | MD5 = DE1E02E81557726317D2FAD2052C9134] ()
PictureViewer.exe -> C:\Programme\QuickTime\PictureViewer.exe [C:\Programme\QuickTime\PictureViewer.exe] -> [2009.05.26 17:18:26 | 000,548,864 | ---- | M | MD5 = C7ED7E51B4F2DE3BB1B86C33A2A9743F] (Apple Inc.)
pinball.exe -> C:\Programme\Windows NT\Pinball\PINBALL.EXE [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 07:52:58 | 000,282,624 | ---- | M | MD5 = 97738A3B0AC3CD5C52BB350CBEEC2F23] (Cinematronics)
PowerCinema -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
PowerCinema.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
PowerDirector -> C:\Programme\Home Cinema\PowerDirector\PowerDirector.exe [C:\Programme\Home Cinema\PowerDirector\PowerDirector.exe] -> [2005.04.19 23:24:18 | 003,346,432 | ---- | M | MD5 = 0D4AFC7D262F99D909C90D183ABB4E91] (Cyberlink Corp.)
PowerDVD -> C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe [C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe] -> [2005.02.24 21:29:20 | 000,512,000 | ---- | M | MD5 = CD2398E799D793255C7F77EDFD9936BE] (CyberLink Corp.)
PowerDVD.exe -> C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe [C:\Programme\Home Cinema\PowerDVD\PowerDVD.exe] -> [2005.02.24 21:29:20 | 000,512,000 | ---- | M | MD5 = CD2398E799D793255C7F77EDFD9936BE] (CyberLink Corp.)
powerpnt.exe -> C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\POWERPNT.EXE] -> [2010.04.17 00:14:14 | 006,418,776 | ---- | M | MD5 = 845311B9DCE25F9267D4EE52CC263941] (Microsoft Corporation)
PowerProducer -> C:\Programme\Home Cinema\PowerProducer\Producer.exe [C:\Programme\Home Cinema\PowerProducer\Producer.exe] -> [2005.04.20 12:17:08 | 001,703,936 | ---- | M | MD5 = BA011932877814D1E1319DD0C6C18E1B] (CyberLink)
QuickTimePlayer.exe -> C:\Programme\QuickTime\QuickTimePlayer.exe [C:\Programme\QuickTime\QuickTimePlayer.exe] -> [2009.05.26 17:18:52 | 007,697,712 | ---- | M | MD5 = 6D52C9E4E025252E989677245C79FD52] (Apple Inc.)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2001.08.18 21:00:00 | 000,042,574 | ---- | M | MD5 = 155494D43CEDCCF40760ACB148A303E3] (Microsoft Corporation)
SEPCSuite.exe -> C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe] -> [2009.02.16 12:15:58 | 000,405,504 | ---- | M | MD5 = AE4B5E7C2B314A5D0474053BF89C38FA] (Sony Ericsson Mobile Communications AB)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2001.08.18 21:00:00 | 000,042,573 | ---- | M | MD5 = 0C06802AE1870C4143021803079FCC99] (Microsoft Corporation)
SopCast.exe -> C:\Programme\SopCast\SopCast.exe [C:\Programme\SopCast\SopCast.exe] -> [2008.04.30 10:32:48 | 001,892,352 | ---- | M | MD5 = D2C63C0E561ACCDADCBA382C8867EF33] (SopCast - Free P2P internet TV | live football, NBA, cricket)
Surf & E-Mail-Stick.exe -> C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe [C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe] -> [2009.03.12 09:53:30 | 000,114,688 | ---- | M | MD5 = 1BE2827362C20C6BF7C9A7B359A67FD0] ()
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 07:53:06 | 000,046,080 | ---- | M | MD5 = 72AD946DD359A5E3C69B90205007230B] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 07:53:06 | 000,030,208 | ---- | M | MD5 = 06526C5E456F78B90593CEC8D4C955E8] (Microsoft Corporation)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
WinRAR.exe -> C:\Programme\WinRAR\WinRAR.exe [C:\Programme\WinRAR\WinRAR.exe] -> [2009.08.16 18:04:42 | 001,037,312 | ---- | M | MD5 = B6A214BACD0C5BE45C4D093032DD884B] ()
Winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE [C:\PROGRA~1\MICROS~3\OFFICE11\WINWORD.EXE] -> [2010.04.17 00:18:36 | 012,315,992 | ---- | M | MD5 = 5F0F0950D6A294C7FF6DB818967AD8BA] (Microsoft Corporation)
winzip.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WinZip\winzip32.exe] -> [2009.02.02 23:09:13 | 001,458,240 | ---- | M | MD5 = 03A8F1D73EF542B0BA81670FCAA413A6] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
winzip32.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WinZip\winzip32.exe] -> [2009.02.02 23:09:13 | 001,458,240 | ---- | M | MD5 = 03A8F1D73EF542B0BA81670FCAA413A6] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
wlmail.exe -> C:\Programme\Windows Live\Mail\wlmail.exe [C:\Programme\Windows Live\Mail\wlmail.exe] -> [2009.07.26 17:44:14 | 000,112,464 | ---- | M | MD5 = CC9D6AC0B725CBA911E267F79660D15B] (Microsoft Corporation)
WMPBurn.exe -> C:\Programme\Ahead\WMPBurn\WMPBurn.exe [C:\Programme\Ahead\WMPBurn\WMPBurn.exe] -> [2004.01.08 17:19:24 | 001,265,664 | ---- | M | MD5 = 095AFAB8590191E9C801A795D2EBA6C9] (Ahead Software AG)
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.11.03 10:56:14 | 000,064,000 | ---- | M | MD5 = 3F65D5D0A00427D19B2D1461580E2777] (Microsoft Corporation)
WORDPAD.EXE -> C:\Programme\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> File not found
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M | MD5 = A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008.07.29 22:26:06 | 000,301,568 | ---- | M | MD5 = D14A3D769A9B831D82021DBC1B7DB844] (Microsoft Corporation)
YouCam -> C:\Programme\CyberLink\YouCam\YouCam.exe [C:\Programme\CyberLink\YouCam\YouCam.exe] -> [2008.05.07 17:39:30 | 001,336,616 | ---- | M | MD5 = D0964FF36CED9075E5ED41FB5220FD6D] (CyberLink Corp.)
yourapp.Exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
"{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Viewer Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Autoplay Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Viewer Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Editor Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F374B7-B390-4884-B372-2FC349F2172B}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Editor Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{0563DB41-F538-4B37-A92D-4659049B7766}" [HKLM] -> C:\Programme\Windows Live\Mail\mailcomm.dll [WLMD Message Handler] -> [2009.07.26 17:44:48 | 000,789,824 | ---- | M | MD5 = 021E1FA87DAB47ACE09F900B00074774] (Microsoft Corporation)
"{06A2568A-CED6-4187-BB20-400B8C02BE5A}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [] -> [2009.07.10 13:12:00 | 000,230,256 | ---- | M | MD5 = 08BABBC59A813C24A4815ECD8DF881DF] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 07:52:24 | 000,487,424 | ---- | M | MD5 = 56330321BEF8767D8E952886EFD854E0] (Microsoft Corporation)
"{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Autoplay Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" [HKLM] -> C:\Programme\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> [2009.08.28 10:32:36 | 001,066,280 | ---- | M | MD5 = 56C41554C3FC3F9969BC5A4404191844] (Synaptics Incorporated)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 07:52:34 | 000,032,768 | ---- | M | MD5 = 77CD31AAC4A19DC893E613893DB9AA91] (Microsoft Corporation)
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2003.07.14 23:52:58 | 000,067,128 | ---- | M | MD5 = 165AE7A443F2139DD2C078AD87699F91] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
"{44440D00-FF19-4AFC-B765-9A0970567D97}" [HKLM] -> C:\WINDOWS\system32\uxtuneup.dll [TuneUp Theme Extension] -> [2008.12.11 14:31:36 | 000,027,904 | ---- | M | MD5 = 4360D5653E885479FED75C378E9FAAB3] (TuneUp Software)
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir Desktop\shlext.dll [Shell Extension for Malware scanning] -> [2010.02.02 12:54:55 | 000,086,376 | ---- | M | MD5 = 902C61F27C86B4A0C0BFF31F154DDBEB] (Avira GmbH)
"{4838CD50-7E5D-4811-9B17-C47A85539F28}" [HKLM] -> C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll [TuneUp Disk Space Explorer Shell Extension] -> [2008.12.11 14:31:56 | 000,025,856 | ---- | M | MD5 = D0931C71B6204817B54E56089A484CB9] (TuneUp Software)
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" [HKLM] -> C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> [2008.12.11 14:32:10 | 000,027,392 | ---- | M | MD5 = D74613A548B310661D3C2E8EE1D2E6D5] (TuneUp Software)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2001.08.18 21:00:00 | 000,044,544 | ---- | M | MD5 = A0273EDC903D503BE8747A1DB6928879] (Hilgraeve, Inc.)
"{94586423-855F-4EB2-9F6A-D9DA5658DBE3}" [HKLM] -> C:\Programme\Free M4a to MP3 Converter\m4a_menu.dll [SxContextMenu1stConv] -> [2008.07.03 17:57:58 | 000,201,728 | ---- | M | MD5 = 22828E87A47716D1563663C939A3CD6D] ()
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Programme\WinRAR\RarExt.dll [WinRAR shell extension] -> [2009.08.16 18:06:02 | 000,141,312 | ---- | M | MD5 = A070B8C38CEB3A30CC18D1B7C433144C] ()
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" [HKLM] -> C:\Programme\iTunes\iTunesMiniPlayer.dll [iTunes] -> [2009.07.13 14:03:10 | 000,124,200 | ---- | M | MD5 = 5A5B242EA6904522F0023881C3847C7C] (Apple Inc.)
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2005.09.20 13:33:08 | 001,293,008 | ---- | M | MD5 = 32E82A0C6D4272407DC8547354EFA42B] (Microsoft Corporation)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2000.05.29 09:00:00 | 000,024,645 | ---- | M | MD5 = 5D37602E869519F68E39BB4855B4D6E7] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2000.05.29 09:00:00 | 000,024,645 | ---- | M | MD5 = 5D37602E869519F68E39BB4855B4D6E7] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2000.05.29 09:00:00 | 000,024,645 | ---- | M | MD5 = 5D37602E869519F68E39BB4855B4D6E7] (WinZip Computing, Inc.)
< Approved Shell Extensions [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ ->
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2005.09.20 13:33:08 | 001,293,008 | ---- | M | MD5 = 32E82A0C6D4272407DC8547354EFA42B] (Microsoft Corporation)
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008.04.14 07:53:08 | 000,199,680 | ---- | M | MD5 = 793600E335B7D7936FCBE9EB38BA3E0B] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010.01.29 16:43:35 | 000,307,260 | ---- | M | MD5 = BBD34DCBCEC28E415F634E03C0AB4DF4] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009.07.26 17:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008.04.14 07:51:30 | 000,086,016 | ---- | M | MD5 = 07C878A1F49E5BD6677366664F68561D] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2001.08.18 21:00:00 | 000,008,192 | ---- | M | MD5 = E5BECBCCE3AC3E8D594FCBE9A0338DF5] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008.04.14 08:52:32 | 000,054,272 | ---- | M | MD5 = 5B8DD211BBEA1410CE4D7B57BD6BB872] (Microsoft Corporation)
"VIDC.ACDV" -> C:\WINDOWS\System32\ACDV.dll [ACDV.dll] -> [2005.06.20 13:56:52 | 000,462,848 | ---- | M | MD5 = 5CC3F75623EEEC199CDAAA0E37525166] (ACD Systems)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008.04.14 07:52:14 | 000,080,384 | ---- | M | MD5 = 032958A69BB93CB042FECAFC7498BBDE] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001.08.18 21:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001.08.18 21:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008.04.14 07:53:08 | 000,848,384 | ---- | M | MD5 = CADC53118EA7B95D1EA7EBB068871689] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008.04.14 07:52:14 | 000,755,200 | ---- | M | MD5 = E92343AC6AA48A062FE970FA9E5CCF23] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002.04.24 13:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.)
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
HidServ -> C:\WINDOWS\System32\hidserv.dll -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
UxTuneUp -> C:\WINDOWS\system32\uxtuneup.dll -> [2008.12.11 14:31:36 | 000,027,904 | ---- | M | MD5 = 4360D5653E885479FED75C378E9FAAB3] (TuneUp Software)
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value error.] -> [2007.04.19 14:57:40 | 000,046,432 | ---- | M | MD5 = ADC90EBBE2823C23A0406ACD3D6E9312] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2005.09.20 13:33:58 | 000,843,984 | ---- | M | MD5 = CF4FD106FA20DEA6E7856EA839237750] (Microsoft Corporation)
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2005.09.20 13:33:58 | 000,843,984 | ---- | M | MD5 = CF4FD106FA20DEA6E7856EA839237750] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2005.09.20 13:33:58 | 000,843,984 | ---- | M | MD5 = CF4FD106FA20DEA6E7856EA839237750] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000.04.19 19:47:36 | 000,520,117 | ---- | M | MD5 = 10DCCC0270637294A0A148E2A6720490] (Microsoft Corporation)
mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2009.03.24 17:47:14 | 008,058,192 | ---- | M | MD5 = 6038EB24E4B56F42E92072C5A306ECA8] (Microsoft Corporation)
wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> C:\Programme\Windows Live\Mail\mailcomm.dll[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler] -> [2009.07.26 17:44:48 | 000,789,824 | ---- | M | MD5 = 021E1FA87DAB47ACE09F900B00074774] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [0] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Programme\Avira\AntiVir Desktop\avsda.dll -> [2010.02.24 14:57:54 | 000,280,232 | ---- | M | MD5 = C75E711AE6EF95DC514143250E5B4B04] (Avira GmbH)
Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Programme\Avira\AntiVir Desktop\avsda.dll -> [2010.02.24 14:57:54 | 000,280,232 | ---- | M | MD5 = C75E711AE6EF95DC514143250E5B4B04] (Avira GmbH)
Protocol_Catalog9\Catalog_Entries\000000000008 -> C:\Programme\Avira\AntiVir Desktop\avsda.dll -> [2010.02.24 14:57:54 | 000,280,232 | ---- | M | MD5 = C75E711AE6EF95DC514143250E5B4B04] (Avira GmbH)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> CyberLink YouCam
{052FDD78-A6EA-3187-8386-C82F4CA3A929} -> Microsoft .NET Framework 3.5 Language Pack SP1 - deu
{0DD140D3-9563-481E-AA75-BA457CBDAEF2} -> PC Inspector File Recovery
{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series -> Canon MP240 series MP Drivers
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{1BC4026B-1957-4514-9058-2B542557F143} -> Opera 9.63
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live-Uploadtool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{2637C347-9DAD-11D6-9EA2-00055D0CA761} -> PowerCinema 4.0
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11
{283D4576-CBF8-4F65-84D3-7C5DC75F144E} -> ServicePack 1 Großer Reiseplaner 2008/2009
{2BA722D1-48D1-406E-9123-8AE5431D63EF} -> Windows Live Fotogalerie
{2FFE93F0-BB72-4E52-8761-354D1AAA9387} -> Sony Ericsson PC Suite 5.007.01
{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{372B31CF-77FB-4E29-860C-A0EA2985AB7F} -> O2Micro Flash Memory Card Reader Driver (x86)
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{3C3901C5-3455-3E0A-A214-0B093A5070A6} -> Microsoft .NET Framework 4 Client Profile
{40034B11-149E-4310-AE89-BB575B02525B} -> LG Internet Kit
{41E654A9-26D0-4EAC-854B-0FA824FFFABB} -> Windows Live Messenger
{52B97218-98CB-4B8B-9283-D213C85E1AA4} -> Windows Live Anmelde-Assistent
{55A29068-F2CE-456C-9148-C869879E2357} -> TuneUp Utilities 2009
{5FC68772-6D56-41C6-9DF1-24E868198AE6} -> Windows Live Call
{60DE4033-9503-48D1-A483-7846BD217CA9} -> ICQ6.5
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} -> PartitionMagic
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{76618402-179D-4699-A66B-D351C59436BC} -> Windows Live Sync
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1 -> PDF24 Creator
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF} -> Ralink RT2860 Wireless LAN Card
{90110407-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{90120000-00B2-0407-0000-0000000FF1CE} -> Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} -> iTunes
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AA7096C1-7BF8-483E-9CF1-E303842349BF} -> COMPUTERBILD-Abzockschutz
{AC76BA86-7AD7-1031-7B44-A93000000001} -> Adobe Reader 9.3.1 - Deutsch
{B7A0CE06-068E-11D6-97FD-0050BACBF861} -> PowerProducer
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} -> Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
{C314CE45-3392-3B73-B4E1-139CD41CA933} -> Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} -> Apple Mobile Device Support
{C4D738F7-996A-4C81-B8FA-C4E26D767E41} -> Windows Live Mail
{C78EAC6F-7A73-452E-8134-DBB2165C5A68} -> QuickTime
{C9BED750-1211-4480-B1A5-718A3BE15525} -> REALTEK GbE & FE Ethernet PCI-E NIC Driver
{C9C13822-A638-4331-99A3-4498A5901693} -> Media Go
{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D36DD326-7280-11D8-97C8-000129760CBE} -> PhotoNow! 1.0
{D5A9B7C0-8751-11D8-9D75-000129760D75} -> MediaShow 3.0
{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} -> LG USB Modem Drivers
{E2DFE069-083E-4631-9B6C-43C48E991DE5} -> Junk Mail filter update
{E3723A04-A894-4036-A78E-282E18F43C0A}_is1 -> Tinypic 3.14
{EB1B0104-6A57-446F-B855-FDF49151BE0C} -> O2Micro Flash Memory Card Windows Driver V2.04
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F750C986-5310-3A5A-95F8-4EC71C8AC01C} -> Microsoft .NET Framework 4 Client Profile DEU Language Pack
{F7B0939E-58DF-11DF-B3A6-005056806466} -> Google Earth
{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} -> Windows Live Essentials
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Shockwave Player -> Adobe Shockwave Player 11.5
AI RoboForm -> AI RoboForm (All Users)
ArtistScope Plugin IE 424.2.0.0 -> ArtistScope Plugin IE 42
ATI Display Driver -> ATI Display Driver
Audiograbber -> Audiograbber 1.83 SE
Audiograbber-Lame -> Audiograbber Lame-MP3-Plugin
Avira AntiVir Desktop -> Avira AntiVir Premium
Canon MP240 series Benutzerregistrierung -> Canon MP240 series Benutzerregistrierung
CANONIJPLM100 -> Inkjet Printer/Scanner Extended Survey Program
CanonMyPrinter -> Canon Utilities My Printer
CanonSolutionMenu -> Canon Utilities Solution Menu
CCleaner -> CCleaner (remove only)
Cheat Engine 5.5_is1 -> Cheat Engine 5.5
DVD Shrink DE_is1 -> DVD Shrink 3.2 deutsch (DeCSS-frei)
E.M. Free Photo Collage 1.30_is1 -> E.M. Free Photo Collage 1.30
Easy-PhotoPrint EX -> Canon Utilities Easy-PhotoPrint EX
ERUNT_is1 -> ERUNT 1.1j
EVEREST Home Edition_is1 -> EVEREST Home Edition v2.20
Fantasy Moon 3D Screensaver_is1 -> Fantasy Moon 3D Screensaver 1.3
FotoWorks_is1 -> FotoWorks
Free Audio CD Burner_is1 -> Free Audio CD Burner version 1.2
Free M4a to MP3 Converter_is1 -> Free M4a to MP3 Converter 6.0
Free YouTube to MP3 Converter_is1 -> Free YouTube to MP3 Converter version 3.3
Google Updater -> Google Updater
HijackThis -> HijackThis 2.0.2
ICQToolbar -> ICQ Toolbar
ie7 -> Windows Internet Explorer 7
ie8 -> Windows Internet Explorer 8
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> CyberLink YouCam
InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} -> PowerQuest PartitionMagic 8.0
InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C} -> O2Micro Flash Memory Card Windows Driver V2.04
Kalenderchen_is1 -> Kalenderchen 4
LiveUpdate -> LiveUpdate
MAGIX 3D Maker D -> MAGIX 3D Maker (embeded)
MAGIX Online Druck Service D -> MAGIX Online Druck Service 3.4.3.0 (D)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Messenger Plus! Live -> Messenger Plus! Live
Microsoft .NET Framework 3.5 Language Pack SP1 - deu -> Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile -> Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack -> Microsoft .NET Framework 4 Client Profile DEU Language Pack
MP Navigator EX 2.0 -> Canon MP Navigator EX 2.0
MPE -> MyPhoneExplorer
MSNINST -> MSN
Navilog1_is1 -> Navilog1 3.7.6
Nero - Burning Rom!UninstallKey -> Nero 6
Norton Commander -> Norton Commander
Photodex Presenter -> Photodex Presenter
Registry Mechanic_is1 -> Registry Mechanic 8.0
ShapeCollage -> Shape Collage
Sim AQUARIUM 2_is1 -> Sim AQUARIUM 2
SopCast -> SopCast 3.0.3
SpeedFan -> SpeedFan (remove only)
SuesswasserAquarium3D -> Süßwasser-Aquarium 3D
Surf & E-Mail-Stick -> Surf & E-Mail-Stick
SWR3 RauchFrei_is1 -> SWR3 RauchFrei Version 1.2
SynTPDeinstKey -> Synaptics Pointing Device Driver
The KMPlayer -> The KMPlayer (remove only)
Uninstall_is1 -> Uninstall 1.0.0.1
Wdf01009 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
WinGimp-2.0_is1 -> GIMP 2.6.7
WinLiveSuite_Wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR
WinZip -> WinZip
X10Hardware -> X10 Hardware(TM)
Xilisoft HD Video Converter -> Xilisoft HD Video Converter
< Uninstall List [HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Google Chrome -> Google Chrome
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 25.07.2010 14:12:29 Computer Name = PB | Source = WindowsLiveMessenger | ID = 15728647 -> Description =
Application [ Error ] 06.08.2010 12:58:07 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:08 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:09 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:09 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:10 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:10 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:11 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 06.08.2010 12:58:12 Computer Name = PB | Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Application [ Error ] 08.08.2010 16:02:21 Computer Name = PB | Source = Application Hang | ID = 1002 -> Description = Stillstehende Anwendung TFC.exe, Version 3.1.7.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
System [ Error ] 09.08.2010 12:05:37 Computer Name = PB | Source = Service Control Manager | ID = 7034 -> Description = Dienst "O2Micro Flash Memory Card Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
System [ Error ] 09.08.2010 12:05:37 Computer Name = PB | Source = Service Control Manager | ID = 7034 -> Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
System [ Error ] 09.08.2010 12:05:37 Computer Name = PB | Source = Service Control Manager | ID = 7034 -> Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
System [ Error ] 09.08.2010 12:05:37 Computer Name = PB | Source = Service Control Manager | ID = 7034 -> Description = Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
System [ Error ] 09.08.2010 12:05:37 Computer Name = PB | Source = Service Control Manager | ID = 7034 -> Description = Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
System [ Error ] 09.08.2010 12:05:38 Computer Name = PB | Source = Service Control Manager | ID = 7034 -> Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
System [ Error ] 09.08.2010 12:08:13 Computer Name = PB | Source = PlugPlayManager | ID = 11 -> Description = Das Gerät "Root\LEGACY_HJJCHZM\0000" wurde ohne vorbereitende Maßnahmen vom System entfernt.
System [ Error ] 09.08.2010 12:08:13 Computer Name = PB | Source = PlugPlayManager | ID = 11 -> Description = Das Gerät "Root\LEGACY_RHQNK\0000" wurde ohne vorbereitende Maßnahmen vom System entfernt.
System [ Error ] 09.08.2010 12:10:39 Computer Name = PB | Source = Service Control Manager | ID = 7026 -> Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: TfFsMon TfSysMon
System [ Error ] 09.08.2010 12:21:12 Computer Name = PB | Source = Service Control Manager | ID = 7026 -> Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: TfFsMon TfSysMon

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\OTS.exe -> [2010.08.09 20:40:13 | 000,641,536 | ---- | C | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
temp -> C:\WINDOWS\temp -> [2010.08.09 18:07:43 | 000,000,000 | ---D | C]
Combo-Fix5996C -> C:\Combo-Fix5996C -> [2010.08.09 18:04:38 | 000,000,000 | ---D | C]
Avira -> C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Avira -> [2010.08.09 17:19:58 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010.08.09 15:55:36 | 000,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010.08.09 15:40:55 | 000,212,480 | ---- | C | MD5 = B1A9CF0B6F80611D31987C247EC630B4] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010.08.09 15:40:55 | 000,161,792 | ---- | C | MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010.08.09 15:40:55 | 000,136,704 | ---- | C | MD5 = B7517DB073B28F5696A1E5528ABEB5D0] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010.08.09 15:40:55 | 000,031,232 | ---- | C | MD5 = AE72E8619CB31D84DA25E2435E55003C] (NirSoft)
Combo-Fix -> C:\Combo-Fix -> [2010.08.09 15:40:40 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010.08.09 15:40:14 | 000,000,000 | ---D | C]
_OTL -> C:\_OTL -> [2010.08.09 08:56:43 | 000,000,000 | ---D | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2010.08.08 21:39:41 | 000,000,000 | ---D | C]
ERUNT -> C:\Programme\ERUNT -> [2010.08.08 21:38:54 | 000,000,000 | ---D | C]
MFTools -> C:\Dokumente und Einstellungen\Kerstin\Desktop\MFTools -> [2010.08.08 21:36:05 | 000,000,000 | ---D | C]
SUPERAntiSpyware.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\SUPERAntiSpyware.exe -> [2010.08.08 19:34:03 | 009,157,960 | ---- | C | MD5 = E40EB1C3245E8DE42BA4DACD8127DBC3] (SUPERAntiSpyware.com)
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010.08.08 18:53:28 | 000,038,224 | ---- | C | MD5 = 7364D8A830F91C487F430A57FDBD2BBB] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010.08.08 18:53:26 | 000,020,952 | ---- | C | MD5 = A02C631493AB553A1112A6B699FE61B3] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Programme\Malwarebytes' Anti-Malware -> [2010.08.08 18:53:26 | 000,000,000 | ---D | C]
dududu.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\dududu.exe -> [2010.08.08 18:21:59 | 006,153,648 | ---- | C | MD5 = 390D20835E63512853C104B193BD1377] (Malwarebytes Corporation )
Minidump -> C:\WINDOWS\Minidump -> [2010.08.06 11:00:52 | 000,000,000 | ---D | C]
Avira -> C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira -> [2010.07.30 06:24:05 | 000,000,000 | ---D | C]
ToyStory3DVDSCREENERChefflo_M1sbf -> C:\Dokumente und Einstellungen\Kerstin\Desktop\ToyStory3DVDSCREENERChefflo_M1sbf -> [2010.07.29 20:19:08 | 000,000,000 | ---D | C]
Lavalys -> C:\Programme\Lavalys -> [2010.07.26 14:40:13 | 000,000,000 | ---D | C]
SpeedFan -> C:\Programme\SpeedFan -> [2010.07.23 22:22:29 | 000,000,000 | ---D | C]
spmsgXP_2k3.dll -> C:\WINDOWS\System32\spmsgXP_2k3.dll -> [2010.07.23 19:33:17 | 000,016,928 | ---- | C | MD5 = 87BBF015ADDE24DBAFF1FE5A114EDB9C] (Microsoft Corporation)
Synaptics -> C:\Programme\Synaptics -> [2010.07.23 19:33:09 | 000,000,000 | ---D | C]
SynTP.sys -> C:\WINDOWS\System32\drivers\SynTP.sys -> [2010.07.23 19:33:03 | 000,228,784 | ---- | C | MD5 = 6BEF3ACD6EE22EEC55B68699E8AACE09] (Synaptics Incorporated)
SynCtrl.dll -> C:\WINDOWS\System32\SynCtrl.dll -> [2010.07.23 19:33:03 | 000,206,120 | ---- | C | MD5 = 0363F8CEFCC72F55B92622B20C2CDEB2] (Synaptics Incorporated)
SynTPAPI.dll -> C:\WINDOWS\System32\SynTPAPI.dll -> [2010.07.23 19:33:03 | 000,161,064 | ---- | C | MD5 = 2DDC029DD444A2921C286357B5329B85] (Synaptics Incorporated)
SynTPCo4.dll -> C:\WINDOWS\System32\SynTPCo4.dll -> [2010.07.23 19:33:03 | 000,120,104 | ---- | C | MD5 = A24FD63D2E8CF7A05E70F7697EA3C413] (Synaptics Incorporated)
WdfCoInstaller01009.dll -> C:\WINDOWS\System32\WdfCoInstaller01009.dll -> [2010.07.23 19:33:02 | 001,461,992 | ---- | C | MD5 = A9970042BE512C7981B36E689C5F3F9F] (Microsoft Corporation)
SynCOM.dll -> C:\WINDOWS\System32\SynCOM.dll -> [2010.07.23 19:33:02 | 000,169,256 | ---- | C | MD5 = F495504BA51496A72635C7E9B3041660] (Synaptics Incorporated)
YahooToolbar -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\YahooToolbar -> [2010.07.23 16:00:43 | 000,000,000 | ---D | C]
WindowsPowerShell -> C:\WINDOWS\System32\WindowsPowerShell -> [2010.07.23 09:20:32 | 000,000,000 | ---D | C]
winrm -> C:\WINDOWS\System32\winrm -> [2010.07.23 09:20:31 | 000,000,000 | ---D | C]
GroupPolicy -> C:\WINDOWS\System32\GroupPolicy -> [2010.07.23 09:20:31 | 000,000,000 | ---D | C]
$968930Uinstall_KB968930$ -> C:\WINDOWS\$968930Uinstall_KB968930$ -> [2010.07.23 09:20:27 | 000,000,000 | -H-D | C]
NtmsData -> C:\WINDOWS\System32\NtmsData -> [2010.07.23 08:30:31 | 000,000,000 | ---D | C]
Avira -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Avira -> [2010.07.23 08:28:54 | 000,000,000 | ---D | C]
ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010.07.23 08:20:51 | 000,028,520 | ---- | C | MD5 = A36EE93698802CD899F98BFD553D8185] (Avira GmbH)
avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010.07.23 08:20:50 | 000,124,784 | ---- | C | MD5 = 41A6FCDC898B9710430876784627412E] (Avira GmbH)
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010.07.23 08:20:50 | 000,060,936 | ---- | C | MD5 = A88D29D928AD2B830E87B53E3F9BC182] (Avira GmbH)
avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010.07.23 08:20:50 | 000,045,416 | ---- | C | MD5 = 5B44C214F9CD9F590BE9125347610380] (Avira GmbH)
avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010.07.23 08:20:50 | 000,022,360 | ---- | C | MD5 = 87451AA7CC6B6A590EBCEA05E755075A] (Avira GmbH)
Avira -> C:\Programme\Avira -> [2010.07.23 08:20:50 | 000,000,000 | ---D | C]
PC Tools -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools -> [2010.07.22 16:10:10 | 000,000,000 | ---D | C]
iksyssec.sys -> C:\WINDOWS\System32\drivers\iksyssec.sys -> [2010.07.22 15:02:59 | 000,081,288 | ---- | C | MD5 = A44CB3CF3AF266665261A6E6C9CAC27C] (PCTools Research Pty Ltd.)
iksysflt.sys -> C:\WINDOWS\System32\drivers\iksysflt.sys -> [2010.07.22 15:02:59 | 000,066,952 | ---- | C | MD5 = 7E359671FD9595ECB1B0A33FB4184B19] (PCTools Research Pty Ltd.)
ikfilesec.sys -> C:\WINDOWS\System32\drivers\ikfilesec.sys -> [2010.07.22 15:02:59 | 000,040,840 | ---- | C | MD5 = FF9F262494FC23D77A6148D49D87D2DE] (PCTools Research Pty Ltd.)
kcom.sys -> C:\WINDOWS\System32\drivers\kcom.sys -> [2010.07.22 15:02:59 | 000,029,576 | ---- | C | MD5 = 8CB1AEA5CC79397319B139171DF877A0] (PCTools Research Pty Ltd.)
PC Tools -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\PC Tools -> [2010.07.22 15:02:37 | 000,000,000 | ---D | C]
IECompatCache -> C:\Dokumente und Einstellungen\Kerstin\IECompatCache -> [2010.07.22 14:58:02 | 000,000,000 | -HSD | C]
PrivacIE -> C:\Dokumente und Einstellungen\Kerstin\PrivacIE -> [2010.07.22 14:57:55 | 000,000,000 | -HSD | C]
IETldCache -> C:\Dokumente und Einstellungen\Kerstin\IETldCache -> [2010.07.22 14:38:18 | 000,000,000 | -HSD | C]
iedvtool.dll -> C:\WINDOWS\System32\dllcache\iedvtool.dll -> [2010.07.22 14:32:14 | 000,743,424 | ---- | C | MD5 = F41A9FD35F6A82EA44CFBE81EEC69506] (Microsoft Corporation)
ie8updates -> C:\WINDOWS\ie8updates -> [2010.07.22 14:32:11 | 000,000,000 | ---D | C]
ie8 -> C:\WINDOWS\ie8 -> [2010.07.22 14:30:06 | 000,000,000 | -H-D | C]
Malwarebytes -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Malwarebytes -> [2010.07.22 13:34:26 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes -> [2010.07.22 13:34:18 | 000,000,000 | ---D | C]
3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp ->

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010.08.09 20:55:00 | 000,001,088 | ---- | M | MD5 = F45AD0017E0C1FCD98EA69D7D5B6645C] ()
OTS.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\OTS.exe -> [2010.08.09 20:40:15 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003UA.job -> [2010.08.09 20:13:00 | 000,001,216 | ---- | M | MD5 = 76F5414ECB998E619E3E024708FD5D64] ()
GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1960408961-1417001333-1003Core.job -> [2010.08.09 20:13:00 | 000,001,164 | ---- | M | MD5 = D0BB083B5E7CE4C5D6F9740CFC67DFCA] ()
1-Klick-Wartung.job -> C:\WINDOWS\tasks\1-Klick-Wartung.job -> [2010.08.09 20:00:01 | 000,000,496 | ---- | M | MD5 = 8667A32542E17EB205A5CA30FD875A6B] ()
Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010.08.09 19:53:22 | 000,001,044 | ---- | M | MD5 = 38E6C9C5656C9A58912F46BEE842C9CB] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.08.09 18:21:19 | 000,002,206 | ---- | M | MD5 = F6C7B378E124657F5BB9FCC82ED5ABE7] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010.08.09 18:20:13 | 000,001,084 | ---- | M | MD5 = 0F5F60D987B36A91A326CA568339CFE5] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.08.09 18:20:12 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.08.09 18:20:10 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
system.ini -> C:\WINDOWS\system.ini -> [2010.08.09 18:09:38 | 000,000,227 | ---- | M | MD5 = C9DD76D0EF94637C77FF8CA5E0FB0684] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010.08.09 18:09:29 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] ()
NTUSER.DAT -> C:\Dokumente und Einstellungen\Kerstin\NTUSER.DAT -> [2010.08.09 18:08:30 | 009,961,472 | -H-- | M | Unable to obtain MD5] ()
ntuser.ini -> C:\Dokumente und Einstellungen\Kerstin\ntuser.ini -> [2010.08.09 18:08:30 | 000,000,190 | -HS- | M | MD5 = 3437668D99DBC2C3B952F11649E2AD49] ()
Combo-Fix.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Combo-Fix.exe -> [2010.08.09 17:58:59 | 003,817,853 | R--- | M | MD5 = 627CB4D3CB47FE5CD586CCA5C182832E] ()
boot.ini -> C:\boot.ini -> [2010.08.09 15:55:41 | 000,000,281 | RHS- | M | MD5 = 5730631551AE7CA5D64E9FA67EB963EB] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010.08.08 21:43:17 | 000,275,760 | ---- | M | MD5 = 857A879174F68781A00CF5F8D6A18207] ()
NTREGOPT.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\NTREGOPT.lnk -> [2010.08.08 21:38:55 | 000,000,596 | ---- | M | MD5 = 501478CF33C0D64ECBEF4DED419838FE] ()
ERUNT.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\ERUNT.lnk -> [2010.08.08 21:38:55 | 000,000,577 | ---- | M | MD5 = D1976ECB066FFB9DFE9096FBCBE4DE97] ()
Gmer.zip -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Gmer.zip -> [2010.08.08 21:36:11 | 000,284,915 | ---- | M | MD5 = FFC4C5DF1B1E8D28A3B7E015F7E4209D] ()
Load.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Load.exe -> [2010.08.08 21:35:32 | 000,410,850 | ---- | M | MD5 = A53DDF1267CFB3E0D97F88CB02DA1234] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010.08.08 20:08:11 | 000,000,116 | ---- | M | MD5 = 5866F5AC5FA90002CC1275789B715A60] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\Kerstin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.08.08 20:08:04 | 000,060,928 | ---- | M | MD5 = 8A4407AFF27161EB267D646F4D8C089E] ()
SUPERAntiSpyware.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\SUPERAntiSpyware.exe -> [2010.08.08 19:34:11 | 009,157,960 | ---- | M | MD5 = E40EB1C3245E8DE42BA4DACD8127DBC3] (SUPERAntiSpyware.com)
Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.08.08 18:53:30 | 000,000,681 | ---- | M | MD5 = 704515C86C1B07B933BA3EBD084EF7BE] ()
dududu.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\dududu.exe -> [2010.08.08 18:21:59 | 006,153,648 | ---- | M | MD5 = 390D20835E63512853C104B193BD1377] (Malwarebytes Corporation )
amaz.doc -> C:\Dokumente und Einstellungen\Kerstin\Desktop\amaz.doc -> [2010.08.08 15:37:54 | 000,502,272 | ---- | M | MD5 = BAEFFFEA1E21E5728B3145B5BCF23E1B] ()
Google Chrome.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Google Chrome.lnk -> [2010.07.28 15:13:44 | 000,002,385 | ---- | M | MD5 = 2B77336767E1E81F64F1C9BF46FD317A] ()
shell32.dll -> C:\WINDOWS\System32\dllcache\shell32.dll -> [2010.07.27 08:29:42 | 008,503,296 | ---- | M | MD5 = 12BA07A768B193ED55D7C5BDA9628A68] (Microsoft Corporation)
rowenta.doc -> C:\Dokumente und Einstellungen\Kerstin\Desktop\rowenta.doc -> [2010.07.26 20:26:11 | 002,357,760 | ---- | M | MD5 = 48B3746CFE4D8355C7C741F1D3C6969E] ()
EVEREST Home Edition.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\EVEREST Home Edition.lnk -> [2010.07.26 14:40:15 | 000,000,752 | ---- | M | MD5 = 0EF909755CD83E0117B13013ED4A2174] ()
sigpic7772_3.gif -> C:\Dokumente und Einstellungen\Kerstin\Desktop\sigpic7772_3.gif -> [2010.07.24 17:06:27 | 000,019,811 | ---- | M | MD5 = A0EB400EDCD9922EC60A8C2728EB825E] ()
SpeedFan.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\SpeedFan.lnk -> [2010.07.23 22:22:30 | 000,000,659 | ---- | M | MD5 = E5EF56679547FCBB53413B2637D8ED02] ()
initdebug.nfo -> C:\WINDOWS\System32\initdebug.nfo -> [2010.07.23 22:22:29 | 000,000,045 | ---- | M | MD5 = A4001C78F2806662B3BD91ACB44E6330] ()
installspeedfan440.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\installspeedfan440.exe -> [2010.07.23 22:21:58 | 001,891,864 | ---- | M | MD5 = D94C3E2E33168B6037A7C60008F85DF1] ()
Msft_Kernel_SynTP_01009.Wdf -> C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf -> [2010.07.23 19:33:26 | 000,000,000 | -H-- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf -> C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf -> [2010.07.23 19:33:23 | 000,000,000 | -H-- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010.07.23 19:33:22 | 000,001,374 | ---- | M | MD5 = 707735155CBF2347B7593EB53267A061] ()
ernsthafte_Frage.pps -> C:\Dokumente und Einstellungen\Kerstin\Desktop\ernsthafte_Frage.pps -> [2010.07.23 16:02:26 | 001,140,736 | ---- | M | MD5 = 42ABD9DE989CE4F4A23324B086BD492D] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010.07.23 09:25:42 | 001,184,714 | ---- | M | MD5 = E79D2B3EBFB9E276B52B9E4C635B1829] ()
perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.07.23 09:25:42 | 000,510,698 | ---- | M | MD5 = A36EA5F3E1E3FF296DF401EF5CBBCA93] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.07.23 09:25:42 | 000,488,000 | ---- | M | MD5 = A4793FADD98458FE49B4EE617BAB0F7A] ()
perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.07.23 09:25:42 | 000,098,314 | ---- | M | MD5 = 127027481062756139BF88C09070E5A1] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.07.23 09:25:42 | 000,081,840 | ---- | M | MD5 = F683BDED7A9E4091ADDB53055CAB96AC] ()
Avira AntiVir Control Center.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk -> [2010.07.23 08:21:05 | 000,001,676 | ---- | M | MD5 = 419E71F21E4C2BCE480FCA0E8B606018] ()
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010.07.22 14:48:58 | 000,002,953 | ---- | M | MD5 = 8C3B165556FFD23908488F16172E86FD] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010.07.22 13:26:03 | 000,000,664 | ---- | M | MD5 = 46F71D39E05DE2B3E15BF4F73CFEF597] ()
blackberry.jpg -> C:\Dokumente und Einstellungen\Kerstin\Desktop\blackberry.jpg -> [2010.07.17 16:39:15 | 000,005,446 | ---- | M | MD5 = 38B8790B530DB097048289F763A951DC] ()
pzr1(2).pdf -> C:\Dokumente und Einstellungen\Kerstin\Desktop\pzr1(2).pdf -> [2010.07.16 21:13:41 | 000,017,940 | ---- | M | MD5 = 143FA6AF1127E36FCAABCAAAE7395083] ()
3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp ->
2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->

[Files - No Company Name]
Combo-Fix.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Combo-Fix.exe -> [2010.08.09 17:58:59 | 003,817,853 | R--- | C | MD5 = 627CB4D3CB47FE5CD586CCA5C182832E] ()
Boot.bak -> C:\Boot.bak -> [2010.08.09 15:55:41 | 000,000,211 | ---- | C | MD5 = FA579938B0733B87066546AFE951082C] ()
cmldr -> C:\cmldr -> [2010.08.09 15:55:40 | 000,262,448 | ---- | C | MD5 = BF868D4249196E408EC3F3A615214161] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010.08.09 15:40:55 | 000,256,512 | ---- | C | MD5 = F1FBA6185A6A2BC6456970914875078E] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010.08.09 15:40:55 | 000,098,816 | ---- | C | MD5 = 2B657A67AEBB84AEA5632C53E61E23BF] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010.08.09 15:40:55 | 000,080,412 | ---- | C | MD5 = 9E05A9C264C8A908A8E79450FCBFF047] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010.08.09 15:40:55 | 000,077,312 | ---- | C | MD5 = C5EC72A20B4C98DB5314E6C46765B148] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010.08.09 15:40:55 | 000,068,096 | ---- | C | MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8] ()
gmer.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\gmer.exe -> [2010.08.08 21:41:55 | 000,293,376 | ---- | C | MD5 = F80F6E09E7F4BAFE478CA0DA6137E1E2] ()
NTREGOPT.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\NTREGOPT.lnk -> [2010.08.08 21:38:55 | 000,000,596 | ---- | C | MD5 = 501478CF33C0D64ECBEF4DED419838FE] ()
ERUNT.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\ERUNT.lnk -> [2010.08.08 21:38:55 | 000,000,577 | ---- | C | MD5 = D1976ECB066FFB9DFE9096FBCBE4DE97] ()
Gmer.zip -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Gmer.zip -> [2010.08.08 21:36:11 | 000,284,915 | ---- | C | MD5 = FFC4C5DF1B1E8D28A3B7E015F7E4209D] ()
Load.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\Load.exe -> [2010.08.08 21:35:37 | 000,410,850 | ---- | C | MD5 = A53DDF1267CFB3E0D97F88CB02DA1234] ()
Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.08.08 18:53:30 | 000,000,681 | ---- | C | MD5 = 704515C86C1B07B933BA3EBD084EF7BE] ()
amaz.doc -> C:\Dokumente und Einstellungen\Kerstin\Desktop\amaz.doc -> [2010.08.08 15:35:33 | 000,502,272 | ---- | C | MD5 = BAEFFFEA1E21E5728B3145B5BCF23E1B] ()
EVEREST Home Edition.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\EVEREST Home Edition.lnk -> [2010.07.26 14:40:15 | 000,000,752 | ---- | C | MD5 = 0EF909755CD83E0117B13013ED4A2174] ()
rowenta.doc -> C:\Dokumente und Einstellungen\Kerstin\Desktop\rowenta.doc -> [2010.07.25 16:34:07 | 002,357,760 | ---- | C | MD5 = 48B3746CFE4D8355C7C741F1D3C6969E] ()
sigpic7772_3.gif -> C:\Dokumente und Einstellungen\Kerstin\Desktop\sigpic7772_3.gif -> [2010.07.24 17:06:40 | 000,019,811 | ---- | C | MD5 = A0EB400EDCD9922EC60A8C2728EB825E] ()
SpeedFan.lnk -> C:\Dokumente und Einstellungen\Kerstin\Desktop\SpeedFan.lnk -> [2010.07.23 22:22:30 | 000,000,659 | ---- | C | MD5 = E5EF56679547FCBB53413B2637D8ED02] ()
initdebug.nfo -> C:\WINDOWS\System32\initdebug.nfo -> [2010.07.23 22:22:28 | 000,000,045 | ---- | C | MD5 = A4001C78F2806662B3BD91ACB44E6330] ()
installspeedfan440.exe -> C:\Dokumente und Einstellungen\Kerstin\Desktop\installspeedfan440.exe -> [2010.07.23 22:21:58 | 001,891,864 | ---- | C | MD5 = D94C3E2E33168B6037A7C60008F85DF1] ()
Msft_Kernel_SynTP_01009.Wdf -> C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf -> [2010.07.23 19:33:26 | 000,000,000 | -H-- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf -> C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf -> [2010.07.23 19:33:23 | 000,000,000 | -H-- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
ernsthafte_Frage.pps -> C:\Dokumente und Einstellungen\Kerstin\Desktop\ernsthafte_Frage.pps -> [2010.07.23 16:02:25 | 001,140,736 | ---- | C | MD5 = 42ABD9DE989CE4F4A23324B086BD492D] ()
Avira AntiVir Control Center.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk -> [2010.07.23 08:21:05 | 000,001,676 | ---- | C | MD5 = 419E71F21E4C2BCE480FCA0E8B606018] ()
HBEDV.KEY -> C:\Dokumente und Einstellungen\Kerstin\Desktop\HBEDV.KEY -> [2010.07.23 08:19:36 | 000,000,512 | ---- | C | MD5 = 47055BCF01FB0D44D474BE64E4C96114] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010.07.22 13:26:03 | 000,000,664 | ---- | C | MD5 = 46F71D39E05DE2B3E15BF4F73CFEF597] ()
blackberry.jpg -> C:\Dokumente und Einstellungen\Kerstin\Desktop\blackberry.jpg -> [2010.07.17 16:39:26 | 000,005,446 | ---- | C | MD5 = 38B8790B530DB097048289F763A951DC] ()
pzr1(2).pdf -> C:\Dokumente und Einstellungen\Kerstin\Desktop\pzr1(2).pdf -> [2010.07.16 21:13:41 | 000,017,940 | ---- | C | MD5 = 143FA6AF1127E36FCAABCAAAE7395083] ()
d3dx9.dll -> C:\WINDOWS\System32\d3dx9.dll -> [2010.01.07 20:40:58 | 001,970,176 | ---- | C | MD5 = B17FA8B31D403FAFF9143C5BD2F4646E] ()
PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2009.09.18 17:28:54 | 000,000,097 | ---- | C | MD5 = E6045091F9CE5E5FC87A7D9E6C25AADE] ()
DLLDEV32i.dll -> C:\WINDOWS\System32\DLLDEV32i.dll -> [2009.08.14 22:20:42 | 000,120,200 | ---- | C | MD5 = 1B91639DC95A10472718B00BB7BA9C26] ()
mgxoschk.ini -> C:\WINDOWS\mgxoschk.ini -> [2009.08.14 22:20:28 | 000,007,119 | ---- | C | MD5 = 158A0DC7C968867C99D481F9B97049FB] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2009.04.27 16:43:13 | 000,001,322 | ---- | C | MD5 = 1065ADA449597246AE128F89A8FCFFC4] ()
PsisDecd.dll -> C:\WINDOWS\System32\PsisDecd.dll -> [2009.02.10 18:50:49 | 000,363,520 | ---- | C | MD5 = DDDF89DA936673F1745AD0E48368B47D] ()
_psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2009.02.10 18:36:39 | 000,198,144 | ---- | C | MD5 = DCCF363DADFCF9BC838C7F81702A51B7] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009.02.07 16:35:09 | 000,000,116 | ---- | C | MD5 = 5866F5AC5FA90002CC1275789B715A60] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009.02.03 00:21:42 | 000,000,400 | ---- | C | MD5 = 3501B357A20CDDA7BD0D01EAD7561ADC] ()
NC_INST.DLL -> C:\WINDOWS\System32\NC_INST.DLL -> [2009.02.02 23:08:04 | 000,020,992 | ---- | C | MD5 = D5D9C2E4D42783EDB23D42999EA77E78] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006.06.29 15:58:52 | 000,030,808 | ---- | C | MD5 = A6AFBC3436A20A7834D45CDE9D69926C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006.06.29 15:53:56 | 000,026,489 | ---- | C | MD5 = D6B2075824BA9FAA4B37D98B13447F32] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006.04.18 16:39:28 | 000,029,779 | ---- | C | MD5 = B77AB4697B17FBBB25E41A15CC31D94E] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006.04.18 16:39:28 | 000,026,040 | ---- | C | MD5 = B7F882C45E520600053327AA42FA3A4F] ()
hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2005.06.02 00:01:02 | 000,077,824 | ---- | C | MD5 = BD8493E1F078593EA487F451A094FB97] ()
RMDevice.dll -> C:\WINDOWS\System32\RMDevice.dll -> [2005.01.21 13:02:00 | 000,013,312 | ---- | C | MD5 = D8F57D5EF9BFCB09CD5EBF3D2CB7FAA1] ()
giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [1996.04.03 21:33:26 | 000,005,248 | ---- | C | MD5 = 77EBF3E9386DAA51551AF429052D88D0] ()

[File - Lop Check]
BVRP Software -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software -> [2009.08.19 20:52:35 | 000,000,000 | ---D | M]
CanonBJ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ -> [2009.08.10 14:57:09 | 000,000,000 | -H-D | M]
CanonIJ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ -> [2010.02.28 14:57:31 | 000,000,000 | ---D | M]
CanonIJEPPEX -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX -> [2009.08.10 15:40:22 | 000,000,000 | -H-D | M]
CanonIJMyPrinter -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter -> [2009.08.10 15:04:27 | 000,000,000 | -H-D | M]
CanonIJPLM -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM -> [2010.08.08 22:09:32 | 000,000,000 | ---D | M]
CanonIJScan -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan -> [2010.02.28 14:25:28 | 000,000,000 | -H-D | M]
CanonIJSolutionMenu -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu -> [2009.08.10 15:06:35 | 000,000,000 | -H-D | M]
ICQ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ -> [2009.02.03 22:35:50 | 000,000,000 | ---D | M]
MAGIX -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX -> [2009.12.27 14:36:16 | 000,000,000 | ---D | M]
Messenger Plus! -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! -> [2010.07.03 22:04:35 | 000,000,000 | ---D | M]
PPLiveVA -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLiveVA -> [2009.02.08 18:09:07 | 000,000,000 | ---D | M]
Ralink Driver -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver -> [2009.02.02 23:27:58 | 000,000,000 | ---D | M]
RoboForm -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm -> [2009.02.03 19:01:38 | 000,000,000 | ---D | M]
TEMP -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP -> [2010.07.23 08:12:44 | 000,000,000 | ---D | M]
TuneUp Software -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software -> [2009.02.03 00:02:56 | 000,000,000 | ---D | M]
{55A29068-F2CE-456C-9148-C869879E2357} -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} -> [2009.02.03 00:02:39 | 000,000,000 | -HSD | M]
{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009.08.19 22:36:47 | 000,000,000 | ---D | M]
ACD Systems -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\ACD Systems -> [2009.02.03 00:27:44 | 000,000,000 | ---D | M]
Canon -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Canon -> [2010.02.28 14:25:29 | 000,000,000 | ---D | M]
COMPUTERBILD-Abzockschutz -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\COMPUTERBILD-Abzockschutz -> [2009.09.27 17:38:46 | 000,000,000 | ---D | M]
DasTelefonbuch Deutschland -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\DasTelefonbuch Deutschland -> [2009.02.03 01:03:43 | 000,000,000 | ---D | M]
DVDVideoSoftIEHelpers -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\DVDVideoSoftIEHelpers -> [2010.05.01 16:26:27 | 000,000,000 | ---D | M]
gtk-2.0 -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\gtk-2.0 -> [2009.10.06 23:26:16 | 000,000,000 | ---D | M]
ICQ -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\ICQ -> [2009.02.04 15:16:18 | 000,000,000 | ---D | M]
MAGIX -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\MAGIX -> [2009.08.14 22:23:44 | 000,000,000 | ---D | M]
MSNInstaller -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\MSNInstaller -> [2009.02.03 15:51:04 | 000,000,000 | ---D | M]
MyPhoneExplorer -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\MyPhoneExplorer -> [2009.02.04 20:24:24 | 000,000,000 | ---D | M]
Netscape -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Netscape -> [2009.08.14 22:51:19 | 000,000,000 | ---D | M]
Ogpili -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Ogpili -> [2010.07.15 06:56:22 | 000,000,000 | ---D | M]
Opera -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Opera -> [2009.02.05 10:29:12 | 000,000,000 | ---D | M]
Panasonic -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Panasonic -> [2009.12.27 14:35:13 | 000,000,000 | ---D | M]
Photodex -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Photodex -> [2009.08.14 22:50:43 | 000,000,000 | ---D | M]
PPLiveVA -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\PPLiveVA -> [2009.02.08 18:02:28 | 000,000,000 | ---D | M]
PTV AG -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\PTV AG -> [2009.12.27 14:33:38 | 000,000,000 | ---D | M]
Songbird2 -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Songbird2 -> [2009.04.21 21:39:01 | 000,000,000 | ---D | M]
Sony -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Sony -> [2009.08.19 20:46:59 | 000,000,000 | ---D | M]
TuneUp Software -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\TuneUp Software -> [2009.02.03 00:03:14 | 000,000,000 | ---D | M]
TVG -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\TVG -> [2009.02.03 01:03:43 | 000,000,000 | ---D | M]
WEBDE -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\WEBDE -> [2009.05.14 16:04:35 | 000,000,000 | ---D | M]
Wifu -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\Wifu -> [2010.07.14 21:08:02 | 000,000,000 | ---D | M]
YahooToolbar -> C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\YahooToolbar -> [2010.07.23 16:00:43 | 000,000,000 | ---D | M]
X10 Commander -> C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander -> [2009.02.10 18:39:14 | 000,000,000 | ---D | M]
1-Klick-Wartung.job -> C:\WINDOWS\Tasks\1-Klick-Wartung.job -> [2010.08.09 20:00:01 | 000,000,496 | ---- | M | MD5 = 8667A32542E17EB205A5CA30FD875A6B] ()

[File - Purity Scan]

[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
Restore point Set: OTS Restore Point (0)
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
< %systemroot%\system32\ws2help.dll /md5 >
ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -> C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 07:52:34 | 000,019,968 | ---- | M | MD5 = C7D8A0517CBF16B84F657DE87EBE9D4B] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-08-03 21:15:59 ->
< End of report >
[/code]

Alt 09.08.2010, 20:11   #15
Larusso
/// Selecta Jahrusso
 
AntiVir Pro Solution- ist es noch da? - Standard

AntiVir Pro Solution- ist es noch da?



http://www.trojaner-board.de/89268-a...tml#post552725 << klick
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu AntiVir Pro Solution- ist es noch da?
100%, anti-malware, antimalware, antivir, bild, blöd, datei, dateien, desktop, einstellungen, explorer, explorer.exe, fehler, geblockt, heuristics.reserved.word.exploit, malware.gen, microsoft, nicht öffnen, problem, programme, riskware.tool.ck, rkill, scan, seite, software, super, system, temp, trojan.agent, windows, windows media player



Ähnliche Themen: AntiVir Pro Solution- ist es noch da?


  1. Antivir Solution Pro problem
    Log-Analyse und Auswertung - 17.08.2010 (8)
  2. Haben Antivir-Solution auf dem Computer und kannWindows nicht neu installieren
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (6)
  3. Security Tool&Antivir Solution Pro - ich kriege es nicht gelöscht :(
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (9)
  4. Internetprobleme nach Antivir Solution Pro
    Log-Analyse und Auswertung - 11.08.2010 (1)
  5. Antivir Solution Pro - Schwierigkeiten mit der Entfernung
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (3)
  6. Antivir Solution Pro - entfernt, aber ist mein Rechner wirklich sauber?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (17)
  7. Antivir Solution Pro, Fraud.Sysguard entfernt nach Anleitung - nun Kontrolle
    Log-Analyse und Auswertung - 31.07.2010 (46)
  8. Antivir Solution Pro entfernt - was muss noch entfernt werden?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (22)
  9. Antivir Solution Pro auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (51)
  10. Antivir Solution Pro entfernt - PC langsam - [OTL abgestürzt!]
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (10)
  11. Antivir Solution Pro rkill funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (6)
  12. Antivir Solution Pro, was tun?
    Plagegeister aller Art und deren Bekämpfung - 22.07.2010 (16)
  13. Antivir Solution Pro
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (2)
  14. Malware LOG gegen Antivir solution pro
    Log-Analyse und Auswertung - 20.07.2010 (2)
  15. Antivir Solution Pro entfernen
    Anleitungen, FAQs & Links - 15.07.2010 (3)
  16. Spy Hunter und Antivir Pro Solution
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (1)
  17. Antivir Solution Pro - keine Programme mehr verwendbar und nervige Fenster tauchen auf!
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (4)

Zum Thema AntiVir Pro Solution- ist es noch da? - Hallo, zuerst muss ich sagen, dass ich es super finde, dass es euch gibt und wie gut ihr hier helft. Nun zu meinem Problem: Vorhin ging plötzlich das Fenster von - AntiVir Pro Solution- ist es noch da?...
Archiv
Du betrachtest: AntiVir Pro Solution- ist es noch da? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.