Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.09.2010, 19:03   #1
saccharid
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



'C:\WINDOWS\cidamapi.dll'
Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes 'BDS\Papras.QN'
Ausgeführte Aktion: Zugriff verweigern

Ich habe seit 2 Tagen immer wieder Meldungen dieser Art durch AVir.

Anbei logfiles Malwarebyte und OTL-Dateien. Was ist zu tun? Desinfizierung durch Antimalware?



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4610

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14.09.2010 00:36:57
mbam-log-2010-09-14 (00-36-57)

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331283
Laufzeit: 1 Stunde(n), 20 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 147
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 20
Infizierte Dateien: 72

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\FunWebProducts\Data\Ulrike (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> No action taken.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Dokumente und Einstellungen\Ulrike\Eigene Dateien\Eigene Dateien\shoot.EXE (Joke.Winshoot) -> No action taken.
C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\00023C15 (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\000C0F95 (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0012867E (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\00128A66.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0012AE3A.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0012AFDF.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0012B166.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0013378E.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\00133982.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\00133BF3.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\00133DF6.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0019FC09.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0019FDEE.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\0019FF36.bin (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.09.2010 22:20:57 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 151,37 Gb Total Space | 30,97 Gb Free Space | 20,46% Space Free | Partition Type: NTFS
Drive D: | 146,71 Gb Total Space | 95,44 Gb Free Space | 65,05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\QIP Infium\infium.exe (QIP)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Steam\steam.exe (Valve Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (lxdu_device) -- C:\WINDOWS\System32\lxducoms.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3746.dll ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (zlportio) -- C:\Dokumente und Einstellungen\****\Desktop\ultrastar\zlportio.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\WINDOWS\system32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (AVMUNET) -- C:\WINDOWS\system32\drivers\avmunet.sys (AVM GmbH)
DRV - (ATHFMWDL) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys (Windows (R) 2000 DDK provider)
DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys (Atheros Communications, Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yodl.de/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.metallicamp.de/|hxxp://www.schülervz.de/|hxxp://eschweger-ruderverein.de/|hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.01.01 00:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.09 19:24:46 | 000,000,000 | ---D | M]
 
[2008.07.21 23:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2010.09.13 15:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions
[2009.09.03 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.02 22:15:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.07.03 23:15:32 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009.11.06 22:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\moveplayer@movenetworks.com
[2010.09.13 22:18:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.06.29 14:41:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Programme\Mozilla Firefox\plugins\NPOP7PlugIn.dll
[2006.01.01 00:41:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.07.29 20:37:20 | 000,001,674 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\clipfish.xml
[2008.07.29 20:37:20 | 000,000,908 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conrad.xml
[2008.07.29 20:37:20 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml
[2006.01.01 00:41:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2006.01.01 00:41:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2008.07.29 20:37:20 | 000,000,942 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\musicload.xml
[2008.07.29 20:37:20 | 000,002,015 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\myvideo.xml
[2008.07.29 20:37:20 | 000,001,918 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\otto.xml
[2008.07.29 20:37:20 | 000,000,653 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\quelle.xml
[2008.07.29 20:37:20 | 000,001,224 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\telefonbuch-de.xml
[2008.07.29 20:37:20 | 000,002,440 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webnews.xml
[2006.01.01 00:41:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.01.01 00:41:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL File not found
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [My Web Search Bar] C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NI.UWA6PU_0001_N91M2107] C:\Dokumente und Einstellungen\****\Desktop\Downloads\WinAntiVirusPro2006FreeInstall_de.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SkyTel] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Infium] C:\Programme\QIP Infium\infium.exe (QIP)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
O4 - HKCU..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\802.11g Wireless Client Utility.lnk = C:\Programme\TRENDware\TEW444UB\WLACU.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TEW-444UB Wireless Client Utility.lnk = C:\Programme\TRENDnet\TEW-444UB Wireless Client Utility\UMCCfg.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.20 14:25:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{545fbfa0-aa7c-11dc-bf3d-0014d1c1cb85}\Shell - "" = AutoRun
O33 - MountPoints2\{545fbfa0-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{545fbfa0-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{545fbfa2-aa7c-11dc-bf3d-0014d1c1cb85}\Shell - "" = AutoRun
O33 - MountPoints2\{545fbfa2-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{545fbfa2-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{688c0d76-30d7-11dd-bfeb-0014d1c1cb85}\Shell - "" = AutoRun
O33 - MountPoints2\{688c0d76-30d7-11dd-bfeb-0014d1c1cb85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{688c0d76-30d7-11dd-bfeb-0014d1c1cb85}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{7882c6c1-1f30-11dc-8ae2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7882c6c1-1f30-11dc-8ae2-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7882c6c1-1f30-11dc-8ae2-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{acc91ba6-2308-11dc-98bf-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{acc91ba6-2308-11dc-98bf-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acc91ba6-2308-11dc-98bf-806d6172696f}\Shell\AutoRun\command - "" = E:\ASUSACPI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: arpsmss - (C:\WINDOWS\cidamapi.dll) - C:\WINDOWS\cidamapi.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.13 22:14:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2010.09.13 22:13:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.13 22:13:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.13 22:13:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.13 22:13:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.09 19:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.08.31 18:38:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\cache
[2010.08.31 18:34:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\FullTiltPoker
[2010.08.31 18:34:22 | 000,000,000 | ---D | C] -- C:\Programme\Full Tilt Poker
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.13 22:13:57 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 22:50:34 | 014,680,064 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\NTUSER.DAT
[2010.09.12 22:50:34 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini
[2010.09.09 22:15:12 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\blasenschwäche monsters.doc
[2010.09.09 19:24:46 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.09 19:03:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.09 19:01:05 | 000,046,592 | ---- | M] () -- C:\WINDOWS\cidamapi.dll
[2010.09.06 21:19:12 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010.09.03 17:47:08 | 000,036,864 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Skiurlaub.doc
[2010.09.02 22:05:00 | 003,979,664 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\D_B21u.pdf
[2010.08.31 18:34:38 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Full Tilt Poker.lnk
[2010.08.23 23:02:19 | 000,038,400 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\eragon leseprobe.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.13 22:13:57 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.09 19:24:46 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.09 19:01:05 | 000,046,592 | ---- | C] () -- C:\WINDOWS\cidamapi.dll
[2010.09.03 17:47:07 | 000,036,864 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Skiurlaub.doc
[2010.09.02 22:05:00 | 003,979,664 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\D_B21u.pdf
[2010.09.01 22:36:21 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\blasenschwäche monsters.doc
[2010.08.31 18:34:38 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Full Tilt Poker.lnk
[2010.01.23 02:37:01 | 000,000,279 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.12.05 23:13:21 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2009.11.07 18:18:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.09.26 00:20:28 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.09.17 21:23:02 | 000,000,558 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009.05.23 11:38:50 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.23 11:38:50 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PnkBstrK.sys
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.03.01 18:38:07 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.08.06 01:45:11 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.06 01:45:10 | 000,033,280 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.07.21 18:37:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.07.02 16:02:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.06.29 16:49:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007.06.29 16:37:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.25 12:56:20 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007.06.25 12:51:04 | 000,020,771 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.06.25 12:51:04 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.06.25 12:50:57 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.06.20 15:21:44 | 000,088,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAUSB.SYS
[2007.06.20 15:12:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll
[2006.11.16 17:16:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.11.16 17:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002.03.21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002.03.21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002.03.21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002.03.21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002.03.21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002.03.21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
 
========== LOP Check ==========
 
[2009.03.15 20:15:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5600-6600 Series
[2007.06.20 15:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2009.05.23 11:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2009.12.05 22:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010.06.29 22:58:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2009.03.15 20:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\5600-6600 Series
[2007.06.20 15:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ACD Systems
[2007.12.31 16:12:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FunWebProducts
[2010.05.24 18:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GNU Solfege
[2008.11.21 23:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQ
[2008.07.29 19:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQ Toolbar
[2007.06.29 16:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQLite
[2009.05.23 11:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\id Software
[2009.03.16 18:20:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Lexmark Productivity Studio
[2010.03.02 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org
[2008.11.05 17:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\QIP
[2008.07.07 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\REAPER
[2009.05.18 20:55:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Recorder
[2010.01.23 11:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SPORE
[2008.11.11 23:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TeamViewer
[2010.05.27 17:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Teeworlds
[2008.08.15 17:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Warsow
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.09.2010 22:31:30 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 151,37 Gb Total Space | 30,96 Gb Free Space | 20,46% Space Free | Partition Type: NTFS
Drive D: | 146,71 Gb Total Space | 95,44 Gb Free Space | 65,05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" (Mozilla Corporation)
htmlfile [opennew] -- "C:\Programme\Mozilla Firefox\firefox.exe" (Mozilla Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58327:TCP" = 58327:TCP:*:Disabled:Skat-Online TCP
"43319:UDP" = 43319:UDP:*:Disabled:Skat-Online UDP
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Programme\THQ\Titan Quest\Titan Quest.exe" = C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\Microsoft Games\Age of Mythology\aomx.exe" = C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\BlueByte\BBGC\BBGChan.exe" = C:\BlueByte\BBGC\BBGChan.exe:*:Enabled:BBGChan -- ()
"C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- ()
"C:\Programme\Metin2_Germany\metin2.bin" = C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2 -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin" = C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin:*:Enabled:metin2 -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe" = C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe" = C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader -- (Joymax)
"C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv -- File not found
"C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Programme\QIP Infium\infium.exe" = C:\Programme\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe" = C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe:*:Enabled:Lexmark Device Monitor -- File not found
"C:\Programme\Lexmark 5600-6600 Series\frun.exe" = C:\Programme\Lexmark 5600-6600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- File not found
"C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe" = C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe:*:Enabled:Fax software -- File not found
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe" = C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\maxga\SnowBoundOnline\Run.exe" = C:\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\devolo\informer\devinf.exe" = C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer -- (devolo AG)
"C:\Programme\maxga\SnowBoundOnline\Run.exe" = C:\Programme\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online -- ()
"C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe" = C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe:*:Enabled:1_Longju3 & Tunamt2 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe" = C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe:*:Enabled:longju3_and_tunamt2 -- ()
"C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe" = C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe:*:Enabled:Worms World Party -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe" = C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe:*:Enabled:quake3 -- File not found
"D:\Programme\COD 4\game\iw3mp.exe" = D:\Programme\COD 4\game\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"D:\Programme\quake\quake3.exe" = D:\Programme\quake\quake3.exe:*:Enabled:quake3 -- ()
"D:\Programme\wc3\Warcraft III.exe" = D:\Programme\wc3\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin" = C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin:*:Enabled:metin2client -- ()
"C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E66C7FF-F827-4AEF-A998-932EA824998B}" = Aqua Real
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online v2.0
"{2CEA7E55-D41E-4D58-91FB-E14F1FD690AE}" = And Yet It Moves
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32A3A4F4-B792-11D6-A78A-00B0D0160010}" = Java(TM) SE Development Kit 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = o2 Surf Box mini
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80C7431E-CB45-40F4-AB4E-090E8AD4706D}" = AudialsOne
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EC3DC60-AD23-4DB6-866A-9D59FC75C3A2}" = 802.11g Driver and Client Applications
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7AAB3EA-BF72-494E-BCF4-8BA9A068982A}" = TEW-444UB Wireless Client Utility
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CBE5272C-CE7D-42D0-B531-D386F6E11774}" = Crazy Machines - Neue Herausforderungen Demo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F2DD7B9B-4384-4131-A79C-804D6E0564BD}" = USB Mass Storage Reader
"{F5C521B6-1AF2-432C-A061-E79E2141A32F}" = Quake Live Mozilla Plugin
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"AudioRecorder" = AudioRecorder
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B707EEAE-DCAF-448F-8A9D-05FADD5236B4" = Prof. Genius Logiktrainer
"Blue Byte Game Channel" = Blue Byte Game Channel
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Custom Mod : Lilith v0.98_is1" = Custom Mod : Lilith v0.98
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"Eets" = Eets
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 5.9
"Genius Move" = Genius Move
"GNU Solfege_is1" = GNU Solfege 3.14.11
"Google Updater" = Google Updater
"Guild Wars" = GUILD WARS
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Hamachi" = Hamachi 1.0.3.0
"HyperCam 2" = HyperCam 2
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterActual Player" = InterActual Player
"Lilith The Will of Demon : Battles of Jalavia Ma~52337B8F_is1" = Lilith The Will of Demon : Battles of Jalavia Masteries Edition
"Lilith The Will of Demon : Difficulty Changer_is1" = Lilith The Will of Demon : Difficulty Changer v1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWebSearch bar Uninstall" = My Web Search (Smiley Central)
"Nero - Burning Rom!UninstallKey" = Nero 6
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OPERATION7" = OPERATION7
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"QIP 8070_neu Jeak Edition" = QIP 8070_neu Jeak Edition
"QIP2005" = QIP 2005 Uninstall
"REAPER" = REAPER
"Registry Mechanic_is1" = Registry Mechanic 7.0
"S4Uninst" = Die Siedler IV
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silkroad" = Silkroad
"ST6UNST #1" = Recorder
"Steam App 10" = Counter-Strike
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 400" = Portal
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Titan Quest Screensaver" = Titan Quest Screensaver
"TmNationsForever_is1" = TmNationsForever
"TQVault_is1" = TQVault 2.11
"UT2004" = Unreal Tournament 2004
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"QIP Infium" = QIP Infium 2.0.9030 RC4
"sc09-ORF_MAIN" = ORF-Ski Challenge 2009
"Skat-Online V7" = Skat-Online V7
"Steam App 10" = Counter-Strike
"World of Warcraft Trial" = Probeversion von World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2005 18:03:51 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:03:51 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:03:51 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:01:51 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:01:51 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:01:52 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:02:35 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:02:35 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 31.12.2005 18:02:35 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
 
Error - 13.09.2010 15:27:18 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teamspeak.exe, Version 2.0.32.60, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
[ System Events ]
Error - 31.12.2005 18:01:23 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
 
Error - 31.12.2005 18:01:38 | Computer Name = *** | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +148158752
Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal
+54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone
korrekt sind und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.220.108:123->207.46.197.32:123)
funktionsfähig ist.
 
Error - 11.09.2010 13:15:04 | Computer Name = *** | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
 
Error - 11.09.2010 13:15:41 | Computer Name = *** | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.220.108 über 
die Netzwerkkarte mit der Netzwerkadresse 0017315ED6AE ist verloren gegangen.
 
Error - 11.09.2010 13:15:41 | Computer Name = *** | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 5.169.84.195 über die
Netzwerkkarte mit der Netzwerkadresse 7A7905A954C3 ist verloren gegangen.
 
Error - 12.09.2010 08:23:25 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
 
Error - 31.12.2005 18:02:02 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
 
Error - 13.09.2010 09:45:25 | Computer Name = *** | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.220.108 über 
die Netzwerkkarte mit der Netzwerkadresse 0017315ED6AE ist verloren gegangen.
 
Error - 13.09.2010 09:45:25 | Computer Name = *** | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 5.169.84.195 über die
Netzwerkkarte mit der Netzwerkadresse 7A7905A954C3 ist verloren gegangen.
 
Error - 13.09.2010 09:45:59 | Computer Name = *** | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
 
 
< End of report >
         
--- --- ---


Vorab schon Vielen Dank für eure Hilfe,
saccharid

Alt 14.09.2010, 20:40   #2
kira
/// Helfer-Team
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
1.
- Lade dir RSIT - 2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Lade und installiere das Tool RootRepeal herunter
  • setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
  • "Stealth Objects" -> "Scan"-> Save Report"...
  • "Hidden Services" -> "Scan"-> Save Report"...
  • speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________


Alt 15.09.2010, 20:31   #3
saccharid
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



Hallo, danke für deine Unterstützung,

Schon vor deinem Posting habe ich mit Malwarebytes Anti-Malware gefundene Infizierungen in Quarantäne übernommen. Problem besteht jedoch weiterhin.

Hier die log datei von malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4615

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14.09.2010 21:48:44
mbam-log-2010-09-14 (21-48-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331617
Laufzeit: 1 Stunde(n), 52 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 147
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 20
Infizierte Dateien: 73

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popu***creensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts\Data\*** (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\shoot.EXE (Joke.Winshoot) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00023C15 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\000C0F95 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0012867E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00128A66.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0012AE3A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0012AFDF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0012B166.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0013378E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00133982.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00133BF3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00133DF6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0019FC09.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0019FDEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0019FF36.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\Thumbs.db (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
         
Nun zu 1.
log.txt
[code]
RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by admin at 2010-09-14 22:38:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (20%) free of 155 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:16, on 14.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\admin\Eigene Dateien\ccleaner\RSIT.exe
C:\Programme\trend micro\admin.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 802.11g Wireless Client Utility.lnk = ?
O4 - Global Startup: TEW-444UB Wireless Client Utility.lnk = ?
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5588 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-08 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-03-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-06-20 577536]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-01-11 246504]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
802.11g Wireless Client Utility.lnk - C:\Programme\TRENDware\TEW444UB\WLACU.exe
TEW-444UB Wireless Client Utility.lnk - C:\Programme\TRENDnet\TEW-444UB Wireless Client Utility\UMCCfg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Programme\THQ\Titan Quest\Titan Quest.exe"="C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\Programme\Xfire\Xfire.exe"="C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Programme\Microsoft Games\Age of Mythology\aomx.exe"="C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\BlueByte\BBGC\BBGChan.exe"="C:\BlueByte\BBGC\BBGChan.exe:*:Enabled:BBGChan"
"C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe"="C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit"
"C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2"
"C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin"="C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin:*:Enabled:metin2"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe"="C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\QIP\qip.exe"="C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe"="C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader"
"C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe"="C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe"="C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv"
"C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe"="C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Programme\QIP Infium\infium.exe"="C:\Programme\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe"="C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Programme\Lexmark 5600-6600 Series\frun.exe"="C:\Programme\Lexmark 5600-6600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe"="C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe:*:Enabled:Fax software"
"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe"="C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\maxga\SnowBoundOnline\Run.exe"="C:\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\devolo\informer\devinf.exe"="C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Programme\maxga\SnowBoundOnline\Run.exe"="C:\Programme\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online"
"C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe"="C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe:*:Enabled:1_Longju3 & Tunamt2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe"="C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe:*:Enabled:longju3_and_tunamt2"
"C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe"="C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe:*:Enabled:Worms World Party"
"C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe"="C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe:*:Enabled:quake3"
"D:\Programme\COD 4\game\iw3mp.exe"="D:\Programme\COD 4\game\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"D:\Programme\quake\quake3.exe"="D:\Programme\quake\quake3.exe:*:Enabled:quake3"
"D:\Programme\wc3\Warcraft III.exe"="D:\Programme\wc3\Warcraft III.exe:*:Enabled:Warcraft III"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin"="C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin:*:Enabled:metin2client"
"C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe"="C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-14 22:38:11 ----D---- C:\rsit
2010-09-14 22:38:11 ----D---- C:\Programme\trend micro
2010-09-14 22:24:53 ----RD---- C:\32788R22FWJFW
2010-09-14 22:15:40 ----A---- C:\TDSSKiller.2.4.2.1_14.09.2010_22.15.40_log.txt
2010-09-14 21:58:43 ----D---- C:\Programme\CCleaner
2010-09-14 21:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-14 21:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-14 21:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-14 21:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-14 21:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-14 21:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-14 21:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-14 21:56:21 ----D---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\GlarySoft
2010-09-14 21:54:41 ----D---- C:\Programme\Glary Utilities
2010-09-14 21:53:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2010-09-14 21:51:10 ----D---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes
2010-09-13 22:13:54 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-13 22:13:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-13 22:13:51 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-09-13 22:13:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-09 19:23:58 ----D---- C:\Programme\Adobe
2010-09-09 19:01:05 ----A---- C:\WINDOWS\cidamapi.dll
2010-08-31 18:34:22 ----D---- C:\Programme\Full Tilt Poker

======List of files/folders modified in the last 1 months======

2010-09-14 22:38:11 ----RD---- C:\Programme
2010-09-14 22:30:11 ----D---- C:\Programme\Gemeinsame Dateien\Akamai
2010-09-14 22:30:01 ----D---- C:\WINDOWS\Temp
2010-09-14 22:30:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-14 22:15:40 ----D---- C:\WINDOWS\system32\drivers
2010-09-14 22:03:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-09-14 22:03:25 ----D---- C:\WINDOWS\system32
2010-09-14 22:03:25 ----D---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Adobe
2010-09-14 22:03:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-14 22:03:07 ----D---- C:\WINDOWS
2010-09-14 22:01:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-14 21:58:55 ----D---- C:\WINDOWS\Minidump
2010-09-14 21:58:55 ----D---- C:\WINDOWS\Debug
2010-09-14 21:58:32 ----D---- C:\WINDOWS\Prefetch
2010-09-14 21:58:26 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-14 21:58:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-14 21:58:21 ----D---- C:\WINDOWS\inf
2010-09-14 21:58:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-14 21:54:45 ----SD---- C:\WINDOWS\Tasks
2010-09-14 21:49:44 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-09-14 19:47:37 ----D---- C:\Programme\Steam
2010-09-09 19:25:10 ----SHD---- C:\WINDOWS\Installer
2010-09-09 19:25:05 ----SHD---- C:\Config.Msi
2010-09-09 19:24:36 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-09-09 19:23:51 ----D---- C:\WINDOWS\WinSxS
2010-09-09 19:03:51 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-01 21:38:42 ----D---- C:\Programme\PokerStars.NET
2010-08-17 15:17:06 ----A---- C:\WINDOWS\system32\spoolsv.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;VIA OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-05-01 43528]
R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]
R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-28 17801]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2008-11-28 35840]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-03 25280]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 RRNetCapMP;RRNetCapMP; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-11-16 37920]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 AR5523;802.11 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-02-24 285568]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2005-02-24 43392]
S3 AVMUNET;AVM FRITZ!Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-04-18 15104]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-06-29 88960]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 34048]
S3 RRNetCap;RRNetCap Service; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-03-02 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-23 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-23 107832]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-08-19 36864]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-02-10 3458548]
S3 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
         
--- --- ---


info.txt
[code]
info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.08 2010-09-14 22:38:17

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11g Driver and Client Applications-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8EC3DC60-AD23-4DB6-866A-9D59FC75C3A2}\Setup.exe" -l0x9  -removeonly
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 5.0 Standard-->MsiExec.exe /I{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Mythology Gold-->"C:\Programme\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
Akamai NetSession Interface-->C:\Programme\Gemeinsame Dateien\Akamai\uninstall.exe
And Yet It Moves-->MsiExec.exe /X{2CEA7E55-D41E-4D58-91FB-E14F1FD690AE}
Aqua Real-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E66C7FF-F827-4AEF-A998-932EA824998B}\setup.exe" -l0x9 
ASIO4ALL-->C:\Programme\ASIO4ALL v2\uninstall.exe
Audials TV-->MsiExec.exe /I{1A0B8239-664B-434A-99D8-C50793513249}
AudialsOne-->MsiExec.exe /X{80C7431E-CB45-40F4-AB4E-090E8AD4706D}
AudioRecorder-->C:\AudioSuite\AudioRecorder\UninstalAR.exe
Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Blue Byte Game Channel-->C:\WINDOWS\system32\rundll32.exe C:\BlueByte\BBGC\uninst.dll,Uninstall "Blue Byte Game Channel"
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Condition Zero Deleted Scenes-->"C:\Programme\Steam\steam.exe" steam://uninstall/100
Counter-Strike-->"C:\Programme\Steam\steam.exe" steam://uninstall/10
Crazy Machines - Neue Herausforderungen Demo-->MsiExec.exe /X{CBE5272C-CE7D-42D0-B531-D386F6E11774}
Custom Mod : Lilith v0.98-->"C:\WINDOWS\unins000.exe"
devolo dLAN-Konfigurationsassistent-->C:\Programme\devolo\setup.exe /remove:dlanconf
devolo Informer-->C:\Programme\devolo\setup.exe /remove:dslmon
Diablo II-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Diablo II\Uninstall.exe
Die Siedler IV-->C:\WINDOWS\IsUn0407.exe -f"C:\BlueByte\Die Siedler IV\uninst.isu" -c"C:\BlueByte\Die Siedler IV\BBINST.DLL"
Die Sims 2-->C:\Programme\EA GAMES\Die Sims 2\EAUninstall.exe
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eets-->C:\Programme\Klei Entertainment\Eets\uninst.exe
Free M4a to MP3 Converter 5.9-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"
Full Tilt Poker-->C:\Programme\Full Tilt Poker\uninstall.exe
Genius Move-->C:\WINDOWS\genius-uninst.exe C:\Programme\Genius Move
Glary Utilities 2.28.0.1011-->"C:\Programme\Glary Utilities\unins000.exe"
GNU Solfege 3.14.11-->"C:\Programme\GNU Solfege\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
GUILD WARS-->"C:\Programme\GUILD WARS\Gw.exe" -uninstall
Guitar Pro 5.0-->"C:\Programme\Guitar Pro 5\unins000.exe"
Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe
ICQ Toolbar-->regsvr32 /u /s "C:\Programme\ICQToolbar\toolbaru.dll" 
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lilith The Will of Demon : Battles of Jalavia Masteries Edition-->"C:\WINDOWS\unins001.exe"
Lilith The Will of Demon : Difficulty Changer v1.1-->"C:\WINDOWS\unins002.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.9)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 6-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
o2 Surf Box mini-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x7  -removeonly
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
OPERATION7-->"D:\Programme\operation7\uninstall.exe"
PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441}
PokerStars.net-->"C:\Programme\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Portal-->"C:\programme\steam\steam.exe" steam://uninstall/400
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QIP 2005 Uninstall-->"C:\Programme\QIP\unqip.exe"
QIP 8070_neu Jeak Edition-->C:\Programme\QIP\uninstall.exe
Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7  -removeonly
REAPER-->"C:\Programme\REAPER\Uninstall.exe"
Recorder-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Recorder\ST6UNST.LOG"  
Registry Mechanic 7.0-->"C:\Programme\Registry Mechanic\unins000.exe"
S4 League_EU-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9 
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Sid Meier's Pirates!-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1031 
Silkroad-->C:\Programme\Silkroad\Remove.Exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnowBound Online v2.0-->"C:\Programme\maxga\SnowBoundOnline\unins000.exe"
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SPORE™-->"C:\Programme\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
TEW-444UB Wireless Client Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A7AAB3EA-BF72-494E-BCF4-8BA9A068982A}\Setup.exe" -l0x9  -removeonly
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x7  -removeonly
Titan Quest Screensaver-->C:\Programme\Titan Quest Screensaver\Uninstall.exe
Titan Quest-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x7  -removeonly
TmNationsForever-->"C:\Programme\TmNationsForever\unins000.exe"
Unreal Tournament 2004-->C:\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update für Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update für Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
USB Mass Storage Reader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F2DD7B9B-4384-4131-A79C-804D6E0564BD}\Setup.exe" 
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6b-->C:\Programme\VideoLAN\VLC\uninstall.exe
Warsow 0.42-->"C:\Programme\Warsow\unins000.exe"
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_46A23DA005A38EDACA9A5DA30EC2FEBF00D83D18\amdk8.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Programme\Xfire\uninst.exe"

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: ***
Event Code: 18
Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: 
- Sicherheitsupdate für Windows XP (KB982665)
- Sicherheitsupdate für Windows XP (KB981997)
- Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830)
- Sicherheitsupdate für Windows XP (KB980436)
- Sicherheitsupdate für Windows XP (KB2160329)
- Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583)
- Sicherheitsupdate für Windows XP (KB2079403)
- Sicherheitsupdate für Windows XP (KB981852)
- Sicherheitsupdate für Windows XP (KB2115168)
- Sicherheitsupdate für Windows XP (KB982214)
- Kumulatives Sicherheitsupdate für Internet Explorer 6 unter Windows XP (KB2183461)

Record Number: 55892
Source Name: Windows Update Agent
Time Written: 20100812133722.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 18
Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: 
- Sicherheitsupdate für Windows XP (KB981997)
- Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830)
- Sicherheitsupdate für Windows XP (KB980436)
- Sicherheitsupdate für Windows XP (KB2160329)
- Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583)
- Sicherheitsupdate für Windows XP (KB2079403)
- Sicherheitsupdate für Windows XP (KB981852)
- Sicherheitsupdate für Windows XP (KB2115168)
- Sicherheitsupdate für Windows XP (KB982214)
- Kumulatives Sicherheitsupdate für Internet Explorer 6 unter Windows XP (KB2183461)

Record Number: 55891
Source Name: Windows Update Agent
Time Written: 20100812133717.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 18
Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: 
- Sicherheitsupdate für Windows XP (KB981997)
- Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830)
- Sicherheitsupdate für Windows XP (KB980436)
- Sicherheitsupdate für Windows XP (KB2160329)
- Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583)
- Sicherheitsupdate für Windows XP (KB2079403)
- Sicherheitsupdate für Windows XP (KB981852)
- Sicherheitsupdate für Windows XP (KB2115168)
- Sicherheitsupdate für Windows XP (KB982214)

Record Number: 55890
Source Name: Windows Update Agent
Time Written: 20100812133717.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 18
Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: 
- Sicherheitsupdate für Windows XP (KB981997)
- Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830)
- Sicherheitsupdate für Windows XP (KB980436)
- Sicherheitsupdate für Windows XP (KB2160329)
- Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583)
- Sicherheitsupdate für Windows XP (KB2079403)
- Sicherheitsupdate für Windows XP (KB981852)
- Sicherheitsupdate für Windows XP (KB982214)

Record Number: 55889
Source Name: Windows Update Agent
Time Written: 20100812133712.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 18
Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: 
- Sicherheitsupdate für Windows XP (KB981997)
- Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830)
- Sicherheitsupdate für Windows XP (KB980436)
- Sicherheitsupdate für Windows XP (KB2160329)
- Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583)
- Sicherheitsupdate für Windows XP (KB981852)
- Sicherheitsupdate für Windows XP (KB982214)

Record Number: 55888
Source Name: Windows Update Agent
Time Written: 20100812133712.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: ***
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 3235
Source Name: Avira AntiVir
Time Written: 20090318152657.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 1517
Message: Die Registrierung des Benutzers "***\***" wurde gespeichert, obwohl  eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. 


Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Record Number: 3234
Source Name: Userenv
Time Written: 20090318152531.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 1524
Message: Die Klassenregistrierungsdatei kann nicht entladen werden, da sie weiterhin von anderen Anwendungen bzw. Diensten verwendet wird. Die Datei wird entladen, wenn sie nicht mehr verwendet wird. 



Record Number: 3233
Source Name: Userenv
Time Written: 20090318152510.000000+060
Event Type: Warnung
User: ***\***

Computer Name: ***
Event Code: 1002
Message: Stillstehende Anwendung steam.exe, Version 1.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Record Number: 3232
Source Name: Application Hang
Time Written: 20090318151936.000000+060
Event Type: Fehler
User: 

Computer Name: ***
Event Code: 1002
Message: Stillstehende Anwendung lxdudiag.exe, Version 1.65.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Record Number: 3231
Source Name: Application Hang
Time Written: 20090318151512.000000+060
Event Type: Fehler
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=c:\Programme\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
         
--- --- ---
__________________

Alt 15.09.2010, 20:31   #4
saccharid
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



3.
hjtscanlist.txt
Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows XP [Version 5.1.2600]
 
 
C:

  14.09.2010 22:42      C:\rsit --------- 0 
  14.09.2010 22:38      C:\Programme --------- 0 
        C:\pagefile.sys ---------  
  14.09.2010 22:26      C:\32788R22FWJFW --------- 0 
  14.09.2010 22:15      C:\TDSSKiller.2.4.2.1_14.09.2010_22.15.40_log.txt --------- 35588 
  14.09.2010 22:03      C:\WINDOWS --------- 0 
  09.09.2010 19:25      C:\Config.Msi --------- 0 
  22.05.2010 15:09      C:\Temp --------- 0 
  16.05.2010 16:46      C:\NVIDIA --------- 0 
  19.04.2010 17:10      C:\ntldr --------- 251712 
  23.03.2010 20:37      C:\RECYCLER --------- 0 
  23.03.2010 20:36      C:\Dokumente und Einstellungen --------- 0 
  07.11.2009 16:10      C:\Program Files --------- 0 
  06.11.2009 22:15      C:\AudioSuite --------- 0 
  05.06.2009 19:38      C:\Fiaa --------- 0 
  27.03.2009 22:02      C:\BnetLog.txt --------- 1091 
  15.03.2009 20:16      C:\logs --------- 0 
  03.02.2009 21:46      C:\Games --------- 0 
  03.02.2009 21:43      C:\SIERRA --------- 0 
  22.12.2008 00:04      C:\CrashReport --------- 0 
  26.02.2008 18:30      C:\UT2004 --------- 0 
  17.07.2007 21:18      C:\BlueByte --------- 0 
  28.06.2007 09:58      C:\W-lan Traiber --------- 0 
  25.06.2007 12:59      C:\boot.ini --------- 223 
  20.06.2007 14:29      C:\System Volume Information --------- 0 
  20.06.2007 14:25      C:\MSDOS.SYS --------- 0 
  20.06.2007 14:25      C:\CONFIG.SYS --------- 0 
  20.06.2007 14:25      C:\IO.SYS --------- 0 
  20.06.2007 14:25      C:\AUTOEXEC.BAT --------- 0 
  04.08.2004 14:00      C:\bootfont.bin --------- 4952 
  04.08.2004 14:00      C:\NTDETECT.COM --------- 47564 
----------------------------------------

 
C:\WINDOWS

  14.09.2010 22:30     C:\WINDOWS\WindowsUpdate.log --------- 1422746 
  14.09.2010 22:29     C:\WINDOWS\0.log --------- 0 
  14.09.2010 22:29     C:\WINDOWS\wiadebug.log --------- 159 
  14.09.2010 22:29     C:\WINDOWS\wiaservc.log --------- 50 
  14.09.2010 22:29     C:\WINDOWS\bootstat.dat --------- 2048 
  14.09.2010 22:01     C:\WINDOWS\SchedLgU.Txt --------- 32622 
  09.09.2010 19:03     C:\WINDOWS\NeroDigital.ini --------- 202 
  09.09.2010 19:01     C:\WINDOWS\cidamapi.dll --------- 46592 
  06.09.2010 21:19     C:\WINDOWS\ALCFDRTM.VER --------- 60416 
  09.02.2010 18:45     C:\WINDOWS\popcinfot.dat --------- 39 
  23.01.2010 02:37     C:\WINDOWS\game.ini --------- 279 
  19.01.2010 23:36     C:\WINDOWS\Podcasts.INI --------- 118 
  07.11.2009 18:18     C:\WINDOWS\iPlayer.INI --------- 0 
  31.10.2009 22:29     C:\WINDOWS\system.ini --------- 231 
  17.09.2009 21:39     C:\WINDOWS\kaillera.ini --------- 558 
  06.07.2009 14:37     C:\WINDOWS\unins002.dat --------- 1173 
  06.07.2009 14:37     C:\WINDOWS\unins002.exe --------- 695578 
  18.05.2009 20:54     C:\WINDOWS\Setup1.exe --------- 249856 
  18.05.2009 20:54     C:\WINDOWS\ST6UNST.EXE --------- 73216 
  03.02.2009 21:43     C:\WINDOWS\SIERRA.INI --------- 164 
  26.12.2008 23:04     C:\WINDOWS\unins001.dat --------- 3202 
  26.12.2008 23:02     C:\WINDOWS\unins001.exe --------- 697862 
  30.10.2008 22:33     C:\WINDOWS\setupapi.log.0.old --------- 1028339 
  25.10.2008 13:46     C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt --------- 12900 
  14.04.2008 04:23     C:\WINDOWS\winhlp32.exe --------- 288768 
  14.04.2008 04:23     C:\WINDOWS\slrundll.exe --------- 32866 
  14.04.2008 04:22     C:\WINDOWS\regedit.exe --------- 153600 
  14.04.2008 04:22     C:\WINDOWS\notepad.exe --------- 70144 
  14.04.2008 04:22     C:\WINDOWS\hh.exe --------- 10752 
  14.04.2008 04:22     C:\WINDOWS\explorer.exe --------- 1036800 
  14.04.2008 04:22     C:\WINDOWS\twain_32.dll --------- 50688 
  28.12.2007 20:59     C:\WINDOWS\unins000.dat --------- 1774 
  28.12.2007 20:59     C:\WINDOWS\unins000.exe --------- 684476 
  17.08.2007 13:06     C:\WINDOWS\mozver.dat --------- 1274 
  21.07.2007 23:26     C:\WINDOWS\Titan Quest Screensaver.scr --------- 1312249 
  08.07.2007 17:00     C:\WINDOWS\genius-uninst.exe --------- 192512 
  02.07.2007 16:02     C:\WINDOWS\ODBC.INI --------- 400 
  02.07.2007 16:02     C:\WINDOWS\win.ini --------- 603 
  30.06.2007 19:07     C:\WINDOWS\ALCFDRTM.EXE --------- 60416 
  30.06.2007 14:20     C:\WINDOWS\WMSysPr9.prx --------- 316640 
  29.06.2007 14:41     C:\WINDOWS\nsreg.dat --------- 0 
  25.06.2007 13:01     C:\WINDOWS\AS_Debug.txt --------- 0 
  25.06.2007 13:01     C:\WINDOWS\Ascd_tmp.ini --------- 20771 
  20.06.2007 15:19     C:\WINDOWS\Sti_Trace.log --------- 0 
  20.06.2007 14:27     C:\WINDOWS\REGLOCS.OLD --------- 8192 
  20.06.2007 14:25     C:\WINDOWS\control.ini --------- 0 
  20.06.2007 14:25     C:\WINDOWS\ODBCINST.INI --------- 4161 
  20.06.2007 14:25     C:\WINDOWS\WindowsShell.Manifest --------- 749 
  20.06.2007 14:23     C:\WINDOWS\vb.ini --------- 36 
  20.06.2007 14:23     C:\WINDOWS\vbaddin.ini --------- 37 
  28.12.2006 21:01     C:\WINDOWS\002968_.tmp --------- 19569 
  20.06.2006 23:42     C:\WINDOWS\soundman.exe --------- 577536 
  20.03.2006 05:48     C:\WINDOWS\alcupd.exe --------- 315392 
  18.11.2005 05:20     C:\WINDOWS\Alcrmv.exe --------- 217088 
  04.08.2004 14:00     C:\WINDOWS\winnt.bmp --------- 48680 
  04.08.2004 14:00     C:\WINDOWS\SET3.tmp --------- 1014663 
  04.08.2004 14:00     C:\WINDOWS\Seifenblase.bmp --------- 65978 
  04.08.2004 14:00     C:\WINDOWS\SET4.tmp --------- 1086058 
  04.08.2004 14:00     C:\WINDOWS\SET8.tmp --------- 14043 
  04.08.2004 14:00     C:\WINDOWS\TASKMAN.EXE --------- 15872 
  04.08.2004 14:00     C:\WINDOWS\Rhododendron.bmp --------- 17362 
  04.08.2004 14:00     C:\WINDOWS\twain.dll --------- 94800 
  04.08.2004 14:00     C:\WINDOWS\Pr„riewind.bmp --------- 65954 
  04.08.2004 14:00     C:\WINDOWS\twunk_16.exe --------- 49680 
  04.08.2004 14:00     C:\WINDOWS\twunk_32.exe --------- 25600 
  04.08.2004 14:00     C:\WINDOWS\msdfmap.ini --------- 1405 
  04.08.2004 14:00     C:\WINDOWS\Kaffeetasse.bmp --------- 17062 
  04.08.2004 14:00     C:\WINDOWS\wmprfDEU.prx --------- 34818 
  04.08.2004 14:00     C:\WINDOWS\Granit.bmp --------- 26582 
  04.08.2004 14:00     C:\WINDOWS\F„cher.bmp --------- 26680 
  04.08.2004 14:00     C:\WINDOWS\Feder.bmp --------- 16730 
  04.08.2004 14:00     C:\WINDOWS\explorer.scf --------- 80 
  04.08.2004 14:00     C:\WINDOWS\winhelp.exe --------- 257568 
  04.08.2004 14:00     C:\WINDOWS\desktop.ini --------- 2 
  04.08.2004 14:00     C:\WINDOWS\clock.avi --------- 82944 
  04.08.2004 14:00     C:\WINDOWS\vmmreg32.dll --------- 18944 
  04.08.2004 14:00     C:\WINDOWS\winnt256.bmp --------- 48680 
  04.08.2004 14:00     C:\WINDOWS\Blaue Spitzen 16.bmp --------- 1272 
  04.08.2004 14:00     C:\WINDOWS\Zapotek.bmp --------- 9522 
  04.08.2004 14:00     C:\WINDOWS\Santa Fe-Stuck.bmp --------- 65832 
  04.08.2004 14:00     C:\WINDOWS\Angler.bmp --------- 17336 
  04.08.2004 14:00     C:\WINDOWS\_default.pif --------- 707 
  25.11.2002 15:57     C:\WINDOWS\AquaReal.scr --------- 811008 
  15.11.2002 17:56     C:\WINDOWS\SNVerifyDLL.dll --------- 131072 
  05.03.2002 12:30     C:\WINDOWS\Delvid.exe --------- 90149 
  04.03.2002 09:29     C:\WINDOWS\shutdownaware.exe --------- 69632 
  21.10.1998 18:43     C:\WINDOWS\IsUn0407.exe --------- 328704 
  06.11.1996 13:05     C:\WINDOWS\unin0407.exe --------- 302592 
  05.11.1996 17:13     C:\WINDOWS\uninst.exe --------- 299008 
----------------------------------------

 
C:\WINDOWS\System

 14.04.2008 04:23    C:\WINDOWS\System\winspool.drv --------- 146944 
 04.08.2004 14:00    C:\WINDOWS\System\AVIFILE.DLL --------- 109504 
 04.08.2004 14:00    C:\WINDOWS\System\COMMDLG.DLL --------- 33744 
 04.08.2004 14:00    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 
 04.08.2004 14:00    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 
 04.08.2004 14:00    C:\WINDOWS\System\MCIAVI.DRV --------- 73760 
 04.08.2004 14:00    C:\WINDOWS\System\MCISEQ.DRV --------- 25296 
 04.08.2004 14:00    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 
 04.08.2004 14:00    C:\WINDOWS\System\MMSYSTEM.DLL --------- 69632 
 04.08.2004 14:00    C:\WINDOWS\System\MMTASK.TSK --------- 1152 
 04.08.2004 14:00    C:\WINDOWS\System\MOUSE.DRV --------- 2032 
 04.08.2004 14:00    C:\WINDOWS\System\AVICAP.DLL --------- 70368 
 04.08.2004 14:00    C:\WINDOWS\System\OLECLI.DLL --------- 82944 
 04.08.2004 14:00    C:\WINDOWS\System\OLESVR.DLL --------- 24064 
 04.08.2004 14:00    C:\WINDOWS\System\setup.inf --------- 59167 
 04.08.2004 14:00    C:\WINDOWS\System\SHELL.DLL --------- 5120 
 04.08.2004 14:00    C:\WINDOWS\System\SOUND.DRV --------- 1744 
 04.08.2004 14:00    C:\WINDOWS\System\stdole.tlb --------- 5532 
 04.08.2004 14:00    C:\WINDOWS\System\SYSTEM.DRV --------- 3360 
 04.08.2004 14:00    C:\WINDOWS\System\TAPI.DLL --------- 19200 
 04.08.2004 14:00    C:\WINDOWS\System\TIMER.DRV --------- 4048 
 04.08.2004 14:00    C:\WINDOWS\System\VER.DLL --------- 9200 
 04.08.2004 14:00    C:\WINDOWS\System\VGA.DRV --------- 2176 
 04.08.2004 14:00    C:\WINDOWS\System\WFWNET.DRV --------- 13600 
 04.08.2004 14:00    C:\WINDOWS\System\MSVIDEO.DLL --------- 127104 
----------------------------------------

 
C:\WINDOWS\System32

 14.09.2010 22:30     C:\WINDOWS\system32\wpa.dbl --------- 13646 
 14.09.2010 22:30     C:\WINDOWS\system32\CatRoot2 --------- 0 
 14.09.2010 22:29     C:\WINDOWS\system32\NvApps.xml --------- 276202 
 14.09.2010 22:15     C:\WINDOWS\system32\drivers --------- 0 
 14.09.2010 22:03     C:\WINDOWS\system32\perfh009.dat --------- 435568 
 14.09.2010 22:03     C:\WINDOWS\system32\perfh007.dat --------- 452278 
 14.09.2010 22:03     C:\WINDOWS\system32\perfc009.dat --------- 68464 
 14.09.2010 22:03     C:\WINDOWS\system32\perfc007.dat --------- 81236 
 14.09.2010 22:03     C:\WINDOWS\system32\PerfStringBackup.INI --------- 1051876 
 14.09.2010 21:58     C:\WINDOWS\system32\MRT.exe --------- 35552200 
 14.09.2010 21:58     C:\WINDOWS\system32\dllcache --------- 0 
 14.09.2010 19:44     C:\WINDOWS\system32\FNTCACHE.DAT --------- 146016 
 17.08.2010 15:17     C:\WINDOWS\system32\spoolsv.exe --------- 58880 
 27.07.2010 08:29     C:\WINDOWS\system32\shell32.dll --------- 8503296 
 22.07.2010 17:48     C:\WINDOWS\system32\rpcrt4.dll --------- 590848 
 22.07.2010 08:19     C:\WINDOWS\system32\xpsp4res.dll --------- 5632 
 30.06.2010 14:28     C:\WINDOWS\system32\schannel.dll --------- 149504 
 24.06.2010 14:10     C:\WINDOWS\system32\wininet.dll --------- 672768 
 24.06.2010 14:10     C:\WINDOWS\system32\urlmon.dll --------- 628736 
 24.06.2010 14:10     C:\WINDOWS\system32\tdc.ocx --------- 61952 
 24.06.2010 14:10     C:\WINDOWS\system32\shdocvw.dll --------- 1509888 
 24.06.2010 14:10     C:\WINDOWS\system32\mshtml.dll --------- 3094016 
 24.06.2010 14:10     C:\WINDOWS\system32\iepeers.dll --------- 251904 
 24.06.2010 14:10     C:\WINDOWS\system32\ieencode.dll --------- 81920 
 24.06.2010 14:10     C:\WINDOWS\system32\browseui.dll --------- 1025024 
 24.06.2010 12:37     C:\WINDOWS\system32\html.iec --------- 371200 
 24.06.2010 11:02     C:\WINDOWS\system32\win32k.sys --------- 1852032 
 18.06.2010 19:44     C:\WINDOWS\system32\winsrv.dll --------- 293888 
 17.06.2010 16:03     C:\WINDOWS\system32\iccvid.dll --------- 80384 
 15.06.2010 18:16     C:\WINDOWS\system32\l3codecx.ax --------- 143422 
 14.06.2010 09:41     C:\WINDOWS\system32\msxml3.dll --------- 1172480 
 09.06.2010 09:43     C:\WINDOWS\system32\inetcomm.dll --------- 692736 
 27.05.2010 00:29     C:\WINDOWS\system32\TZLog.log --------- 850738 
 22.05.2010 15:04     C:\WINDOWS\system32\CatRoot --------- 0 
 16.05.2010 16:47     C:\WINDOWS\system32\ReinstallBackups --------- 0 
 28.04.2010 07:41     C:\WINDOWS\system32\ntoskrnl.exe --------- 2148864 
 28.04.2010 07:41     C:\WINDOWS\system32\ntkrnlpa.exe --------- 2027008 
 21.04.2010 15:28     C:\WINDOWS\system32\tzchange.exe --------- 46080 
 20.04.2010 07:29     C:\WINDOWS\system32\atmfd.dll --------- 285696 
 19.04.2010 21:27     C:\WINDOWS\system32\spupdwxp.log --------- 247 
 19.04.2010 21:26     C:\WINDOWS\system32\Setup --------- 0 
 19.04.2010 21:26     C:\WINDOWS\system32\wbem --------- 0 
 19.04.2010 17:14     C:\WINDOWS\system32\de-de --------- 0 
 19.04.2010 17:14     C:\WINDOWS\system32\usmt --------- 0 
 19.04.2010 17:14     C:\WINDOWS\system32\de --------- 0 
 19.04.2010 17:14     C:\WINDOWS\system32\bits --------- 0 
 19.04.2010 17:12     C:\WINDOWS\system32\Restore --------- 0 
 19.04.2010 17:12     C:\WINDOWS\system32\npp --------- 0 
 19.04.2010 17:12     C:\WINDOWS\system32\Com --------- 0 
 19.04.2010 17:11     C:\WINDOWS\system32\oobe --------- 0 
 16.04.2010 17:36     C:\WINDOWS\system32\usp10.dll --------- 406016 
 06.04.2010 04:52     C:\WINDOWS\system32\WMVCore.dll --------- 2462720 
 04.04.2010 00:55     C:\WINDOWS\system32\OpenCL.dll --------- 61440 
 04.04.2010 00:55     C:\WINDOWS\system32\nvcompiler.dll --------- 11647592 
 04.04.2010 00:55     C:\WINDOWS\system32\nvcuda.dll --------- 4075520 
 04.04.2010 00:55     C:\WINDOWS\system32\nvcodins.dll --------- 227944 
 04.04.2010 00:55     C:\WINDOWS\system32\nvcod.dll --------- 227944 
 04.04.2010 00:55     C:\WINDOWS\system32\nvudisp.exe --------- 600680 
 04.04.2010 00:55     C:\WINDOWS\system32\nvcuvenc.dll --------- 2646632 
 04.04.2010 00:55     C:\WINDOWS\system32\nvcuvid.dll --------- 2030184 
 04.04.2010 00:55     C:\WINDOWS\system32\nv4_disp.dll --------- 6432128 
 04.04.2010 00:55     C:\WINDOWS\system32\nvoglnt.dll --------- 14757888 
 04.04.2010 00:55     C:\WINDOWS\system32\nvdata.bin --------- 2183470 
 04.04.2010 00:55     C:\WINDOWS\system32\nvdisp.nvu --------- 25755 
 04.04.2010 00:55     C:\WINDOWS\system32\nvapi.dll --------- 1097728 
 04.04.2010 00:55     C:\WINDOWS\system32\nvinfo.pb --------- 9046 
 03.04.2010 19:23     C:\WINDOWS\system32\nvmccs.dll --------- 278120 
 03.04.2010 19:23     C:\WINDOWS\system32\nvmctray.dll --------- 110696 
 03.04.2010 19:23     C:\WINDOWS\system32\nvcolor.exe --------- 145000 
 03.04.2010 19:23     C:\WINDOWS\system32\nvsvc32.exe --------- 154216 
 03.04.2010 19:23     C:\WINDOWS\system32\nvcpl.dll --------- 13670504 
 03.04.2010 19:23     C:\WINDOWS\system32\nvrszht.dll --------- 126976 
 03.04.2010 19:23     C:\WINDOWS\system32\nvrszhc.dll --------- 229376 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsru.dll --------- 270336 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrspl.dll --------- 258048 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsno.dll --------- 253952 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsnl.dll --------- 274432 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrssv.dll --------- 253952 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsth.dll --------- 253952 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrstr.dll --------- 258048 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrspt.dll --------- 274432 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrssk.dll --------- 258048 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrssl.dll --------- 258048 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsptb.dll --------- 270336 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsit.dll --------- 282624 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsja.dll --------- 274432 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrshe.dll --------- 335872 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsfr.dll --------- 286720 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsfi.dll --------- 249856 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsko.dll --------- 266240 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsesm.dll --------- 274432 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrses.dll --------- 282624 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrseng.dll --------- 249856 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsel.dll --------- 282624 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsde.dll --------- 278528 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrshu.dll --------- 262144 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrscs.dll --------- 249856 
 03.04.2010 19:22     C:\WINDOWS\system32\nvwddi.dll --------- 81920 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsda.dll --------- 253952 
 03.04.2010 19:22     C:\WINDOWS\system32\nvrsar.dll --------- 335872 
----------------------------------------

 
C:\WINDOWS\Prefetch

 14.09.2010 22:44     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 12026 
 14.09.2010 22:43     C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 60202 
 14.09.2010 22:41     C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 16484 
 14.09.2010 22:40     C:\WINDOWS\Prefetch\AVWSC.EXE-1742FD55.pf --------- 34984 
 14.09.2010 22:39     C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 16258 
 14.09.2010 22:38     C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 69480 
 14.09.2010 22:31     C:\WINDOWS\Prefetch\AVSCAN.EXE-068A2CAC.pf --------- 82944 
 14.09.2010 22:31     C:\WINDOWS\Prefetch\INTEGRATOR.EXE-0419CCEF.pf --------- 59362 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\AVCENTER.EXE-377C5668.pf --------- 78914 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf --------- 17852 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf --------- 94416 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf --------- 71306 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 15528 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 64586 
 14.09.2010 22:30     C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1834914 
 14.09.2010 22:17     C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-170C935C.pf --------- 138342 
 14.09.2010 22:14     C:\WINDOWS\Prefetch\GUARDGUI.EXE-1FA25B88.pf --------- 52872 
 14.09.2010 22:04     C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf --------- 30748 
 14.09.2010 22:04     C:\WINDOWS\Prefetch\MBAM.EXE-11D8BBD8.pf --------- 74656 
 14.09.2010 22:03     C:\WINDOWS\Prefetch\ADOBEARM.EXE-237273D1.pf --------- 40192 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\WINDOWS-KB890830-V3.11-DELTA.-155B39EF.pf --------- 33310 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf --------- 54374 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\MRTSTUB.EXE-2F4A18B0.pf --------- 50788 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\UPDATE.EXE-0041C606.pf --------- 52534 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\UPDATE.EXE-12128BFE.pf --------- 57404 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\UPDATE.EXE-17E68E63.pf --------- 62596 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\UPDATE.EXE-3689DD23.pf --------- 65766 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\UPDATE.EXE-2EB5B28E.pf --------- 62342 
 14.09.2010 21:58     C:\WINDOWS\Prefetch\UPDATE.EXE-3494EEFF.pf --------- 57474 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UPDATE.EXE-0CCE61A3.pf --------- 52552 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf --------- 61256 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UPDATE.EXE-2542C29A.pf --------- 52888 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UPDATE.EXE-04FF49F9.pf --------- 53146 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UPDATE.EXE-31952853.pf --------- 55432 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UPDATE.EXE-0948B548.pf --------- 53258 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UPDATE.EXE-12DF9C36.pf --------- 61198 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\AU_.EXE-2EF87DA3.pf --------- 14800 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\MCCHSVC.EXE-15056CB3.pf --------- 60278 
 14.09.2010 21:57     C:\WINDOWS\Prefetch\UNINSTALL.EXE-083F13F7.pf --------- 15712 
 14.09.2010 21:56     C:\WINDOWS\Prefetch\MCUICNT.EXE-38ACF00B.pf --------- 55362 
 14.09.2010 21:56     C:\WINDOWS\Prefetch\SSSCHEDULER.EXE-04E2AAB1.pf --------- 11744 
 14.09.2010 21:56     C:\WINDOWS\Prefetch\JUCHECK.EXE-219F257F.pf --------- 56206 
 14.09.2010 21:56     C:\WINDOWS\Prefetch\SECURITYSCAN_RELEASE.EXE-37391F9F.pf --------- 28962 
 14.09.2010 21:56     C:\WINDOWS\Prefetch\CONTENTDATS.EXE-1CB41E09.pf --------- 13264 
 14.09.2010 21:56     C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf --------- 58646 
 14.09.2010 21:55     C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf --------- 93040 
 14.09.2010 21:55     C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 16498 
 14.09.2010 21:54     C:\WINDOWS\Prefetch\INSTALL_FLASH_PLAYER.EXE-3379A4A8.pf --------- 14644 
 14.09.2010 21:54     C:\WINDOWS\Prefetch\INITIALIZE.EXE-0B721C76.pf --------- 28122 
 14.09.2010 21:54     C:\WINDOWS\Prefetch\IS-UN73L.TMP-07AD2707.pf --------- 26098 
 14.09.2010 21:54     C:\WINDOWS\Prefetch\GUSETUP.EXE-2EAE992F.pf --------- 15238 
 14.09.2010 21:54     C:\WINDOWS\Prefetch\ASKINSTALLCHECKER.EXE-203ECA0E.pf --------- 26474 
 14.09.2010 21:53     C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE.EXE-20139700.pf --------- 69114 
 14.09.2010 21:53     C:\WINDOWS\Prefetch\SECURITYSCAN_RELEASE.EXE-022EA9CA.pf --------- 28462 
 14.09.2010 21:53     C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 43416 
 14.09.2010 21:52     C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE_REG.EXE-2D5B3FEA.pf --------- 26648 
 14.09.2010 21:52     C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22D2A6A0.pf --------- 96170 
 14.09.2010 21:52     C:\WINDOWS\Prefetch\UPDATE.EXE-33FE454B.pf --------- 50144 
 14.09.2010 21:49     C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 17382 
 14.09.2010 21:48     C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf --------- 15270 
 14.09.2010 21:42     C:\WINDOWS\Prefetch\GP5.EXE-27A0382F.pf --------- 162240 
 14.09.2010 21:11     C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 156092 
 14.09.2010 21:10     C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 78820 
 14.09.2010 21:10     C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 48384 
 14.09.2010 21:09     C:\WINDOWS\Prefetch\Layout.ini --------- 570250 
 14.09.2010 19:58     C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-1C1FA5B1.pf --------- 55770 
 14.09.2010 19:58     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3EA39160.pf --------- 34704 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\ACU.EXE-0C2F8293.pf --------- 3278 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\PDVDSERV.EXE-15757141.pf --------- 97038 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\WLACU.EXE-02CB5678.pf --------- 45340 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf --------- 38970 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\READER_SL.EXE-2FAFE67A.pf --------- 10542 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\JUSCHED.EXE-0137DEC5.pf --------- 10730 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\SOFFICE.BIN-1E52E616.pf --------- 57596 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\SOUNDMAN.EXE-19745A34.pf --------- 57260 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\AVGNT.EXE-0B50EBC8.pf --------- 50288 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\QUICKSTART.EXE-00894D92.pf --------- 11260 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\STEAM.EXE-25824B4E.pf --------- 58042 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf --------- 43106 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf --------- 7482 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\MBAMGUI.EXE-1E06AB95.pf --------- 7976 
 14.09.2010 19:47     C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf --------- 16828 
 13.09.2010 22:34     C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf --------- 88526 
 13.09.2010 22:30     C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19B1D743.pf --------- 58650 
 13.09.2010 22:19     C:\WINDOWS\Prefetch\OTL.EXE-1341C255.pf --------- 18216 
 13.09.2010 22:15     C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 15898 
 13.09.2010 22:13     C:\WINDOWS\Prefetch\MBAM-SETUP-1.46.TMP-091B065D.pf --------- 27586 
 13.09.2010 22:13     C:\WINDOWS\Prefetch\MBAM-SETUP-1.46.EXE-32EAA9C3.pf --------- 15426 
 13.09.2010 21:30     C:\WINDOWS\Prefetch\FULLTILTPOKER.EXE-38442184.pf --------- 120064 
 13.09.2010 21:27     C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 26250 
 13.09.2010 15:52     C:\WINDOWS\Prefetch\JAVAWS.EXE-1714DD62.pf --------- 16178 
 13.09.2010 15:52     C:\WINDOWS\Prefetch\JAVAW.EXE-0159D575.pf --------- 68928 
 13.09.2010 15:52     C:\WINDOWS\Prefetch\JAUCHECK.EXE-2D8C9795.pf --------- 29564 
 13.09.2010 15:45     C:\WINDOWS\Prefetch\INFIUM.EXE-2C8CB9E6.pf --------- 91104 
 12.09.2010 16:43     C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969333.pf --------- 95868 
 12.09.2010 14:29     C:\WINDOWS\Prefetch\JRE-6U21-WINDOWS-I586-IFTW-RV-31F3F9AC.pf --------- 27670 
 12.09.2010 14:24     C:\WINDOWS\Prefetch\UMCCFG.EXE-079C1329.pf --------- 16684 
 12.09.2010 14:24     C:\WINDOWS\Prefetch\SOFFICE.EXE-26427B3D.pf --------- 10668 
 09.09.2010 22:22     C:\WINDOWS\Prefetch\WINWORD.EXE-3395695A.pf --------- 65988 
 09.09.2010 22:02     C:\WINDOWS\Prefetch\SETUP_WM.EXE-19AC5A9B.pf --------- 26040 
 09.09.2010 20:57     C:\WINDOWS\Prefetch\SYSTRAY.EXE-345DCC1C.pf --------- 10678 
 09.09.2010 20:57     C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf --------- 19076 
 09.09.2010 20:56     C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf --------- 57394 
 09.09.2010 19:23     C:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-370FC314.pf --------- 22274 
 09.09.2010 19:23     C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 105808 
 09.09.2010 19:19     C:\WINDOWS\Prefetch\SETUP.EXE-2A101827.pf --------- 56704 
 09.09.2010 19:18     C:\WINDOWS\Prefetch\SETUP.EXE-2EAA4C67.pf --------- 55330 
 09.09.2010 19:16     C:\WINDOWS\Prefetch\ADBERDR934_DE_DE.EXE-2F5B8B5F.pf --------- 48450 
 09.09.2010 19:12     C:\WINDOWS\Prefetch\ACRORD32.EXE-153330F0.pf --------- 86404 
 09.09.2010 19:12     C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19D979CC.pf --------- 83930 
 09.09.2010 19:02     C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 40776 
 09.09.2010 19:02     C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf --------- 13168 
 09.09.2010 19:00     C:\WINDOWS\Prefetch\UPDATE[1].EXE-22D3FEC7.pf --------- 42564 
 09.09.2010 19:00     C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf --------- 11036 
 09.09.2010 19:00     C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf --------- 42300 
 09.09.2010 19:00     C:\WINDOWS\Prefetch\0.8583093331507152.EXE-243549C8.pf --------- 20462 
 08.09.2010 22:15     C:\WINDOWS\Prefetch\GOOGLEEARTH.EXE-0978F2AD.pf --------- 57504 
 08.09.2010 20:45     C:\WINDOWS\Prefetch\ICQ.EXE-15A4C655.pf --------- 85964 
 06.09.2010 21:19     C:\WINDOWS\Prefetch\ALCFDRTM.EXE-1A22C94E.pf --------- 58374 
 06.09.2010 21:19     C:\WINDOWS\Prefetch\RTLCPL.EXE-08F51F45.pf --------- 68702 
 06.09.2010 21:18     C:\WINDOWS\Prefetch\READER_SL.EXE-1EA4C8B2.pf --------- 10732 
 06.09.2010 21:18     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F491662.pf --------- 51300 
 06.09.2010 20:54     C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 6222 
 05.09.2010 18:41     C:\WINDOWS\Prefetch\WINWORD.EXE-1EAA55E3.pf --------- 46228 
 05.09.2010 18:41     C:\WINDOWS\Prefetch\OSA.EXE-000C604A.pf --------- 33044 
 05.09.2010 18:38     C:\WINDOWS\Prefetch\SNDREC32.EXE-309776A8.pf --------- 26966 
 04.09.2010 15:07     C:\WINDOWS\Prefetch\SETUP_ICMTRAINERLIGHT.EXE-1C062294.pf --------- 13314 
 01.01.2006 00:11     C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf --------- 83234 
 01.01.2006 00:06     C:\WINDOWS\Prefetch\HELPER.EXE-244ABC1F.pf --------- 15440 
 01.01.2006 00:06     C:\WINDOWS\Prefetch\UPDATER.EXE-14EADE7B.pf --------- 46992 
----------------------------------------

 
C:\WINDOWS\Tasks

 14.09.2010 22:29     C:\WINDOWS\Tasks\GlaryInitialize.job --------- 306 
 14.09.2010 22:29     C:\WINDOWS\Tasks\SA.DAT --------- 6 
 04.08.2004 14:00     C:\WINDOWS\Tasks\desktop.ini --------- 65 
----------------------------------------

 
C:\WINDOWS\Temp

 14.09.2010 22:30     C:\WINDOWS\Temp\WGANotify.settings --------- 409 
 14.09.2010 22:29     C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat --------- 16384 
 14.09.2010 22:29     C:\WINDOWS\Temp\Perflib_Perfdata_764.dat --------- 16384 
 14.09.2010 22:29     C:\WINDOWS\Temp\WGAErrLog.txt --------- 255 
 14.09.2010 22:02     C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat --------- 16384 
 14.09.2010 22:02     C:\WINDOWS\Temp\Perflib_Perfdata_180.dat --------- 16384 
 13.09.2010 21:31     C:\WINDOWS\Temp\~DFF663.tmp --------- 16384 
 09.09.2010 19:13     C:\WINDOWS\Temp\Cookies --------- 0 
 13.07.2007 14:34     C:\WINDOWS\Temp\Verlauf --------- 0 
 13.07.2007 14:34     C:\WINDOWS\Temp\Temporary Internet Files --------- 0 
 27.06.2006 11:42     C:\WINDOWS\Temp\alcxwdm.sys --------- 3972672 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau17.inf --------- 25442 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau18.inf --------- 23276 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau19.inf --------- 26190 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau2.inf --------- 63417 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau20.inf --------- 29548 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau21.inf --------- 26376 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau22.inf --------- 43012 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau23.inf --------- 31843 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau24.inf --------- 34109 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau15.inf --------- 29859 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau26.inf --------- 41643 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau27.inf --------- 33221 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau28.inf --------- 23342 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau12.inf --------- 54768 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau4.inf --------- 50025 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau5.inf --------- 28546 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau6.inf --------- 31955 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau7.inf --------- 23999 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau8.inf --------- 31645 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau9.inf --------- 31533 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau14.inf --------- 30353 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau16.inf --------- 31046 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau25.inf --------- 31795 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau0.inf --------- 62573 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau1.inf --------- 61865 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau10.inf --------- 39829 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau13.inf --------- 51773 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau11.inf --------- 27117 
 23.06.2006 08:57     C:\WINDOWS\Temp\Alcxau3.inf --------- 28492 
 20.06.2006 23:42     C:\WINDOWS\Temp\soundman.exe --------- 577536 
 20.06.2006 23:40     C:\WINDOWS\Temp\alsndmgr.cpl --------- 18796544 
 20.06.2006 23:35     C:\WINDOWS\Temp\RTLCPL.exe --------- 10527744 
 08.06.2006 02:00     C:\WINDOWS\Temp\RtlCPAPI.dll --------- 143360 
 20.03.2006 05:48     C:\WINDOWS\Temp\alcupd.exe --------- 315392 
 18.11.2005 05:20     C:\WINDOWS\Temp\alcrmv.exe --------- 217088 
 15.07.2005 10:48     C:\WINDOWS\Temp\ChCfg.exe --------- 40960 
 31.01.2005 08:40     C:\WINDOWS\Temp\Alcxwdm0.cat --------- 522179 
 31.01.2005 08:40     C:\WINDOWS\Temp\alcxwdm.cat --------- 522179 
 05.02.2002 07:54     C:\WINDOWS\Temp\alsndmgr.wav --------- 141016 
----------------------------------------

 
C:\DOKUME~1\admin\LOKALE~1\Temp

 14.09.2010 22:39      C:\DOKUME~1\admin\LOKALE~1\Temp\Rar$EX00.000 --------- 0 
 14.09.2010 22:34      C:\DOKUME~1\admin\LOKALE~1\Temp\jusched.log --------- 11736 
 14.09.2010 22:30      C:\DOKUME~1\admin\LOKALE~1\Temp\~gu-ver.dat --------- 590 
 14.09.2010 22:29      C:\DOKUME~1\admin\LOKALE~1\Temp\WPDNSE --------- 0 
 14.09.2010 22:29      C:\DOKUME~1\admin\LOKALE~1\Temp\AdobeARM.log --------- 3765 
 14.09.2010 21:56      C:\DOKUME~1\admin\LOKALE~1\Temp\contentDATs.exe --------- 502472 
 14.09.2010 21:56      C:\DOKUME~1\admin\LOKALE~1\Temp\SecurityScan_Release.exe --------- 3598224 
----------------------------------------

 
C:\Programme

 14.09.2010 22:38     C:\Programme\trend micro --------- 0 
 14.09.2010 21:58     C:\Programme\CCleaner --------- 0 
 14.09.2010 21:54     C:\Programme\Glary Utilities --------- 0 
 14.09.2010 19:47     C:\Programme\Steam --------- 0 
 13.09.2010 22:13     C:\Programme\Malwarebytes' Anti-Malware --------- 0 
 13.09.2010 21:30     C:\Programme\Full Tilt Poker --------- 0 
 09.09.2010 19:23     C:\Programme\Adobe --------- 0 
 01.09.2010 21:38     C:\Programme\PokerStars.NET --------- 0 
 12.08.2010 19:19     C:\Programme\Movie Maker --------- 0 
 01.07.2010 19:21     C:\Programme\ICQ6.5 --------- 0 
 24.05.2010 17:49     C:\Programme\GNU Solfege --------- 0 
 22.05.2010 13:18     C:\Programme\REAPER --------- 0 
 16.05.2010 16:48     C:\Programme\NVIDIA Corporation --------- 0 
 12.05.2010 21:12     C:\Programme\ASIO4ALL v2 --------- 0 
 11.05.2010 22:30     C:\Programme\Outlook Express --------- 0 
 19.04.2010 17:15     C:\Programme\Messenger --------- 0 
 19.04.2010 17:14     C:\Programme\Internet Explorer --------- 0 
 19.04.2010 17:12     C:\Programme\NetMeeting --------- 0 
 19.04.2010 17:12     C:\Programme\Windows Media Player --------- 0 
 19.04.2010 17:11     C:\Programme\Windows NT --------- 0 
 02.03.2010 18:33     C:\Programme\JRE --------- 0 
 02.03.2010 18:33     C:\Programme\OpenOffice.org 3 --------- 0 
 02.03.2010 18:32     C:\Programme\Java --------- 0 
 23.01.2010 10:49     C:\Programme\Electronic Arts --------- 0 
 23.01.2010 10:47     C:\Programme\InstallShield Installation Information --------- 0 
 18.01.2010 20:31     C:\Programme\metinspeed --------- 0 
 22.12.2009 14:21     C:\Programme\Firaxis Games --------- 0 
 13.12.2009 21:12     C:\Programme\maxga --------- 0 
 05.12.2009 22:31     C:\Programme\PixiePack Codec Pack --------- 0 
 05.12.2009 22:31     C:\Programme\RapidSolution --------- 0 
 25.11.2009 23:01     C:\Programme\MSXML 4.0 --------- 0 
 08.11.2009 17:31     C:\Programme\alaplaya --------- 0 
 08.11.2009 16:08     C:\Programme\Gemeinsame Dateien --------- 0 
 06.11.2009 22:29     C:\Programme\HyCam2 --------- 0 
 31.10.2009 14:54     C:\Programme\Neuer Ordner --------- 0 
 31.10.2009 14:03     C:\Programme\Diablo II --------- 0 
 22.10.2009 14:30     C:\Programme\devolo --------- 0 
 19.10.2009 12:49     C:\Programme\Xfire --------- 0 
 16.09.2009 21:25     C:\Programme\QIP Infium --------- 0 
 03.09.2009 17:05     C:\Programme\Hamachi --------- 0 
 16.08.2009 02:16     C:\Programme\MSBuild --------- 0 
 16.08.2009 02:16     C:\Programme\Reference Assemblies --------- 0 
 16.08.2009 02:14     C:\Programme\MSXML 6.0 --------- 0 
 15.07.2009 17:25     C:\Programme\DivX --------- 0 
 15.07.2009 00:03     C:\Programme\ICQ6 --------- 0 
 28.06.2009 14:53     C:\Programme\ACD Systems --------- 0 
 02.06.2009 14:40     C:\Programme\Crazy Machines - Neue Herausforderungen Demo --------- 0 
 18.05.2009 20:59     C:\Programme\Recorder --------- 0 
 28.04.2009 17:38     C:\Programme\TmNationsForever --------- 0 
 28.04.2009 15:57     C:\Programme\Warsow --------- 0 
 28.04.2009 15:53     C:\Programme\Silkroad --------- 0 
 22.03.2009 14:50     C:\Programme\ICQToolbar --------- 0 
 18.03.2009 16:59     C:\Programme\World of Warcraft Trial --------- 0 
 18.03.2009 16:59     C:\Programme\Registry Mechanic --------- 0 
 18.03.2009 16:14     C:\Programme\Abbyy FineReader 6.0 Sprint --------- 0 
 03.02.2009 21:43     C:\Programme\Microsoft Games --------- 0 
 03.02.2009 21:42     C:\Programme\AlienChess --------- 0 
 14.01.2009 21:45     C:\Programme\Teamspeak2_RC2 --------- 0 
 19.11.2008 15:11     C:\Programme\POKEMON --------- 0 
 12.11.2008 18:43     C:\Programme\Peggle Deluxe --------- 0 
 08.10.2008 12:31     C:\Programme\EA GAMES --------- 0 
 31.07.2008 21:03     C:\Programme\Google --------- 0 
 29.07.2008 21:56     C:\Programme\QIP --------- 0 
 29.07.2008 19:31     C:\Programme\ICQLite_neu --------- 0 
 27.06.2008 12:17     C:\Programme\Skype --------- 0 
 01.06.2008 00:34     C:\Programme\GUILD WARS --------- 0 
 16.05.2008 18:19     C:\Programme\Free M4a to MP3 Converter --------- 0 
 22.02.2008 23:21     C:\Programme\Guitar Pro 5 --------- 0 
 14.12.2007 21:40     C:\Programme\o2 --------- 0 
 08.10.2007 16:29     C:\Programme\Cyanide --------- 0 
 08.10.2007 16:25     C:\Programme\And Yet It Moves --------- 0 
 30.07.2007 15:21     C:\Programme\THQ --------- 0 
 21.07.2007 23:26     C:\Programme\Titan Quest Screensaver --------- 0 
 21.07.2007 18:38     C:\Programme\Sierra On-Line --------- 0 
 09.07.2007 14:40     C:\Programme\Klei Entertainment --------- 0 
 08.07.2007 17:00     C:\Programme\Genius Move --------- 0 
 04.07.2007 16:41     C:\Programme\THQ- --------- 0 
 02.07.2007 16:01     C:\Programme\Microsoft Works --------- 0 
 02.07.2007 16:01     C:\Programme\Microsoft Office --------- 0 
 02.07.2007 16:01     C:\Programme\Microsoft Visual Studio --------- 0 
 30.06.2007 14:20     C:\Programme\Windows Media Connect 2 --------- 0 
 29.06.2007 14:36     C:\Programme\TRENDware --------- 0 
 28.06.2007 09:42     C:\Programme\TRENDnet --------- 0 
 25.06.2007 12:59     C:\Programme\DIFX --------- 0 
 25.06.2007 12:56     C:\Programme\Realtek AC97 --------- 0 
 20.06.2007 15:15     C:\Programme\CyberLink --------- 0 
 20.06.2007 15:13     C:\Programme\VideoLAN --------- 0 
 20.06.2007 15:13     C:\Programme\WinRAR --------- 0 
 20.06.2007 15:12     C:\Programme\Ahead --------- 0 
 20.06.2007 15:12     C:\Programme\Formosoft --------- 0 
 20.06.2007 14:25     C:\Programme\xerox --------- 0 
 20.06.2007 14:25     C:\Programme\microsoft frontpage --------- 0 
 20.06.2007 14:25     C:\Programme\Online-Dienste --------- 0 
 20.06.2007 14:23     C:\Programme\Online Services --------- 0 
 20.06.2007 14:23     C:\Programme\MSN Gaming Zone --------- 0 
 20.06.2007 14:22     C:\Programme\MSN --------- 0 
 01.01.2006 00:06     C:\Programme\Mozilla Firefox --------- 0 
----------------------------------------

 
C:\Dokumente und Einstellungen\All Users\.. 

admin    
LocalService    
***    
All Users    
img    
Administrator    
*** oder ***    
NetworkService    
Default User    
----------------------------------------

 
C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

 
***** Ende des Scans 14.09.2010 um 22:44:20,92 ***
         

4. Ccleaner
Code:
ATTFilter
802.11g Driver and Client Applications	TRENDware	1.00.0000
ABBYY FineReader 6.0 Sprint	ABBYY Software House	6.00.2146.41621
ACDSee 5.0 Standard	ACD Systems Ltd	5.0.0
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	10.1.82.76
Adobe Flash Player ActiveX	Adobe Systems Incorporated	9.0.124.0
Adobe Reader 9.3.4 - Deutsch	Adobe Systems Incorporated	9.3.4
Adobe Shockwave Player	Adobe Systems, Inc.	11
Age of Mythology Gold	Microsoft	1.0
Akamai NetSession Interface		
Aqua Real		1.00.000
ASIO4ALL		
Audials TV	RapidSolution Software AG	1.3.10800.0
AudialsOne	RapidSolution Software AG	4.0.33916.1600
AudioRecorder		
Avira AntiVir Personal - Free Antivirus	Avira GmbH	
Blue Byte Game Channel	UbiSoft	
Call of Duty(R) 4 - Modern Warfare(TM)	Activision	1.00.0000
CCleaner	Piriform	2.35
Condition Zero Deleted Scenes	Ritual	
Counter-Strike	Valve	
Custom Mod : Lilith v0.98	Mostal	
devolo dLAN-Konfigurationsassistent	devolo AG	17.0.0.0
devolo Informer	devolo AG	26.0.0.0
Diablo II	Blizzard Entertainment	
Die Siedler IV		
Die Sims 2		
DivX Codec	DivX, Inc.	6.8.5
DivX Converter	DivX, Inc.	7.1.0
DivX Player	DivX, Inc.	7.2.0
DivX Plus DirectShow Filters	DivX, Inc.	
DivX Web Player	DivX,Inc.	1.5.0
Eets	Klei Entertainment Inc.	
Free M4a to MP3 Converter 5.9	ManiacTools.com	
Full Tilt Poker		4.30.0.WIN.FullTilt.COM
Genius Move		
Glary Utilities 2.28.0.1011	Glarysoft Ltd	2.28.0.1011
GNU Solfege 3.14.11		
Google Earth	Google	4.3.7284.3916
Google Updater	Google Inc.	2.4.1368.5602
GUILD WARS		
Guitar Pro 5.0	Arobas Music	
Hamachi 1.0.3.0		
HyperCam 2		
ICQ Toolbar		
ICQ6.5	ICQ	6.5
InterActual Player		
Java(TM) 6 Update 18	Sun Microsystems, Inc.	6.0.180
Java(TM) SE Development Kit 6 Update 1	Sun Microsystems, Inc.	1.6.0.10
Java(TM) SE Runtime Environment 6 Update 1	Sun Microsystems, Inc.	1.6.0.10
Lilith The Will of Demon : Battles of Jalavia Masteries Edition	Mostal	
Lilith The Will of Demon : Difficulty Changer v1.1	Mostal	
Malwarebytes' Anti-Malware	Malwarebytes Corporation	
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	
Microsoft Compression Client Pack 1.0 for Windows XP	Microsoft Corporation	1
Microsoft Office Standard Edition 2003	Microsoft Corporation	11.0.5614.0
Microsoft User-Mode Driver Framework Feature Pack 1.0	Microsoft Corporation	
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	9.0.30729
Mozilla Firefox (3.6.9)	Mozilla	3.6.9 (de)
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	4.20.9848.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	4.20.9876.0
MSXML 6 Service Pack 2 (KB973686)	Microsoft Corporation	6.20.2003.0
Nero 6		
NVIDIA Drivers	NVIDIA Corporation	1.10.59.37
NVIDIA nView Desktop Manager	NVIDIA Corporation	6.14.10.12561
NVIDIA PhysX	NVIDIA Corporation	9.10.0129
o2 Surf Box mini	o2	1.00.0000
OpenOffice.org 3.2	OpenOffice.org	3.2.9483
OPERATION7		
PixiePack Codec Pack	None	1.1.400.0
PokerStars.net	PokerStars.net	
Portal	Valve	
PowerDVD		
PunkBuster Services	Even Balance, Inc.	0.986
QIP 2005 Uninstall		
QIP 8070_neu Jeak Edition	Jeak	8070_neu
Quake Live Mozilla Plugin	id Software	1.0.232
Realtek AC'97 Audio	Realtek Semiconductor Corp.	5.24
REAPER		
Recorder		
Registry Mechanic 7.0	PC Tools	7.0
S4 League_EU		1.00.0000
Sid Meier's Pirates!	Ihr Firmenname	1.00.0000
Silkroad		
Skype™ 3.8	Skype Technologies S.A.	3.8.188
SnowBound Online v2.0	maxga.com	
SPORE™	Electronic Arts	1.00.0000
Steam	Valve	1.0.0.0
TeamSpeak 2 RC2	Dominating Bytes Design	2.0.32.60
TEW-444UB Wireless Client Utility	TRENDnet	1.00.0000
Titan Quest	Iron Lore	1.00.0000
Titan Quest Immortal Throne	Iron Lore	1.00.0000
Titan Quest Screensaver		
TmNationsForever	Nadeo	
Unreal Tournament 2004		
USB Mass Storage Reader		
VideoLAN VLC media player 0.8.6b	VideoLAN Team	0.8.6b
Warsow 0.42	Warsow development team	0.42
Windows Genuine Advantage Validation Tool (KB892130)	Microsoft Corporation	
Windows Media Format 11 runtime		
Windows Media Player 11		
Windows XP Service Pack 3	Microsoft Corporation	20080414.031514
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)	Advanced Micro Devices	04/28/2006 1.3.1.0
WinRAR Archivierer		
Xfire (remove only)
         
5. Gmer =>PC hängt sich auf

6. Rootrepeal

Drivers und Stealth Objects
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/09/15 20:54
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xB80C8000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7F78000	Size: 188800	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xB7DBC000	Size: 15968	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA6AAD000	Size: 138496	File Visible: -	Signed: -
Status: -

Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xB607C000	Size: 3972672	File Visible: -	Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xB8308000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xB8608000	Size: 5152	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7F30000	Size: 96512	File Visible: -	Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB8777000	Size: 3072	File Visible: -	Signed: -
Status: -

Name: avgio.sys
Image Path: D:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xB866A000	Size: 6144	File Visible: -	Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0x9F44B000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA69F6000	Size: 114688	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB85DA000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA0047000	Size: 63744	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB7618000	Size: 62976	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB8108000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xB80F8000	Size: 36352	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB7638000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: dump_nvata.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0x9F65F000	Size: 94208	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB866E000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA0667000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB87F5000	Size: 4096	File Visible: -	Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xB8490000	Size: 27392	File Visible: -	Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA94ED000	Size: 44672	File Visible: -	Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xA95AF000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB7EF9000	Size: 129792	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB85D8000	Size: 7936	File Visible: -	Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7F48000	Size: 126336	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000	Size: 134400	File Visible: -	Signed: -
Status: -

Name: hamachi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xB8340000	Size: 18560	File Visible: -	Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA94DD000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA957F000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA9434000	Size: 10368	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9ED59000	Size: 265728	File Visible: -	Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB81C8000	Size: 52992	File Visible: -	Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB7628000	Size: 42112	File Visible: -	Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA6ACF000	Size: 152832	File Visible: -	Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA6B76000	Size: 75264	File Visible: -	Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80A8000	Size: 37632	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB8498000	Size: 25216	File Visible: -	Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x9E9F6000	Size: 172416	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB6035000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7ED0000	Size: 92928	File Visible: -	Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB85DC000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB8360000	Size: 23552	File Visible: -	Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA9430000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80D8000	Size: 42368	File Visible: -	Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9F3F6000	Size: 180608	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA6A12000	Size: 455680	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA9597000	Size: 19072	File Visible: -	Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8218000	Size: 35072	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB8550000	Size: 15488	File Visible: -	Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7DFC000	Size: 105344	File Visible: -	Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7E16000	Size: 182656	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB8544000	Size: 10112	File Visible: -	Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB7DB8000	Size: 14592	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB4758000	Size: 91520	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xA99A2000	Size: 40576	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA951D000	Size: 34688	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA6AF5000	Size: 162816	File Visible: -	Signed: -
Status: -

Name: npf_devolo.sys
Image Path: C:\WINDOWS\system32\drivers\npf_devolo.sys
Address: 0xB8158000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA958F000	Size: 30848	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7E43000	Size: 574976	File Visible: -	Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA9565000	Size: 2944	File Visible: -	Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000	Size: 6434816	File Visible: -	Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB55F1000	Size: 10232128	File Visible: -	Signed: -
Status: -

Name: nvata.sys
Image Path: nvata.sys
Address: 0xB7F19000	Size: 93568	File Visible: -	Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xA954D000	Size: 34048	File Visible: -	Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xB77C1000	Size: 13056	File Visible: -	Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB5FEB000	Size: 303104	File Visible: -	Signed: -
Status: -

Name: NVSNPU.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Address: 0xB5FB4000	Size: 225280	File Visible: -	Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xB80B8000	Size: 61696	File Visible: -	Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB480F000	Size: 80384	File Visible: -	Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000	Size: 19712	File Visible: -	Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0x9F67E000	Size: 7040	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB7F67000	Size: 68224	File Visible: -	Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000	Size: 3328	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB6058000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB4747000	Size: 69120	File Visible: -	Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB84A8000	Size: 17792	File Visible: -	Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xB8118000	Size: 35712	File Visible: -	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA9DB2000	Size: 8832	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB81E8000	Size: 51328	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB81F8000	Size: 41472	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8208000	Size: 48384	File Visible: -	Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB84B0000	Size: 16512	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA6A82000	Size: 175744	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB85DE000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB7608000	Size: 57728	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9EF52000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: rrnetcap.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
Address: 0xB8238000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xA0017000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB8540000	Size: 15744	File Visible: -	Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB81B8000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB7EE7000	Size: 73472	File Visible: -	Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9F1AA000	Size: 354304	File Visible: -	Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xA9587000	Size: 23040	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB860A000	Size: 4352	File Visible: -	Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB64EA000	Size: 60800	File Visible: -	Signed: -
Status: -

Name: tbhsd.sys
Image Path: C:\WINDOWS\system32\drivers\tbhsd.sys
Address: 0xB81D8000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA6B1D000	Size: 361600	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB84A0000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8228000	Size: 40704	File Visible: -	Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB46E9000	Size: 384768	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB85D6000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB8448000	Size: 30208	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xA9992000	Size: 59520	File Visible: -	Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xB8440000	Size: 17152	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB6446000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xA9577000	Size: 26368	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA959F000	Size: 20992	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB4823000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80E8000	Size: 53760	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA950D000	Size: 34560	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA0352000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9F3B9000	Size: 83072	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000	Size: 1855488	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000	Size: 1855488	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xB85AA000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/09/15 20:55
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Stealth Objects
-------------------
         
Bei Hidden Services hat sich der PC auch bei mehreren Versuchen aufgehängt.



gruß,
saccharid

Alt 15.09.2010, 21:44   #5
kira
/// Helfer-Team
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



1.
Ergebnis von "C:\TDSSKiller" bitte posten!

Prüfung und Reinigung:

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
  • `Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
  • `Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können


Alt 16.09.2010, 19:23   #6
saccharid
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



Habe die Punkte wieder der Reihe nach abgearbeitet.
6. Der Kaspersky Online Scanner funktionierte jedoch nicht. Die Scan-schaltfäche ist grau unterlegt und lässt sich nicht wählen.

TDSSKiller:

Code:
ATTFilter
2010/09/14 22:15:40.0109	TDSS rootkit removing tool 2.4.2.1 Sep  7 2010 14:43:44
2010/09/14 22:15:40.0109	================================================================================
2010/09/14 22:15:40.0109	SystemInfo:
2010/09/14 22:15:40.0109	
2010/09/14 22:15:40.0109	OS Version: 5.1.2600 ServicePack: 3.0
2010/09/14 22:15:40.0109	Product type: Workstation
2010/09/14 22:15:40.0109	ComputerName: LARS
2010/09/14 22:15:40.0109	UserName: admin
2010/09/14 22:15:40.0109	Windows directory: C:\WINDOWS
2010/09/14 22:15:40.0109	System windows directory: C:\WINDOWS
2010/09/14 22:15:40.0109	Processor architecture: Intel x86
2010/09/14 22:15:40.0109	Number of processors: 2
2010/09/14 22:15:40.0109	Page size: 0x1000
2010/09/14 22:15:40.0109	Boot type: Normal boot
2010/09/14 22:15:40.0109	================================================================================
2010/09/14 22:15:40.0359	Initialize success
2010/09/14 22:15:43.0546	================================================================================
2010/09/14 22:15:43.0546	Scan started
2010/09/14 22:15:43.0546	Mode: Manual;
2010/09/14 22:15:43.0546	================================================================================
2010/09/14 22:15:43.0937	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/14 22:15:43.0984	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/14 22:15:44.0046	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/14 22:15:44.0093	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/14 22:15:44.0156	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/14 22:15:44.0312	ALCXWDM         (fcb505a7fa9dd4b8b98064792fd038a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/14 22:15:44.0437	AmdK8           (a96cc1761e4e6e997f3ca0021226c431) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/09/14 22:15:44.0515	AR5523          (2fe74d040a88d51f0498305f6abfa8af) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2010/09/14 22:15:44.0546	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/14 22:15:44.0625	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/14 22:15:44.0671	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/14 22:15:44.0734	ATHFMWDL        (b41d44a4041d011e2a234829b8e2d90d) C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
2010/09/14 22:15:44.0765	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/14 22:15:44.0812	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/14 22:15:44.0890	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/09/14 22:15:44.0937	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/14 22:15:45.0031	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/14 22:15:45.0062	AVMUNET         (077b3692f4376d1539755761feef659a) C:\WINDOWS\system32\DRIVERS\avmunet.sys
2010/09/14 22:15:45.0125	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/14 22:15:45.0156	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/14 22:15:45.0218	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/14 22:15:45.0250	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/14 22:15:45.0312	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/14 22:15:45.0421	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/14 22:15:45.0453	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/14 22:15:45.0484	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/14 22:15:45.0531	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/14 22:15:45.0546	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/14 22:15:45.0640	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/14 22:15:45.0687	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/14 22:15:45.0718	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/14 22:15:45.0718	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/14 22:15:45.0734	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/14 22:15:45.0765	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/14 22:15:45.0812	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/14 22:15:45.0843	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/14 22:15:45.0859	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/14 22:15:45.0875	hamachi         (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/09/14 22:15:45.0953	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/14 22:15:45.0984	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/14 22:15:46.0062	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/14 22:15:46.0109	hwdatacard      (200ab8daf659c7324601fcc824d7f910) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/09/14 22:15:46.0250	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/14 22:15:46.0281	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/14 22:15:46.0359	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/14 22:15:46.0390	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/14 22:15:46.0406	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/14 22:15:46.0453	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/14 22:15:46.0484	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/14 22:15:46.0531	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/14 22:15:46.0562	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/14 22:15:46.0578	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/14 22:15:46.0609	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/14 22:15:46.0625	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/14 22:15:46.0703	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/14 22:15:46.0750	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/14 22:15:46.0765	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/14 22:15:46.0796	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/14 22:15:46.0906	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/14 22:15:46.0937	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/14 22:15:47.0015	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/14 22:15:47.0078	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/14 22:15:47.0109	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/14 22:15:47.0125	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/14 22:15:47.0140	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/14 22:15:47.0203	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/14 22:15:47.0265	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/09/14 22:15:47.0265	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/14 22:15:47.0296	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/14 22:15:47.0312	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/14 22:15:47.0328	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/14 22:15:47.0343	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/14 22:15:47.0375	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/14 22:15:47.0406	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/14 22:15:47.0421	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/14 22:15:47.0515	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/14 22:15:47.0546	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/14 22:15:47.0593	NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
2010/09/14 22:15:47.0625	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/14 22:15:47.0687	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/14 22:15:48.0000	nv              (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/14 22:15:48.0156	nvata           (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/09/14 22:15:48.0187	NVENETFD        (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/14 22:15:48.0218	nvnetbus        (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/14 22:15:48.0265	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/14 22:15:48.0265	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/14 22:15:48.0312	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/14 22:15:48.0328	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/14 22:15:48.0343	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/14 22:15:48.0375	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/14 22:15:48.0484	PCASp50         (7a15e748a513244f8cfbf8d4d72215c5) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/09/14 22:15:48.0500	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/14 22:15:48.0531	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/14 22:15:48.0562	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/14 22:15:48.0687	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/14 22:15:48.0703	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/14 22:15:48.0718	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/14 22:15:48.0812	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/14 22:15:48.0859	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/14 22:15:48.0937	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/14 22:15:48.0953	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/14 22:15:48.0984	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/14 22:15:48.0984	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/14 22:15:49.0015	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/14 22:15:49.0031	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/14 22:15:49.0062	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/14 22:15:49.0140	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/14 22:15:49.0171	RRNetCap        (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/09/14 22:15:49.0187	RRNetCapMP      (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/09/14 22:15:49.0250	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/14 22:15:49.0265	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/14 22:15:49.0296	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/14 22:15:49.0343	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/14 22:15:49.0406	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/14 22:15:49.0453	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/14 22:15:49.0593	Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/14 22:15:49.0656	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/14 22:15:49.0703	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/14 22:15:49.0734	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/14 22:15:49.0843	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/14 22:15:49.0890	tbhsd           (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2010/09/14 22:15:49.0921	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/14 22:15:50.0000	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/14 22:15:50.0015	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/14 22:15:50.0031	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/14 22:15:50.0093	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/14 22:15:50.0140	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/14 22:15:50.0171	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/14 22:15:50.0203	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/14 22:15:50.0250	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/14 22:15:50.0281	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/14 22:15:50.0296	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/14 22:15:50.0328	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/14 22:15:50.0359	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/14 22:15:50.0375	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/14 22:15:50.0406	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/14 22:15:50.0437	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/14 22:15:50.0468	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/14 22:15:50.0546	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/14 22:15:50.0562	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/14 22:15:50.0609	================================================================================
2010/09/14 22:15:50.0609	Scan finished
2010/09/14 22:15:50.0609	================================================================================
2010/09/14 22:15:57.0921	Deinitialize success
         
SUPERantispyware:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/16/2010 at 07:37 PM

Application Version : 4.43.1000

Core Rules Database Version : 5519
Trace Rules Database Version: 3331

Scan type       : Complete Scan
Total Scan Time : 00:31:32

Memory items scanned      : 441
Memory threats detected   : 0
Registry items scanned    : 6798
Registry threats detected : 0
File items scanned        : 23200
File threats detected     : 60

Adware.Tracking Cookie
	2mdn.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	79.memecounter.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	acvs.mediaonenetwork.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	banners.securedataimages.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	bc.youporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	broadcast.piximedia.fr [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	cdn1.eyewonder.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	cdn5.specificclick.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	ds.serving-sys.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	files.youporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	flvplayer2.hardsextube.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	googleads.g.doubleclick.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	icq.oberon-media.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	imagesrv.adition.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	m.de.2mdn.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	macromedia.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	media.mtvnservices.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	media.scanscout.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	media01.kyte.tv [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	memecounter.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	naiadsystems.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	objects.tremormedia.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	oddcast.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	pornme.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	s0.2mdn.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	static.xxxmatch.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	static.youporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	track.trackads.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	track.webgains.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	trackads.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.ardmediathek.de [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.gina-lisa-sex-video.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.naiadsystems.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.pornhub.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.pornoprinzen.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.porntube.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.sextube.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.sexyandfunny.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	www.youngpornmovies.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]
	wwwstatic.megaporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ]

Adware.MyWebSearch/FunWebProducts
	C:\PROGRAMME\INTERNET EXPLORER\MSIMG32.DLL

Trojan.Agent/Gen-Nullo[Short]
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088816.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088807.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088808.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088809.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088810.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088811.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088812.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088813.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088814.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088815.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088817.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088818.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088819.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088820.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088821.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088822.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088823.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088824.DLL

Adware.Vundo Variant
	C:\WINDOWS\CIDAMAPI.DLL
         

vielen dank und gruß,
saccharid

Alt 17.09.2010, 07:54   #7
kira
/// Helfer-Team
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



vlt bringt mehr Erfolg:

>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"
- (ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

Alt 19.09.2010, 20:39   #8
saccharid
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



Die Meldung von Avira tritt nichtmehr auf.

Hier noch das ergebnis von Nod32:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e676f41fa18dc942a256a9966d1000af
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-19 07:26:32
# local_time=2010-09-19 09:26:32 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 416059 416059 0 0
# compatibility_mode=1797 16775141 100 100 562 60428062 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 70 70 0 0
# scanned=167239
# found=2
# cleaned=2
# scan_time=11637
C:\Dokumente und Einstellungen\Ulrike\Desktop\Downloads\No_gba_2.6a.rar	probably a variant of Win32/Agent.LMQTMMD trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\Ulrike\Eigene Dateien\Eigene Dateien\coladosenhalter.exe	probably a variant of Win32/Agent.CBMFHTS trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
Vielen Dank für deine Hilfe

Alt 22.09.2010, 21:10   #9
kira
/// Helfer-Team
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



Läuft dein System stabil?Hast du sonst noch Probleme?

Alt 24.09.2010, 14:49   #10
saccharid
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



Ne, sonst klappt nun wieder alles. Also nochmals vielen Dank für die Hilfe. Gefällt mir sehr gut euer Forum hier. Weiter so

Alt 25.09.2010, 06:18   #11
kira
/// Helfer-Team
 
Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Standard

Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll



- Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
HijackThis/Trend Micro
filelist.bat
CCleaner
         
Die sind nützliche Programme, die bei Probleme/Notfall können sehr hilfreich sein!

- Zum Schluss, führe den folgenden Schritt aus:
1.
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:
** Rechten Maustaste auf den "Arbeitsplatz"→ auf "Eigenschaften"→ Registerkarte "Systemwiederherstellung"→ "Systemwiederherstellung deaktivieren"→ auf "OK"→ alles schließen→ Rechner neu starten→die Standardeinstellung wiederherzustellen(SWH wieder"aktivieren")

Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus

Lesestoff:
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
wünsch Dir alles Gute

Antwort

Themen zu Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll
0x00000001, adware.hotbar, akamai, antivir, antivir meldet, antivirus, avgntflt.sys, avira, bds\papras.qn, call of duty, cidamapi.dll, components, desktop, email, error, fehler, firefox, firefox.exe, flash player, format, helper, home, ip-adresse, joke.winshoot, jusched.exe, location, metin2, mozilla, mp3, nicht möglich, oldtimer, otl logfile, otl.exe, pirates, plug-in, realtek, registry, remote control, rogue.winantivirus, rundll, searchplugins, searchscopes, security, sekunden, server, shell32.dll, software, teamspeak, user agent, vlc media player, windows




Ähnliche Themen: Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll


  1. Avira Antivir meldet Malware: PUA/DownlaodGuide.Gen und TR/Patched.Ren.Gen2
    Log-Analyse und Auswertung - 19.03.2015 (15)
  2. Windows Vista: Avira Antivir meldet erst ADWARE/bProtect.D einige Tage später TR/Fakeadb.A
    Log-Analyse und Auswertung - 26.10.2013 (17)
  3. Avira AntiVir meldet Atraps/Gen und Gen2
    Log-Analyse und Auswertung - 09.08.2013 (3)
  4. Avira AntiVir meldet Speicherveränderung, jedoch keinen Fund eines Schädlings
    Log-Analyse und Auswertung - 08.04.2013 (13)
  5. Avira Antivir meldet Adware/Yontoo.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (36)
  6. Avira AntiVir Personal meldet TOO/TDss.D und EXP/CVE-2010-0840
    Log-Analyse und Auswertung - 16.10.2011 (32)
  7. Avira AntiVir meldet 'JAVA/OpenConnecti.C' [virus]
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (18)
  8. Avira AntiVir meldet Trojaner TR/Hijacker.Gen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (7)
  9. Avira AntiVir meldet Trojaner TR/Crypt.XPACK.Gen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  10. Avira meldet: 'BDS/Papras.PF'
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (23)
  11. Avira Antivir meldet trojanisches Pferd TR Vilsel.aejm
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (22)
  12. avira antivir meldet TR/Trash.Gen und PC reagiert kaum noch
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (1)
  13. AVira : 'BDS/Papras.JX' [backdoor] in C:\Windows\System32\makeasrv.dll'
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (24)
  14. C:\WINDOWS\system32\diannsvr.dll von AntiVir als BDS/Papras.HZ erkannt
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (3)
  15. Anivir meldet C:\WINDOWS\system32\dllhdosx.dll Gefunden BDS/Papras.HZ
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (8)
  16. Avira Antivir Personal 10 meldet 14 versteckte Objekte
    Antiviren-, Firewall- und andere Schutzprogramme - 02.04.2010 (2)
  17. Avira Antivir meldet Trojaner und bekommt ihn nicht weg!!
    Log-Analyse und Auswertung - 12.07.2009 (29)

Zum Thema Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - 'C:\WINDOWS\cidamapi.dll' Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes 'BDS\Papras.QN' Ausgeführte Aktion: Zugriff verweigern Ich habe seit 2 Tagen immer wieder Meldungen dieser Art durch AVir. Anbei logfiles Malwarebyte und OTL-Dateien. Was - Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll...
Archiv
Du betrachtest: Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.