Trojaner-Board - Programm versucht ins Internet zu gehen...Aber wie finde ich heraus welches?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Programm versucht ins Internet zu gehen...Aber wie finde ich heraus welches? (https://www.trojaner-board.de/86705-programm-versucht-ins-internet-gehen-finde-heraus-welches.html)

nikos7

02.06.2010 19:43

Programm versucht ins Internet zu gehen...Aber wie finde ich heraus welches?

Guten Abend an Alle Mitboarder,

nach dem Hochfahren meines Rechners, ich habe W-Lan, bevor ich den Router einschalte um online zu sein, versucht ein Programm (oder mehr als eins?) online zu gehen. Zumindestens öffnet sich ständig das Einwahlprogramm meines Internetanbieters.
Da das ziemlich nervig ist, weil wenn ich das Einwahlprogramm schliesse, öffnet es sich 5 sek. später erneut, immer und immer wieder,würde ich gerne erfahren welches Programm es ist und wie ich das Problem beheben kann.

Anbei eine Log-Datei.

Vielen Dank schon mal für eure Hilfe :)

Gruß
nikos7

Larusso

04.06.2010 15:27

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Bitte keine Code Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte die Logfiles als Antwort posten, nicht anhängen.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

Code:

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

nikos7

05.06.2010 11:56

Hallo Daniel

vielen Dank für deine Antwort.
Anbei die gewünschten Posts:

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 05.06.2010 12:01:27 - Run 1

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 11,71 Gb Free Space | 7,85% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)

https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" %*

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"4672:TCP" = 4672:TCP:*:Enabled:ppLive

"6492:UDP" = 6492:UDP:*:Enabled:ppLive

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)

"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Programme\StreamerOne\streamerone.exe" = C:\Programme\StreamerOne\streamerone.exe:*:Enabled:streamerone -- ()

"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Programme\Avant Browser\avant.exe" = C:\Programme\Avant Browser\avant.exe:*:Disabled:Avant Browser -- ()

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung -- (Microsoft Corporation)

"C:\Programme\Java\jre1.6.0_03\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_03\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found

"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()

"C:\KAV\kis7.0\german\setup.exe" = C:\KAV\kis7.0\german\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 7.0 -- (Kaspersky Lab)

"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled:  -- File not found

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Disabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)

"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Programme\DAP Premium\DAP.exe" = C:\Programme\DAP Premium\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (Speedbit Ltd.)

"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)

"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

"C:\Programme\sina\SAP\SAPlatform.exe" = C:\Programme\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"E:\Tobit ClipInc\Server\ClipInc-Server.exe" = E:\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- File not found

"E:\Tobit ClipInc\Player\ClipInc-Player.exe" = E:\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- File not found

"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)

"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)

"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0354C0B5-AA35-49D8-B7B7-1CF3412465DD}" = DataCastComponent

"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"{05EB4474-5FAC-4069-A167-352FE0D1D099}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.1.0

"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery

"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.10.170c

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{846AC73B-9394-48B9-B941-8F7F472F0047}" = Bluesoleil2.6.0.9 Release 070606

"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM

"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)

"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam-Software

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio

"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity

"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Alice" = Alice-Installationsdateien entfernen

"ATI Display Driver" = ATI Display Driver

"AudioCon" = AudioCon

"CardRecovery" = CardRecovery

"CCleaner" = CCleaner

"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0)

"ÐÂÀËÖ±²¥" = ÐÂÀËÖ±²¥

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2)

"ENTERPRISER" = Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FLVPlayer" = FLV Player 1.3.3

"Free FLV Converter_is1" = Free FLV Converter V 6.7.8

"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InfraRecorder" = InfraRecorder

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio

"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6

"IrfanView" = IrfanView (remove only)

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)

"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec

"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE

"MAGIX Screenshare UK" = MAGIX Screenshare

"MaxDrive PS2" = MaxDrive PS2

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MsgPlus! Plugin" = Messenger Plus! 3

"Nero - Burning Rom!UninstallKey" = Nero 6

"Nero BurnRights!UninstallKey" = Nero BurnRights

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"NVEContent!UninstallKey" = NeroVision Express Content

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"Picasa2" = Picasa 2

"QcDrv" = Logitech® Camera-Treiber

"RealPlayer 6.0" = RealPlayer

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Secunia PSI" = Secunia PSI

"Shockwave" = Shockwave

"SopCast" = SopCast 2.0.4

"Streamripper" = Streamripper (Remove only)

"StreamTorrent 1.0" = StreamTorrent 1.0

"SystemRequirementsLab" = System Requirements Lab

"Tobit ClipInc Server" = Tobit.Software clipinc.fx

"TV Player" = Veetle TV Player 0.9.11

"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 2.5.0411

"Veetle TV Player" = Veetle TV Player 0.9.11

"VLC media player" = VLC media player 1.0.3

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 3.1

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"Yahoo! Messenger" = Yahoo! Messenger

"YouTube FLV to AVI easy converter_is1" = YouTube FLV to AVI easy converter 2.1.0

"Zattoo4" = Zattoo4 4.0.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.01.2010 15:07:03 | Computer Name = *** | Source = Windows Search Service | ID = 3024

Description = 

 

Error - 28.02.2010 06:11:07 | Computer Name = *** | Source = ESENT | ID = 490

Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 02.06.2010 13:45:27 | Computer Name = *** | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

 

Error - 02.06.2010 14:01:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 02.06.2010 16:41:12 | Computer Name = *** | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

 

Error - 03.06.2010 12:55:59 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 04.06.2010 09:33:48 | Computer Name = *** | Source = Print | ID = 19

Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft XPS

 Document Writer, Freigabename Drucker.

 

Error - 04.06.2010 09:33:48 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 04.06.2010 09:40:49 | Computer Name = *** | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

 

Error - 04.06.2010 10:25:40 | Computer Name = *** | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

 

Error - 04.06.2010 18:25:47 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 05.06.2010 05:46:57 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

 

< End of report >

--- --- ---

nikos7

05.06.2010 12:00

Ich kann die OTL.Txt File leider nicht posten oder anhängen, es sind zu viele Zeichen und die Datei ist zu groß.
Oder kann man das irgendwie umgehen?

Gruß
niko

Larusso

05.06.2010 13:28

Lade sie bitte bei File-Upload hoch und poste mir den Downloadlink

nikos7

05.06.2010 16:08

ok, hier ist der Downloadlink:

hxxp://www.file-upload.net/download-2576076/OTL.Txt.html

Larusso

05.06.2010 16:10

gut ;)

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

Code:

:OTL

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()

O4 - HKCU..\Run: [{DEBC58E8-A11D-82F2-1D4A-1A41E7E36B02}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur\axwoo.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O33 - MountPoints2\{67675dcc-84ca-11de-9360-001b2f37572b}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found

[2010.05.16 01:27:58 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.05.16 01:28:01 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\3055769571.dat

@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

@Alternate Data Stream - 183 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0295CBF7

@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D7DEAA30

@Alternate Data Stream - 123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F085C8A1

@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:24051EFF

:services

:files

:reg

:Commands

[purity]

[emptytemp]

[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Note: Hier O4 - HKCU..\Run: [{DEBC58E8-A11D-82F2-1D4A-1A41E7E36B02}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur\axwoo.exe () bitte die *** editieren.

Schritt 2

Bitte
alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
Log von OTLfix
Gmer.txt
OTL.txt

nikos7

05.06.2010 19:52

hier nun die 3 angeforderten Ergebnisse:

OTLfix:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 deleted successfully.
C:\WINDOWS\system32\WinSys2.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{DEBC58E8-A11D-82F2-1D4A-1A41E7E36B02} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEBC58E8-A11D-82F2-1D4A-1A41E7E36B02}\ not found.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur\axwoo.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67675dcc-84ca-11de-9360-001b2f37572b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67675dcc-84ca-11de-9360-001b2f37572b}\ not found.
File E:\Menu.exe not found.
File C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat not found.
C:\WINDOWS\system32\3055769571.dat moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0295CBF7 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D7DEAA30 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F085C8A1 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:24051EFF deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 83 bytes

User: LocalService
->Temp folder emptied: 82245 bytes
->Temporary Internet Files folder emptied: 442770 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43167459 bytes

User: ***
->Temp folder emptied: 36195 bytes
->Temporary Internet Files folder emptied: 2140877 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37680192 bytes
->Apple Safari cache emptied: 7403559 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1167879 bytes

User: remoteservice

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 34109 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88,00 mb

OTL by OldTimer - Version 3.2.5.3 log created on 06052010_185254

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

nikos7

05.06.2010 19:52

Gmer:

GMER Logfile:

Code:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-05 20:19:41

Windows 5.1.2600 Service Pack 3

Running: uj0kgigw.exe; Driver: C:\DOKUME~1\***~1\LOKALE~1\Temp\fgldqpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwClose [0xA38C02BA]

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwCreateKey [0xA38C12C0]

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwDeleteKey [0xA38C13FC]

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwDeleteValueKey [0xA38C141E]

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwOpenKey [0xA38C1354]

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwOpenProcess [0xA38C11B8]

SSDT    \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                                                              ZwSetValueKey [0xA38C13CE]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text   C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                       section is writeable [0xB59B3380, 0x3DF545, 0xE8000020]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT     \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                                            [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                                             [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                      [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                                                        [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                                       [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                            [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                                           [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                     [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                       [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                                                         [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                                              [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                                             [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                                        [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                                      [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                                            [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                             [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                                              [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                               [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                                          [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                       [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                                         [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                                              [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                                             [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                                                            [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                                                             [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                      [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                                                        [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                                        [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                      [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                                            [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                                             [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol]                                                                         [B833A33E] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter]                                                                              [B833A114] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                       [B833A368] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)

IAT     \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter]                                                                             [B833A0A4] GDNdisIc.sys (NDIS packet redirector/G DATA Software AG)
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT     C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                      [03B72F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                             [03B72DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                           [03B72D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                 [03B72DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Programme\Logitech\MouseWare\system\em_exec.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                           [00A72F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Programme\Logitech\MouseWare\system\em_exec.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                  [00A72DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Programme\Logitech\MouseWare\system\em_exec.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                [00A72D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Programme\Logitech\MouseWare\system\em_exec.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                      [00A72DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\system32\wscntfy.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                              [008E2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\system32\wscntfy.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                     [008E2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\system32\wscntfy.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                   [008E2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\WINDOWS\system32\wscntfy.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                         [008E2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Dokumente und Einstellungen\***\Desktop\uj0kgigw.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [003C2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Dokumente und Einstellungen\***\Desktop\uj0kgigw.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [003C2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Dokumente und Einstellungen\***\Desktop\uj0kgigw.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                [003C2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT     C:\Dokumente und Einstellungen\***\Desktop\uj0kgigw.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [003C2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
 

---- Devices - GMER 1.0.15 ----
 

Device  \Driver\Tcpip \Device\Ip                                                                                                                       GDTdiIcpt.sys (G DATA Software AG)

Device  \Driver\Tcpip \Device\Tcp                                                                                                                      GDTdiIcpt.sys (G DATA Software AG)

Device  \Driver\prodrv06 \Device\ProDrv06                                                                                                              E2584C30

Device  \Driver\prohlp02 \Device\ProHlp02                                                                                                              E1022F10

Device  \Driver\nvata \Device\00000094                                                                                                                 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\nvata \Device\00000095                                                                                                                 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\Tcpip \Device\Udp                                                                                                                      GDTdiIcpt.sys (G DATA Software AG)

Device  \Driver\Tcpip \Device\RawIp                                                                                                                    GDTdiIcpt.sys (G DATA Software AG)

Device  \Driver\nvata \Device\NvAta0                                                                                                                   prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\nvata \Device\NvAta1                                                                                                                   prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\Tcpip \Device\IPMULTICAST                                                                                                              GDTdiIcpt.sys (G DATA Software AG)

Device  \Driver\nvata \Device\NvAta2                                                                                                                   prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
 

---- Registry - GMER 1.0.15 ----
 

Reg     HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000c7834874a (not active ControlSet)                                                

Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c7834874a                                                                    

Reg     HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000c7834874a (not active ControlSet)                                                

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{517E7E82-A9E9-B74C-6D5F-97A70127138B}                                

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{517E7E82-A9E9-B74C-6D5F-97A70127138B}@iaoahlfjbgcfaphfbp             0x6B 0x61 0x70 0x66 ...

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{517E7E82-A9E9-B74C-6D5F-97A70127138B}@haeabbimfjbdhkdn               0x6B 0x61 0x70 0x66 ...

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C501D09-5560-6028-1DAA-2C5EA6397D76}                                

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C501D09-5560-6028-1DAA-2C5EA6397D76}@iapolobemnhjlpkgba             0x69 0x61 0x6F 0x6A ...

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C501D09-5560-6028-1DAA-2C5EA6397D76}@hafnjbkbcadekabo               0x69 0x61 0x6F 0x6A ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

nikos7

05.06.2010 19:54

OTL:

FOTL Logfile:

Code:

OTL logfile created on: 05.06.2010 20:24:29 - Run 2

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 12,57 Gb Free Space | 8,43% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.06.05 11:59:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2010.01.08 02:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Programme\Search Settings\SearchSettings.exe

PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe

PRC - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe

PRC - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe

PRC - [2009.09.24 11:50:58 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2009.09.18 16:49:10 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe

PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.12 16:13:26 | 001,527,808 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe

PRC - [2007.04.16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe

PRC - [2005.12.09 16:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

PRC - [2004.01.08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.06.05 11:59:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

MOD - [2008.04.14 04:22:18 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

MOD - [2005.12.09 16:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll

MOD - [2004.01.08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL

MOD - [2004.01.08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\LgWndHk.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007.10.18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006.11.17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005.08.02 15:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.03.06 17:07:05 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2010.03.06 17:00:41 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2010.03.06 16:49:01 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2010.03.06 16:48:47 | 000,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2010.03.06 16:47:59 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2010.03.06 16:47:59 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2009.08.16 18:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2009.02.09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009.02.09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009.02.09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009.02.09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sleen16.sys -- (SLEE_16_DRIVER)

DRV - [2008.09.24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.06.03 21:37:45 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2007.05.23 04:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.05.23 04:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.04.23 15:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)

DRV - [2007.03.15 21:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - [2006.11.21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.11.20 07:57:00 | 000,283,776 | R--- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)

DRV - [2006.10.17 19:07:32 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Ultra.dll -- (ultra)

DRV - [2006.09.18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006.09.18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.04.28 17:27:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006.04.28 17:26:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006.04.28 17:24:06 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006.04.28 17:24:00 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006.04.10 20:21:28 | 000,236,981 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WINDRVR.SYS -- (WinDriver)

DRV - [2005.12.09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)

DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)

DRV - [2005.12.09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)

DRV - [2005.12.06 05:27:29 | 000,287,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2005.12.06 05:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005.11.05 13:44:59 | 000,036,352 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\extradrv.sys -- (extradrv)

DRV - [2005.11.05 13:44:58 | 000,005,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ramdrive.sys -- (ramdrive)

DRV - [2005.09.15 04:58:30 | 001,339,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)

DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)

DRV - [2005.08.18 18:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2005.08.02 15:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2005.06.30 09:27:46 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005.06.30 09:27:44 | 000,033,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005.03.09 15:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004.11.07 21:36:46 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2004.11.07 21:36:38 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2004.11.07 21:33:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2004.09.03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004.09.03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)

DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003.07.11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:T_PAG

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: ""

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.30 20:42:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.16 11:43:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 22:05:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.04 21:18:14 | 000,000,000 | ---D | M]

 

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com

[2010.05.31 19:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions

[2010.04.27 23:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.24 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}

[2009.12.13 17:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.12.04 17:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com

[2009.10.11 00:42:00 | 000,002,171 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\bing.xml

[2008.03.18 21:41:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-1.xml

[2009.03.24 19:26:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-10.xml

[2009.04.05 11:53:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-11.xml

[2009.04.26 15:38:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-12.xml

[2009.05.01 15:32:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-13.xml

[2009.06.16 21:40:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-14.xml

[2009.07.11 20:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-15.xml

[2009.07.27 19:28:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-16.xml

[2009.08.11 19:52:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-17.xml

[2009.09.02 19:38:40 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-18.xml

[2009.09.19 15:21:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-19.xml

[2008.04.02 20:32:49 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-2.xml

[2009.12.10 18:42:12 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-20.xml

[2009.12.28 21:35:05 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-21.xml

[2010.01.04 23:09:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-22.xml

[2010.01.24 16:46:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-23.xml

[2010.02.19 17:43:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-24.xml

[2010.03.07 11:52:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-25.xml

[2010.04.02 22:06:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-26.xml

[2008.06.10 23:50:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-3.xml

[2008.07.11 21:18:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-4.xml

[2008.08.06 21:56:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-5.xml

[2008.10.07 19:14:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-6.xml

[2008.11.15 22:35:13 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-7.xml

[2009.03.16 10:09:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-8.xml

[2009.03.19 17:29:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-9.xml

[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.gif

[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.src

[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.xml

[2008.08.16 12:21:39 | 000,000,277 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\search.xml

[2010.05.31 19:36:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.02.02 20:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.04.24 09:02:59 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll

[2010.03.06 23:32:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.06 23:32:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.06 23:32:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.06 23:32:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.06 23:32:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.05.08 12:09:17 | 000,394,777 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1    update.bitdefender.com

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.123topsearch.com

O1 - Hosts: 127.0.0.1        123topsearch.com

O1 - Hosts: 127.0.0.1        132???

O1 - Hosts: 127.0.0.1        132.com

O1 - Hosts: 127.0.0.1        toyota tundra diesel naruto game at 136136.net

O1 - Hosts: 127.0.0.1        136136.net

O1 - Hosts: 13599 more lines...

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Programme\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.06.05 21:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.06.05 18:52:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.06.05 11:59:12 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.04 18:24:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2010.06.02 20:15:52 | 000,000,000 | ---D | C] -- C:\rsit

[2010.05.30 16:22:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\VA-Eurovision Song Contest oslo (2010)

[2010.05.29 18:53:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.05.29 16:12:01 | 000,000,000 | ---D | C] -- C:\Programme\Registry Winner

[2010.05.23 14:25:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.05.23 14:20:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter

[2010.05.17 18:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\lowsec

[2010.05.16 00:52:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\san

[2010.05.04 20:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX

[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl

[2010.04.17 22:31:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote-Notizbücher

[2010.03.12 17:55:09 | 000,000,000 | ---D | C] -- C:\Saves

[2010.03.12 17:54:28 | 000,000,000 | ---D | C] -- C:\Programme\Datel

[2010.03.10 00:34:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2010.03.08 21:50:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\G DATA

[2010.03.08 19:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.06.05 20:21:31 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.05 20:21:26 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.06.05 20:21:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.05 20:21:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.05 20:21:16 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.05 20:20:14 | 022,020,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat

[2010.06.05 20:20:14 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini

[2010.06.05 20:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Registry Winner Schedule.job

[2010.06.05 18:53:02 | 000,466,010 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.05 18:53:02 | 000,446,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.05 18:53:02 | 000,087,300 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.05 18:53:02 | 000,073,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.05 18:53:01 | 001,088,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.05 18:52:25 | 000,099,967 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Schritt2.docx

[2010.06.05 18:35:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.06.05 11:59:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.04 17:15:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2010.06.03 22:42:06 | 000,188,928 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.03 20:46:17 | 730,435,584 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Donkey.Punch.German.2008.DVDRip.XviD_MiGHTY.avi

[2010.06.02 23:20:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.05.26 20:44:57 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe

[2010.05.25 20:44:39 | 000,000,881 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010.05.23 11:01:30 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2010.05.16 01:27:58 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.05.09 21:00:25 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\PUTTY.RND

[2010.05.08 12:09:17 | 000,394,777 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.05.08 00:40:14 | 000,311,296 | ---- | M] (Koyote Soft - Koyote Soft) -- C:\WINDOWS\System32\TubeFinder.exe

[2010.05.07 17:06:46 | 000,000,578 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk

[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl

[2010.03.29 23:30:37 | 000,035,706 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\sZEKPskqYsunR-pntbEgM8mAEoGqtkO0UmuvDA5S-9o.htm

[2010.03.29 23:30:21 | 000,029,673 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\M_XzJLs5-Tk3Jp-rlQew1IDJWfLBJxDoIMR6GPZxe9o.htm

[2010.03.08 19:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

 
 ========== Files Created - No Company Name ==========

 

[2010.06.05 18:52:24 | 000,099,967 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Schritt2.docx

[2010.06.03 20:23:20 | 730,435,584 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Donkey.Punch.German.2008.DVDRip.XviD_MiGHTY.avi

[2010.05.29 16:15:05 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\Registry Winner Schedule.job

[2010.05.16 01:27:58 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.03.29 23:30:37 | 000,035,706 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\sZEKPskqYsunR-pntbEgM8mAEoGqtkO0UmuvDA5S-9o.htm

[2010.03.29 23:30:21 | 000,029,673 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\M_XzJLs5-Tk3Jp-rlQew1IDJWfLBJxDoIMR6GPZxe9o.htm

[2010.02.05 22:04:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.02.05 22:04:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.02.05 22:04:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.02.05 22:04:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010.02.05 22:04:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.12.04 19:53:10 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.11.03 23:15:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2009.11.03 15:19:07 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2009.11.03 15:19:02 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2009.10.19 20:35:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI

[2009.10.17 15:20:00 | 000,000,111 | ---- | C] () -- C:\WINDOWS\installation.ini

[2009.10.17 15:18:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.10.17 15:02:56 | 000,001,376 | ---- | C] () -- C:\WINDOWS\System32\wstcode16a.dll

[2009.10.11 13:18:27 | 000,093,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys

[2009.09.04 12:25:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.08.09 15:43:35 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll

[2009.08.09 15:37:07 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009.04.16 13:24:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2009.04.16 13:24:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2009.04.16 13:24:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2009.04.16 13:24:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll

[2009.01.11 22:07:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2008.12.07 15:22:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI

[2008.10.29 20:40:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008.07.29 20:57:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2008.02.08 19:16:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008.01.09 22:43:15 | 000,000,881 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007.07.17 18:22:55 | 000,000,990 | ---- | C] () -- C:\WINDOWS\AZPR3.INI

[2007.07.13 22:37:39 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll

[2007.07.06 17:59:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007.06.07 21:45:13 | 000,171,520 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

[2007.05.31 20:34:14 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll

[2007.05.22 17:05:13 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll

[2007.04.23 20:53:25 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll

[2006.12.26 20:42:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2006.12.25 15:45:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2006.12.13 20:52:25 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006.12.13 20:52:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006.11.28 22:29:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\rnplf19.dll

[2006.11.28 22:22:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll

[2006.11.27 21:58:19 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys

[2006.11.19 19:29:36 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI

[2006.11.17 22:04:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI

[2006.10.27 19:19:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll

[2006.10.27 19:19:35 | 000,000,327 | ---- | C] () -- C:\WINDOWS\mpsettings.ini

[2006.10.18 21:25:40 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2006.10.17 19:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll

[2006.10.12 22:19:27 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2006.10.12 22:19:27 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2006.10.12 22:19:27 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2006.10.08 20:08:01 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscanx.dll

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoclear.dll

[2006.09.24 20:20:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.09.24 20:20:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.09.24 20:20:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.09.24 20:20:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.09.24 20:20:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.09.24 20:20:05 | 000,540,672 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.08.02 22:01:50 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2006.08.02 22:01:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2006.08.02 18:42:28 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

[2006.08.02 18:42:28 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL

[2006.07.31 19:57:22 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll

[2006.07.27 20:02:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xtrapntx7.dll

[2006.06.23 18:58:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini

[2006.06.23 18:57:08 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\bn.dll

[2006.06.10 13:05:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006.05.12 18:49:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006.05.02 18:38:58 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys

[2006.04.24 19:17:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006.04.14 13:23:42 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll

[2006.04.14 13:23:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll

[2006.03.19 18:49:55 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini

[2006.03.17 20:37:07 | 000,000,938 | ---- | C] () -- C:\WINDOWS\psmplay.ini

[2006.03.17 17:23:35 | 000,000,342 | ---- | C] () -- C:\WINDOWS\MP3trt.ini

[2006.03.13 19:50:16 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll

[2005.12.09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys

[2005.12.09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys

[2005.12.09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005.12.05 18:47:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.12.05 18:13:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005.12.05 18:13:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005.12.05 18:13:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005.12.05 18:13:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005.12.05 18:09:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.12.05 18:07:01 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2005.12.05 17:58:49 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005.12.05 17:32:27 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.12.05 17:27:16 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005.12.05 10:16:54 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2005.12.05 10:13:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2005.11.05 13:44:59 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\extradrv.sys

[2005.11.05 13:44:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramdrive.sys

[2005.08.02 15:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2000.07.22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

 
 ========== LOP Check ==========

 

[2009.10.03 12:49:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth

[2009.08.08 18:33:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CCTV

[2008.02.26 21:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes

[2007.08.15 19:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations

[2008.03.20 00:08:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eboostr

[2010.03.06 16:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

[2010.02.02 20:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.05.16 11:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2009.10.20 18:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2008.02.28 18:15:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier

[2006.03.22 17:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!

[2009.05.16 11:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2006.10.19 19:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2006.03.13 21:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap

[2008.01.28 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan

[2008.12.13 17:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2006.06.25 14:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2006.10.23 19:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint

[2009.12.29 20:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk

[2007.06.28 21:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2007.06.08 12:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Abolimba Multibrowser

[2006.04.24 19:24:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\acccore

[2008.04.03 20:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ASCOMP Software

[2006.10.25 20:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azureus

[2008.10.17 22:03:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BonkEnc

[2010.06.05 18:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur

[2009.08.08 18:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CCTV

[2009.01.18 02:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\concept design

[2007.06.06 19:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberMotion 3D-Designer

[2008.02.15 16:37:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DassaultSystemes

[2007.05.22 17:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DataCast

[2008.10.17 21:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dBpoweramp

[2006.04.16 18:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DeepBurner

[2006.07.31 20:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DogLocksDupe

[2010.05.23 14:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.05.31 21:29:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ehuk

[2009.08.08 19:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Eltima Software

[2008.03.27 20:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ethereal

[2009.05.09 11:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FinalBurner Video DVD

[2006.06.30 21:24:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ford Street Racing

[2010.05.23 14:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter

[2008.02.05 22:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GetRightToGo

[2007.06.14 14:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GlarySoft

[2010.06.05 13:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2007.06.05 10:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar

[2006.03.13 20:38:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite

[2007.04.08 20:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IE7pro

[2008.05.16 20:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InfraRecorder

[2006.04.16 18:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2008.01.26 02:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\KRyLack Password Recovery

[2007.04.21 18:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2009.10.17 15:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX

[2009.11.07 18:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Moyea

[2009.05.16 11:51:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia

[2009.06.27 21:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2007.06.08 22:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera

[2007.09.09 20:06:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OTVREG

[2009.05.16 11:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite

[2007.04.06 23:32:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Pointstone

[2006.10.18 18:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PPLive

[2007.03.06 22:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ppstream

[2007.10.19 22:01:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ringtone

[2008.01.13 22:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung

[2010.01.24 16:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2006.11.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software

[2008.04.15 21:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Smart PC Solutions

[2009.04.01 00:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Songbird2

[2006.06.14 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SpamTest

[2009.05.04 20:15:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StarOffice8

[2009.08.09 15:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steganos

[2010.02.14 13:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\streamripper

[2010.01.13 20:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StreamTorrent

[2009.05.16 00:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca

[2006.03.13 20:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template

[2007.07.13 22:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrojanHunter

[2006.06.25 14:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2009.09.03 22:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue

[2007.04.06 23:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent

[2010.02.27 21:28:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vso

[2006.11.09 10:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VSO_HWE

[2010.06.04 17:15:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2009.10.17 12:41:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job

[2010.06.05 20:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Winner Schedule.job

[2007.04.07 14:54:13 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpy.job

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

Larusso

06.06.2010 17:09

Zitat:

Zitat von Larusso

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

* Bitte arbeite alle Schritte der Reihe nach ab.
* Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
* Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
* Bitte kein Crossposting ( posten in mehreren Foren).
* Bitte keine Code Tags.

Danke.

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:[indent]Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

nikos7

07.06.2010 19:40

Hier nun der Bericht von combofix:

Combofix Logfile:

Code:

ComboFix 10-06-07.01 - *** 07.06.2010  20:13:35.1.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1531 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe

AV: G Data InternetSecurity 2010 *On-access scanning disabled* (Outdated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}

FW: G Data Personal Firewall *disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\***\Anwendungsdaten\inst.exe

c:\programme\Error Repair Professional

c:\programme\Error Repair Professional\Backups\Backup_20-5-3_5-10-2007.reg

c:\programme\Search Settings

c:\programme\Search Settings\FF\chrome.manifest

c:\programme\Search Settings\FF\chrome\content\plugin.js

c:\programme\Search Settings\FF\chrome\content\plugin.xul

c:\programme\Search Settings\FF\chrome\content\protection.js

c:\programme\Search Settings\FF\chrome\content\utils.js

c:\programme\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd

c:\programme\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties

c:\programme\Search Settings\FF\components\IFBHOSearch.xpt

c:\programme\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt

c:\programme\Search Settings\FF\components\IFHelperPreferences.xpt

c:\programme\Search Settings\FF\components\SearchSettingsFF.dll

c:\programme\Search Settings\FF\install.rdf

c:\programme\Search Settings\SearchSettings.dll

c:\programme\Search Settings\SearchSettings.exe

c:\programme\Search Settings\SearchSettingsRes409.dll

c:\programme\UNWISE.EXE

c:\programme\WinPCap

c:\programme\WinPCap\daemon_mgm.exe

c:\programme\WinPCap\INSTALL.LOG

c:\programme\WinPCap\NetMonInstaller.exe

c:\programme\WinPCap\npf_mgm.exe

c:\programme\WinPCap\rpcapd.exe

c:\programme\WinPCap\Uninstall.exe

c:\windows\regedit.com

c:\windows\system32\drivers\npf.sys

c:\windows\system32\lowsec

c:\windows\system32\muzapp.exe

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\system

c:\windows\system32\taskmgr.com

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_NPF

-------\Service_NPF

-------\Service_WinDriver
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-05-07 bis 2010-06-07  ))))))))))))))))))))))))))))))

.
 

2010-06-05 16:52 . 2010-06-05 16:52        --------        d-----w-        C:\_OTL

2010-06-02 18:15 . 2010-06-02 18:16        --------        d-----w-        C:\rsit

2010-05-29 14:12 . 2010-05-29 17:43        --------        d-----w-        c:\programme\Registry Winner

2010-05-23 12:25 . 2010-05-23 12:25        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

2010-05-23 12:20 . 2010-05-23 12:20        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\FreeFLVConverter
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-07 18:04 . 2010-02-05 20:06        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Media Player Classic

2010-06-07 18:02 . 2009-10-21 17:41        --------        d-----w-        c:\programme\CCleaner

2010-06-05 22:11 . 2007-04-26 16:26        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ICQ

2010-06-05 16:53 . 2005-12-05 08:08        87300        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-05 16:53 . 2005-12-05 08:08        466010        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-05 16:52 . 2009-09-21 14:54        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Buahur

2010-06-03 18:23 . 2009-12-28 19:33        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\vlc

2010-06-02 18:16 . 2006-10-01 11:10        --------        d-----w-        c:\programme\Trend Micro

2010-05-31 19:29 . 2008-04-11 07:34        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Ehuk

2010-05-31 17:47 . 2006-10-20 19:43        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Skype

2010-05-30 13:12 . 2005-12-05 16:06        --------        d-----w-        c:\programme\Yahoo!

2010-05-30 13:12 . 2008-07-20 19:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo!

2010-05-29 23:00 . 2009-08-30 11:59        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft

2010-05-26 18:44 . 2004-08-04 12:00        24064        ----a-w-        c:\windows\system32\ctfmon.exe

2010-05-26 18:38 . 2006-06-16 19:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-05-24 11:46 . 2010-01-01 19:51        --------        d-----w-        c:\programme\JDownloader

2010-05-23 12:20 . 2009-08-08 17:38        --------        d-----w-        c:\programme\Free FLV Converter

2010-05-15 23:27 . 2010-05-15 23:27        4        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ofubwi.dat

2010-05-13 00:18 . 2009-06-27 17:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help

2010-05-09 09:30 . 2008-02-22 11:24        --------        d-----w-        c:\programme\Zattoo

2010-05-07 22:40 . 2009-08-08 17:38        311296        ----a-w-        c:\windows\system32\TubeFinder.exe

2010-05-07 15:06 . 2007-06-08 20:34        --------        d-----w-        c:\programme\Opera

2010-05-04 19:22 . 2006-10-15 17:45        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DivX

2010-05-04 19:18 . 2010-05-04 19:18        57344        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-04 19:18 . 2010-05-04 18:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX

2010-05-04 19:18 . 2006-04-27 18:04        --------        d-----w-        c:\programme\DivX

2010-05-04 19:18 . 2010-05-04 19:18        56978        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe

2010-05-04 19:18 . 2010-05-04 19:18        56766        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-04 19:18 . 2010-05-04 19:18        57679        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe

2010-05-04 19:18 . 2010-05-04 19:18        53600        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe

2010-05-04 19:17 . 2010-05-04 19:17        84040        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        57054        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSDesktopComponents\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54166        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        57532        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSASPDecoder\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        56458        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54174        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAACDecoder\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54153        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54128        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54629        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54101        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        57409        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        52963        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-05-04 19:15 . 2010-05-04 19:15        54073        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe

2010-05-04 19:15 . 2010-05-04 19:15        56969        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ASPEncoder\Uninstaller.exe

2010-05-04 19:15 . 2009-04-04 22:56        --------        d-----w-        c:\programme\Gemeinsame Dateien\DivX Shared

2010-05-04 18:43 . 2010-05-04 18:43        144696        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-04 18:43 . 2010-05-04 19:18        754984        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll

2010-05-04 18:39 . 2010-05-04 19:18        1180952        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe

2010-04-21 19:25 . 2010-02-02 18:48        --------        d-----w-        c:\programme\ICQ7.0

2010-03-31 01:58 . 2008-07-18 19:39        133616        -c----w-        c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2006-04-27 18:04        125424        -c----w-        c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2006-04-27 18:04        123888        -c----w-        c:\windows\system32\pxcpyi64.exe

2010-03-31 01:58 . 2006-03-19 14:04        44944        -c----w-        c:\windows\system32\drivers\PxHelp20.sys

2010-03-10 06:15 . 2004-08-04 12:00        420352        -c--a-w-        c:\windows\system32\vbscript.dll

2010-03-09 22:34 . 2010-03-09 22:34        503808        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40a27cab-n\msvcp71.dll

2010-03-09 22:34 . 2010-03-09 22:34        348160        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40a27cab-n\msvcr71.dll

2010-03-09 22:34 . 2010-03-09 22:34        499712        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40a27cab-n\jmc.dll

2010-03-09 22:34 . 2010-03-09 22:34        61440        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72ff53fb-n\decora-sse.dll

2010-03-09 22:34 . 2010-03-09 22:34        12800        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72ff53fb-n\decora-d3d.dll

2010-03-09 22:34 . 2008-12-12 20:52        411368        -c--a-w-        c:\windows\system32\deploytk.dll

2010-03-09 22:32 . 2010-03-09 22:32        79488        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_18\gtapi.dll

2010-03-09 22:32 . 2010-03-09 22:32        152576        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_18\lzma.dll

2009-06-01 20:49 . 2009-06-01 20:49        29        -c--a-w-        c:\programme\hdtv.sys

2009-06-01 20:48 . 2009-06-01 20:48        23        -c--a-w-        c:\programme\hfkud16.sys

2008-07-12 14:26 . 2008-07-12 14:26        774144        -c--a-w-        c:\programme\RngInterstitial.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        -c--a-w-        c:\programme\opera\program\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        -c--a-w-        c:\programme\opera\program\plugins\ssldivx.dll

.
 

------- Sigcheck -------
 

[-] 2010-05-26 18:44 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2010-05-26 18:44 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe

[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-05-27 413696]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"GDFirewallTray"="c:\programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]

"G DATA AntiVirus Trayapplication"="c:\programme\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-05-26 24064]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuSubFolders"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoPrinters"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoChangeAnimation"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           \0
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk

backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17        952768        -c--a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-02 18:05        40368        -c--a-w-        c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46        1135912        -c--a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44        31072        -c--a-w-        c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 08:50        19968        -c--a-w-        c:\windows\LOGI_MWX.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2005-12-07 08:26        489472        -c--a-w-        c:\programme\Logitech\Video\CameraAssistant.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 10:43        248040        -c--a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Messenger\\Msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\StreamerOne\\streamerone.exe"=

"c:\\Programme\\SopCast\\SopCast.exe"=

"c:\\Programme\\Opera\\Opera.exe"=

"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programme\\Avant Browser\\avant.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Programme\\Zattoo\\Zattoo2.exe"=

"c:\\KAV\\kis7.0\\german\\setup.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Programme\\DAP Premium\\DAP.exe"=

"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\ICQ7.0\\ICQ.exe"=

"c:\\Programme\\ICQ7.0\\aolload.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:TCP"= 4672:TCP:ppLive

"6492:UDP"= 6492:UDP:ppLive
 

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [06.03.2010 16:47 28616]

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [06.03.2010 16:47 22528]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [06.03.2010 17:07 68976]

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11.07.2003 15:22 14912]

R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\sleen16.sys [01.10.2008 15:24 79104]

R2 AVKProxy;G DATA AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [22.09.2009 16:28 1128008]

R2 AVKService;G Data Scheduler;c:\programme\G Data\InternetSecurity\AVK\AVKService.exe [08.08.2009 13:33 397896]

R2 AVKWCtl;G Data Dateisystem Wächter;c:\programme\G Data\InternetSecurity\AVK\AVKWCtl.exe [23.09.2009 15:01 1251488]

R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [05.11.2005 13:44 36352]

R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [06.03.2010 16:47 51784]

R3 GDFwSvc;G Data Personal Firewall;c:\programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe [21.09.2009 02:55 1547104]

R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [06.03.2010 16:49 55624]

R3 GDScan;G Data Scanner;c:\programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [27.07.2009 04:03 302152]

R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [06.03.2010 16:48 34632]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23.04.2007 15:11 224896]

S2 ramdrive;RAM Driver;c:\windows\system32\drivers\ramdrive.sys [05.11.2005 13:44 5632]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07.04.2006 17:57 16512]

S3 PavSRK.sys;PavSRK.sys; [x]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 14:20 12648]

S4 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
 

2009-10-17 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-25 10:49]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title = 

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Deutschland

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - component: c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll

FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLC\npvlc.dll

FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\programme\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SearchSettings - c:\programme\Search Settings\SearchSettings.exe

MSConfigStartUp-ClipIncSrvTray - e:\tobit clipinc\Player\ClipIncTray.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\programme\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideoRepair - c:\programme\Logitech\Video\ISStart.exe

MSConfigStartUp-LogitechVideoTray - c:\programme\Logitech\Video\LogiTray.exe

AddRemove-WinPcapInst - c:\programme\WinPcap\Uninstall.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-07 20:23

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)
 

[HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{517E7E82-A9E9-B74C-6D5F-97A70127138B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaoahlfjbgcfaphfbp"=hex:6b,61,70,66,64,63,70,65,6e,61,68,6a,6b,6a,61,68,6a,61,

   67,64,64,63,00,00

"haeabbimfjbdhkdn"=hex:6b,61,70,66,64,63,70,65,6e,61,68,6a,6b,6a,61,68,6a,61,

   67,64,64,63,00,00
 

[HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C501D09-5560-6028-1DAA-2C5EA6397D76}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iapolobemnhjlpkgba"=hex:69,61,6f,6a,6d,6e,6c,66,6e,6e,63,6c,6c,70,62,65,68,6b,

   00,00

"hafnjbkbcadekabo"=hex:69,61,6f,6a,6d,6e,6c,66,6e,6e,63,6c,6c,70,62,65,68,6b,

   00,00

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1068)

c:\windows\system32\Ati2evxx.dll
 

- - - - - - - > 'explorer.exe'(7224)

c:\programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll

c:\programme\Logitech\MouseWare\System\LgWndHk.dll

c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\SOUNDMAN.EXE

c:\programme\Logitech\MouseWare\system\em_exec.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-06-07  20:32:29 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-07 18:32
 

Vor Suchlauf: 48 Verzeichnis(se), 12.127.318.016 Bytes frei

Nach Suchlauf: 51 Verzeichnis(se), 11.846.692.864 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 

- - End Of File - - 27555BC4C5E46D4E8D8FDC9D46C7A8EC

--- --- ---

Larusso

08.06.2010 15:04

WinPcap selbst installiert ?

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.

Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
Danach wieder anstellen nicht vergessen!
Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.

Anwendung

Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:

Code:

Driver:: PavSRK.sys RegNull:: [HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{517E7E82-A9E9-B74C-6D5F-97A70127138B}*] [HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C501D09-5560-6028-1DAA-2C5EA6397D76}*]
Speichere dies als CFScript.txt auf Deinem Desktop
.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
.
In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

nikos7

08.06.2010 19:44

WinPcap? kann mich nicht erinnern das installiert zu haben.

Combofix Logfile:

Code:

ComboFix 10-06-07.04 - *** 08.06.2010  19:47:42.2.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1558 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt

AV: G Data InternetSecurity 2010 *On-access scanning disabled* (Outdated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}

FW: G Data Personal Firewall *disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_PAVSRK.SYS

-------\Service_PavSRK.sys
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-05-08 bis 2010-06-08  ))))))))))))))))))))))))))))))

.
 

2010-06-05 16:52 . 2010-06-05 16:52        --------        d-----w-        C:\_OTL

2010-06-02 18:15 . 2010-06-02 18:16        --------        d-----w-        C:\rsit

2010-05-29 14:12 . 2010-05-29 17:43        --------        d-----w-        c:\programme\Registry Winner

2010-05-23 12:25 . 2010-05-23 12:25        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

2010-05-23 12:20 . 2010-05-23 12:20        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\FreeFLVConverter
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-07 21:07 . 2010-02-05 20:06        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Media Player Classic

2010-06-07 18:02 . 2009-10-21 17:41        --------        d-----w-        c:\programme\CCleaner

2010-06-05 22:11 . 2007-04-26 16:26        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ICQ

2010-06-05 16:53 . 2005-12-05 08:08        87300        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-05 16:53 . 2005-12-05 08:08        466010        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-05 16:52 . 2009-09-21 14:54        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Buahur

2010-06-03 18:23 . 2009-12-28 19:33        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\vlc

2010-06-02 18:16 . 2006-10-01 11:10        --------        d-----w-        c:\programme\Trend Micro

2010-05-31 19:29 . 2008-04-11 07:34        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Ehuk

2010-05-31 17:47 . 2006-10-20 19:43        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Skype

2010-05-30 13:12 . 2005-12-05 16:06        --------        d-----w-        c:\programme\Yahoo!

2010-05-30 13:12 . 2008-07-20 19:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo!

2010-05-29 23:00 . 2009-08-30 11:59        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft

2010-05-26 18:44 . 2004-08-04 12:00        24064        ----a-w-        c:\windows\system32\ctfmon.exe

2010-05-26 18:38 . 2006-06-16 19:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-05-24 11:46 . 2010-01-01 19:51        --------        d-----w-        c:\programme\JDownloader

2010-05-23 12:20 . 2009-08-08 17:38        --------        d-----w-        c:\programme\Free FLV Converter

2010-05-15 23:27 . 2010-05-15 23:27        4        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ofubwi.dat

2010-05-13 00:18 . 2009-06-27 17:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help

2010-05-09 09:30 . 2008-02-22 11:24        --------        d-----w-        c:\programme\Zattoo

2010-05-07 22:40 . 2009-08-08 17:38        311296        ----a-w-        c:\windows\system32\TubeFinder.exe

2010-05-07 15:06 . 2007-06-08 20:34        --------        d-----w-        c:\programme\Opera

2010-05-04 19:22 . 2006-10-15 17:45        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DivX

2010-05-04 19:18 . 2010-05-04 19:18        57344        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-04 19:18 . 2010-05-04 18:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX

2010-05-04 19:18 . 2006-04-27 18:04        --------        d-----w-        c:\programme\DivX

2010-05-04 19:18 . 2010-05-04 19:18        56978        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe

2010-05-04 19:18 . 2010-05-04 19:18        56766        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-04 19:18 . 2010-05-04 19:18        57679        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe

2010-05-04 19:18 . 2010-05-04 19:18        53600        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe

2010-05-04 19:17 . 2010-05-04 19:17        84040        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        57054        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSDesktopComponents\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54166        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        57532        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSASPDecoder\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        56458        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54174        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAACDecoder\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54153        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54128        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54629        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        54101        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        57409        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe

2010-05-04 19:16 . 2010-05-04 19:16        52963        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-05-04 19:15 . 2010-05-04 19:15        54073        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe

2010-05-04 19:15 . 2010-05-04 19:15        56969        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ASPEncoder\Uninstaller.exe

2010-05-04 19:15 . 2009-04-04 22:56        --------        d-----w-        c:\programme\Gemeinsame Dateien\DivX Shared

2010-05-04 18:43 . 2010-05-04 18:43        144696        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-04 18:43 . 2010-05-04 19:18        754984        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll

2010-05-04 18:39 . 2010-05-04 19:18        1180952        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe

2010-04-21 19:25 . 2010-02-02 18:48        --------        d-----w-        c:\programme\ICQ7.0

2010-03-31 01:58 . 2008-07-18 19:39        133616        -c----w-        c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2006-04-27 18:04        125424        -c----w-        c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2006-04-27 18:04        123888        -c----w-        c:\windows\system32\pxcpyi64.exe

2010-03-31 01:58 . 2006-03-19 14:04        44944        -c----w-        c:\windows\system32\drivers\PxHelp20.sys

2009-06-01 20:49 . 2009-06-01 20:49        29        -c--a-w-        c:\programme\hdtv.sys

2009-06-01 20:48 . 2009-06-01 20:48        23        -c--a-w-        c:\programme\hfkud16.sys

2008-07-12 14:26 . 2008-07-12 14:26        774144        -c--a-w-        c:\programme\RngInterstitial.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        -c--a-w-        c:\programme\opera\program\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        -c--a-w-        c:\programme\opera\program\plugins\ssldivx.dll

.
 

------- Sigcheck -------
 

[-] 2010-05-26 18:44 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2010-05-26 18:44 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe

[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-05-27 413696]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"GDFirewallTray"="c:\programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]

"G DATA AntiVirus Trayapplication"="c:\programme\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-05-26 24064]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuSubFolders"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoPrinters"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoChangeAnimation"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           \0
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk

backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17        952768        -c--a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-02 18:05        40368        -c--a-w-        c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46        1135912        -c--a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44        31072        -c--a-w-        c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 08:50        19968        -c--a-w-        c:\windows\LOGI_MWX.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2005-12-07 08:26        489472        -c--a-w-        c:\programme\Logitech\Video\CameraAssistant.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 10:43        248040        -c--a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Messenger\\Msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\StreamerOne\\streamerone.exe"=

"c:\\Programme\\SopCast\\SopCast.exe"=

"c:\\Programme\\Opera\\Opera.exe"=

"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programme\\Avant Browser\\avant.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Programme\\Zattoo\\Zattoo2.exe"=

"c:\\KAV\\kis7.0\\german\\setup.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Programme\\DAP Premium\\DAP.exe"=

"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\ICQ7.0\\ICQ.exe"=

"c:\\Programme\\ICQ7.0\\aolload.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:TCP"= 4672:TCP:ppLive

"6492:UDP"= 6492:UDP:ppLive
 

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [06.03.2010 16:47 28616]

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [06.03.2010 16:47 22528]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [06.03.2010 17:07 68976]

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11.07.2003 15:22 14912]

R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\sleen16.sys [01.10.2008 15:24 79104]

R2 AVKProxy;G DATA AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [22.09.2009 16:28 1128008]

R2 AVKService;G Data Scheduler;c:\programme\G Data\InternetSecurity\AVK\AVKService.exe [08.08.2009 13:33 397896]

R2 AVKWCtl;G Data Dateisystem Wächter;c:\programme\G Data\InternetSecurity\AVK\AVKWCtl.exe [23.09.2009 15:01 1251488]

R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [05.11.2005 13:44 36352]

R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [06.03.2010 16:47 51784]

R3 GDFwSvc;G Data Personal Firewall;c:\programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe [21.09.2009 02:55 1547104]

R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [06.03.2010 16:49 55624]

R3 GDScan;G Data Scanner;c:\programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [27.07.2009 04:03 302152]

R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [06.03.2010 16:48 34632]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23.04.2007 15:11 224896]

S2 ramdrive;RAM Driver;c:\windows\system32\drivers\ramdrive.sys [05.11.2005 13:44 5632]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07.04.2006 17:57 16512]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 14:20 12648]

S4 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
 

2009-10-17 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-25 10:49]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title = 

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Deutschland

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - component: c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll

FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLC\npvlc.dll

FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\programme\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-08 19:58

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1064)

c:\windows\system32\Ati2evxx.dll
 

- - - - - - - > 'explorer.exe'(1556)

c:\programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll

c:\programme\Logitech\MouseWare\System\LgWndHk.dll

c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\SOUNDMAN.EXE

c:\programme\Logitech\MouseWare\system\em_exec.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-06-08  20:07:25 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-08 18:07

ComboFix2.txt  2010-06-07 18:32
 

Vor Suchlauf: 50 Verzeichnis(se), 12.211.769.344 Bytes frei

Nach Suchlauf: 51 Verzeichnis(se), 12.163.678.208 Bytes frei
 

- - End Of File - - D3C9F515B1067E1944BCCABE47C0BAEB

--- --- ---

nikos7

08.06.2010 19:45

OTL Logfile:

Code:

OTL logfile created on: 08.06.2010 20:10:54 - Run 3

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 11,36 Gb Free Space | 7,62% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.06.05 11:59:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe

PRC - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe

PRC - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe

PRC - [2009.09.24 11:50:58 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2009.09.18 16:49:10 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe

PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.12 16:13:26 | 001,527,808 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe

PRC - [2007.04.16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe

PRC - [2005.12.09 16:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

PRC - [2004.01.08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.06.05 11:59:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

MOD - [2008.04.14 04:22:18 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

MOD - [2005.12.09 16:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll

MOD - [2004.01.08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL

MOD - [2004.01.08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\LgWndHk.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007.10.18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006.11.17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)

DRV - [2010.03.06 17:07:05 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2010.03.06 17:00:41 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2010.03.06 16:49:01 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2010.03.06 16:48:47 | 000,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2010.03.06 16:47:59 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2010.03.06 16:47:59 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2009.08.16 18:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2009.02.09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009.02.09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009.02.09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009.02.09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sleen16.sys -- (SLEE_16_DRIVER)

DRV - [2008.09.24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.06.03 21:37:45 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2007.05.23 04:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.05.23 04:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.04.23 15:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)

DRV - [2007.03.15 21:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - [2006.11.21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.11.20 07:57:00 | 000,283,776 | R--- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)

DRV - [2006.10.17 19:07:32 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Ultra.dll -- (ultra)

DRV - [2006.09.18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006.09.18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.04.28 17:27:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006.04.28 17:26:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006.04.28 17:24:06 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006.04.28 17:24:00 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2005.12.09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)

DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)

DRV - [2005.12.09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)

DRV - [2005.12.06 05:27:29 | 000,287,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2005.12.06 05:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005.11.05 13:44:59 | 000,036,352 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\extradrv.sys -- (extradrv)

DRV - [2005.11.05 13:44:58 | 000,005,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ramdrive.sys -- (ramdrive)

DRV - [2005.09.15 04:58:30 | 001,339,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)

DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)

DRV - [2005.08.18 18:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2005.06.30 09:27:46 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005.06.30 09:27:44 | 000,033,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005.03.09 15:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004.11.07 21:36:46 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2004.11.07 21:36:38 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2004.11.07 21:33:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2004.09.03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004.09.03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)

DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003.07.11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: ""

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.30 20:42:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.16 11:43:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 22:05:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.04 21:18:14 | 000,000,000 | ---D | M]

 

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com

[2010.06.05 21:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions

[2010.04.27 23:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.24 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}

[2009.12.13 17:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.12.04 17:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com

[2009.10.11 00:42:00 | 000,002,171 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\bing.xml

[2008.03.18 21:41:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-1.xml

[2009.03.24 19:26:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-10.xml

[2009.04.05 11:53:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-11.xml

[2009.04.26 15:38:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-12.xml

[2009.05.01 15:32:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-13.xml

[2009.06.16 21:40:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-14.xml

[2009.07.11 20:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-15.xml

[2009.07.27 19:28:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-16.xml

[2009.08.11 19:52:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-17.xml

[2009.09.02 19:38:40 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-18.xml

[2009.09.19 15:21:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-19.xml

[2008.04.02 20:32:49 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-2.xml

[2009.12.10 18:42:12 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-20.xml

[2009.12.28 21:35:05 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-21.xml

[2010.01.04 23:09:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-22.xml

[2010.01.24 16:46:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-23.xml

[2010.02.19 17:43:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-24.xml

[2010.03.07 11:52:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-25.xml

[2010.04.02 22:06:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-26.xml

[2008.06.10 23:50:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-3.xml

[2008.07.11 21:18:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-4.xml

[2008.08.06 21:56:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-5.xml

[2008.10.07 19:14:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-6.xml

[2008.11.15 22:35:13 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-7.xml

[2009.03.16 10:09:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-8.xml

[2009.03.19 17:29:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-9.xml

[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.gif

[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.src

[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.xml

[2008.08.16 12:21:39 | 000,000,277 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\search.xml

[2010.06.07 20:41:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.02.02 20:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.04.24 09:02:59 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll

[2010.03.06 23:32:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.06 23:32:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.06 23:32:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.06 23:32:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.06 23:32:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.06.08 19:57:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Programme\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.06.05 21:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.06.07 20:11:35 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.06.07 20:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.06.07 20:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.06.07 20:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.06.07 20:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.06.07 20:07:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.06.07 20:07:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.07 20:04:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2010.06.07 00:39:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\7

[2010.06.05 18:52:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.06.05 11:59:12 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.02 20:15:52 | 000,000,000 | ---D | C] -- C:\rsit

[2010.05.30 16:22:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\VA-Eurovision Song Contest oslo (2010)

[2010.05.29 16:12:01 | 000,000,000 | ---D | C] -- C:\Programme\Registry Winner

[2010.05.23 14:25:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.05.23 14:20:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter

[2010.05.16 00:52:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\san

[2010.05.04 20:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX

[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl

[2010.04.17 22:31:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote-Notizbücher

[2010.03.12 17:55:09 | 000,000,000 | ---D | C] -- C:\Saves

[2010.03.12 17:54:28 | 000,000,000 | ---D | C] -- C:\Programme\Datel

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.06.08 19:58:56 | 000,000,244 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.06.08 19:58:01 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.06.08 19:57:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.06.08 19:57:07 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.08 19:56:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.08 19:56:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.08 19:56:43 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.08 19:55:26 | 022,020,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat

[2010.06.08 19:55:26 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini

[2010.06.08 19:40:30 | 003,704,374 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe

[2010.06.07 23:15:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.06.07 23:08:19 | 000,193,024 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.07 20:11:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.06.05 18:53:02 | 000,466,010 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.05 18:53:02 | 000,446,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.05 18:53:02 | 000,087,300 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.05 18:53:02 | 000,073,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.05 18:53:01 | 001,088,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.05 11:59:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.02 23:20:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.05.26 20:44:57 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe

[2010.05.25 20:44:39 | 000,000,881 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010.05.23 11:01:30 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2010.05.16 01:27:58 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.05.09 21:00:25 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\PUTTY.RND

[2010.05.08 00:40:14 | 000,311,296 | ---- | M] (Koyote Soft - Koyote Soft) -- C:\WINDOWS\System32\TubeFinder.exe

[2010.05.07 17:06:46 | 000,000,578 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk

[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl

[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010.03.29 23:30:37 | 000,035,706 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\sZEKPskqYsunR-pntbEgM8mAEoGqtkO0UmuvDA5S-9o.htm

[2010.03.29 23:30:21 | 000,029,673 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\M_XzJLs5-Tk3Jp-rlQew1IDJWfLBJxDoIMR6GPZxe9o.htm

 
 ========== Files Created - No Company Name ==========

 

[2010.06.08 19:40:02 | 003,704,374 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe

[2010.06.07 20:11:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.06.07 20:11:35 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.06.07 20:08:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.06.07 20:08:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.06.07 20:08:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.06.07 20:08:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.06.07 20:08:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.05.16 01:27:58 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.03.29 23:30:37 | 000,035,706 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\sZEKPskqYsunR-pntbEgM8mAEoGqtkO0UmuvDA5S-9o.htm

[2010.03.29 23:30:21 | 000,029,673 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\M_XzJLs5-Tk3Jp-rlQew1IDJWfLBJxDoIMR6GPZxe9o.htm

[2010.02.05 22:04:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.02.05 22:04:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.02.05 22:04:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.02.05 22:04:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010.02.05 22:04:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.12.04 19:53:10 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.11.03 23:15:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2009.11.03 15:19:07 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2009.11.03 15:19:02 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2009.10.19 20:35:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI

[2009.10.17 15:20:00 | 000,000,111 | ---- | C] () -- C:\WINDOWS\installation.ini

[2009.10.17 15:18:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.10.17 15:02:56 | 000,001,376 | ---- | C] () -- C:\WINDOWS\System32\wstcode16a.dll

[2009.10.11 13:18:27 | 000,093,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys

[2009.09.04 12:25:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.08.09 15:43:35 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll

[2009.08.09 15:37:07 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009.04.16 13:24:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2009.04.16 13:24:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2009.04.16 13:24:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2009.04.16 13:24:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll

[2009.01.11 22:07:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2008.12.07 15:22:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI

[2008.10.29 20:40:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008.07.29 20:57:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2008.02.08 19:16:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008.01.09 22:43:15 | 000,000,881 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007.07.17 18:22:55 | 000,000,990 | ---- | C] () -- C:\WINDOWS\AZPR3.INI

[2007.07.13 22:37:39 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll

[2007.07.06 17:59:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007.06.07 21:45:13 | 000,171,520 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

[2007.05.31 20:34:14 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll

[2007.05.22 17:05:13 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll

[2007.04.23 20:53:25 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll

[2006.12.26 20:42:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2006.12.25 15:45:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2006.12.13 20:52:25 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006.12.13 20:52:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006.11.28 22:29:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\rnplf19.dll

[2006.11.28 22:22:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll

[2006.11.27 21:58:19 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys

[2006.11.19 19:29:36 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI

[2006.11.17 22:04:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI

[2006.10.27 19:19:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll

[2006.10.27 19:19:35 | 000,000,327 | ---- | C] () -- C:\WINDOWS\mpsettings.ini

[2006.10.18 21:25:40 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2006.10.17 19:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll

[2006.10.12 22:19:27 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2006.10.12 22:19:27 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2006.10.12 22:19:27 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2006.10.08 20:08:01 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscanx.dll

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoclear.dll

[2006.09.24 20:20:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.09.24 20:20:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.09.24 20:20:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.09.24 20:20:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.09.24 20:20:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.09.24 20:20:05 | 000,540,672 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.08.02 22:01:50 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2006.08.02 22:01:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2006.08.02 18:42:28 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

[2006.08.02 18:42:28 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL

[2006.07.31 19:57:22 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll

[2006.07.27 20:02:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xtrapntx7.dll

[2006.06.23 18:58:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini

[2006.06.23 18:57:08 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\bn.dll

[2006.06.10 13:05:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006.05.12 18:49:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006.05.02 18:38:58 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys

[2006.04.24 19:17:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006.04.14 13:23:42 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll

[2006.04.14 13:23:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll

[2006.03.19 18:49:55 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini

[2006.03.17 20:37:07 | 000,000,938 | ---- | C] () -- C:\WINDOWS\psmplay.ini

[2006.03.17 17:23:35 | 000,000,342 | ---- | C] () -- C:\WINDOWS\MP3trt.ini

[2006.03.13 19:50:16 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll

[2005.12.09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys

[2005.12.09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys

[2005.12.09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005.12.05 18:47:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.12.05 18:13:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005.12.05 18:13:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005.12.05 18:13:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005.12.05 18:13:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005.12.05 18:09:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.12.05 18:07:01 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2005.12.05 17:58:49 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005.12.05 17:32:27 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.12.05 17:27:16 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005.12.05 10:16:54 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2005.12.05 10:13:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2005.11.05 13:44:59 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\extradrv.sys

[2005.11.05 13:44:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramdrive.sys

[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2000.07.22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

 
 ========== LOP Check ==========

 

[2009.10.03 12:49:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth

[2009.08.08 18:33:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CCTV

[2008.02.26 21:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes

[2007.08.15 19:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations

[2008.03.20 00:08:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eboostr

[2010.03.06 16:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

[2010.02.02 20:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.05.16 11:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2009.10.20 18:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2008.02.28 18:15:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier

[2006.03.22 17:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!

[2009.05.16 11:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2006.10.19 19:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2006.03.13 21:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap

[2008.01.28 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan

[2008.12.13 17:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2006.06.25 14:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2006.10.23 19:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint

[2009.12.29 20:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk

[2007.06.28 21:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2007.06.08 12:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Abolimba Multibrowser

[2006.04.24 19:24:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\acccore

[2008.04.03 20:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ASCOMP Software

[2006.10.25 20:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azureus

[2008.10.17 22:03:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BonkEnc

[2010.06.05 18:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur

[2009.08.08 18:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CCTV

[2009.01.18 02:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\concept design

[2007.06.06 19:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberMotion 3D-Designer

[2008.02.15 16:37:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DassaultSystemes

[2007.05.22 17:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DataCast

[2008.10.17 21:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dBpoweramp

[2006.04.16 18:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DeepBurner

[2006.07.31 20:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DogLocksDupe

[2010.05.23 14:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.05.31 21:29:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ehuk

[2009.08.08 19:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Eltima Software

[2008.03.27 20:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ethereal

[2009.05.09 11:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FinalBurner Video DVD

[2006.06.30 21:24:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ford Street Racing

[2010.05.23 14:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter

[2008.02.05 22:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GetRightToGo

[2007.06.14 14:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GlarySoft

[2010.06.06 00:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2007.06.05 10:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar

[2006.03.13 20:38:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite

[2007.04.08 20:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IE7pro

[2008.05.16 20:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InfraRecorder

[2006.04.16 18:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2008.01.26 02:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\KRyLack Password Recovery

[2007.04.21 18:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2009.10.17 15:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX

[2009.11.07 18:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Moyea

[2009.05.16 11:51:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia

[2009.06.27 21:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2007.06.08 22:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera

[2007.09.09 20:06:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OTVREG

[2009.05.16 11:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite

[2007.04.06 23:32:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Pointstone

[2006.10.18 18:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PPLive

[2007.03.06 22:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ppstream

[2007.10.19 22:01:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ringtone

[2008.01.13 22:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung

[2010.01.24 16:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2006.11.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software

[2008.04.15 21:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Smart PC Solutions

[2009.04.01 00:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Songbird2

[2006.06.14 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SpamTest

[2009.05.04 20:15:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StarOffice8

[2009.08.09 15:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steganos

[2010.02.14 13:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\streamripper

[2010.01.13 20:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StreamTorrent

[2009.05.16 00:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca

[2006.03.13 20:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template

[2007.07.13 22:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrojanHunter

[2006.06.25 14:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2009.09.03 22:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue

[2007.04.06 23:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent

[2010.02.27 21:28:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vso

[2006.11.09 10:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VSO_HWE

[2009.10.17 12:41:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

Larusso

08.06.2010 20:38

Schritt 1

Deinstalliere bitte (falls vorhanden)
Registry Winner
Simply Super Software
TrojanHunter

Ich sehe Viewpoint auf deinem System. Diese Software wird als Foistware eingestuft. Es macht zwar keine schlimmen Sachen, ich rate dir denoch folgendes zu lesen

http://www.clickz.com/news/article.php/3561546

und folgendes zu deinstallieren (Falls vorhanden)
Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Schritt 2

Peer to peer oder filesharing software

Deine Logfile(s) zeigen mir das Du sogenannte Peer to Peer oder Filesharing Programme verwendest ( Bei Dir Azureus; uTorrent ). Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Heutzutage bekommt Cyber Crime einen immer höher werdenden Status und die Ausmaße sind enorm. Leider ist auch p2p oder Filesharing davon nicht ausgenommen. Es dient auch dazu, infizierte Dateien zu verbreiten und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Du setzt Dich also selbst dem Risiko einer Anklage durch Orginastionen ( oder dem Author der "Datei" selbst ) die diese Rechte überwachen
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere (falls vorhanden)
Azureus
utorrent

Bitte sag bescheid wenn Du eines der gelisteten Software nicht finden kannst.

Schritt 3

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

Code:

:OTL

SRV - File not found [On_Demand | Stopped] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

[2010.05.29 16:12:01 | 000,000,000 | ---D | C] -- C:\Programme\Registry Winner

[2010.06.05 18:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur

[2010.01.24 16:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2006.11.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software

[2007.07.13 22:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrojanHunter

:services

:files

:reg

:Commands

[purity]

[emptytemp]

[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Die *** bitte editieren sonst arbeitet das Skript nicht

Schritt 4

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

Schritt 5

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

Schritt 6

Starte OTL.
Wähle unter
Extra Registrierung: Benutze Safe List
Klicke auf den Scan Button

Bitte poste in Deiner nächsten Antwort
Log von OTLfix
Log von MBAM
Kaspersky.txt
OTL.txt
Extras.txt
Berichte wie der Rechner läuft

nikos7

08.06.2010 21:00

Hmm...komisch, ich finde keine einzige dieser Softwares um sie zu deinstallieren....
ich finde weder:

Registry Winner
Simply Super Software
TrojanHunter

noch irgendetwas von "Viewpoint"

Eine Torrentsoftware war drauf, wahrscheinlich nie benutzt, ist nun aber deinstalliert...
aber wie finde ich denn nun die restlichen Programme?
Also in der "Software" Liste erscheint nix davon...

Larusso

09.06.2010 18:42

Ich hab auch nur typische InstallationsOrdner gefunden. Muss nicht unbedingt sein dass diese noch da ist. Aber ich seh mir das am Ende nochmal genau an :)

nikos7

10.06.2010 21:40

Der PC läuft ganz normal, merke keine Beeinträchtigungen oder so...
Oder was genau meinst du mit "wie der PC läuft"? Ob er zb spürbar langsamer wird?

All processes killed
========== OTL ==========
Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!
Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Unterhaltung folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Sport folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Shopping folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Nachrichten folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Kommunikation folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Community folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo!\Büro folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Yahoo! folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\P\bwclay4 folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\P folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\NeoPlanet folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Microsoft-Websites folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Links folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Games folder moved successfully.
C:\Programme\Registry Winner\Utilities\Favorites\Alice folder moved successfully.
Folder move failed. C:\Programme\Registry Winner\Utilities\Favorites scheduled to be moved on reboot.
Folder move failed. C:\Programme\Registry Winner\Utilities scheduled to be moved on reboot.
C:\Programme\Registry Winner\AutoBackup folder moved successfully.
Folder move failed. C:\Programme\Registry Winner scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buahur folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings\kb130\temp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings\kb130 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software\Trojan Remover folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Simply Super Software folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrojanHunter folder moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ***
->Temp folder emptied: 3649412 bytes
->Temporary Internet Files folder emptied: 1779866 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35219810 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2061 bytes

User: remoteservice

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5845 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06092010_195603

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Registry Winner\Utilities\Favorites scheduled to be moved on reboot.
Folder move failed. C:\Programme\Registry Winner\Utilities\Favorites scheduled to be moved on reboot.
Folder move failed. C:\Programme\Registry Winner\Utilities scheduled to be moved on reboot.
Folder move failed. C:\Programme\Registry Winner\Utilities\Favorites scheduled to be moved on reboot.
Folder move failed. C:\Programme\Registry Winner\Utilities scheduled to be moved on reboot.
Folder move failed. C:\Programme\Registry Winner scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.06.2010 20:20:45
mbam-log-2010-06-09 (20-20-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145008
Laufzeit: 10 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 09, 2010 08:51:37
Records in database: 4228261
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 169414
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:00:06

File name / Threat / Threats count
C:\_OTL\MovedFiles\06052010_185254\C_Dokumente und Einstellungen\***\Anwendungsdaten\Buahur\axwoo.exe Infected: Trojan-Spy.Win32.Zbot.ajrb 1

Selected area has been scanned.

OTL Logfile:

Code:

OTL logfile created on: 10.06.2010 22:02:10 - Run 4

OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 10,67 Gb Free Space | 7,16% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.06.09 19:51:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2010.04.28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe

PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe

PRC - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe

PRC - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe

PRC - [2009.09.24 11:50:58 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2009.09.18 16:49:10 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe

PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.12 16:13:26 | 001,527,808 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe

PRC - [2007.04.16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe

PRC - [2005.12.09 16:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

PRC - [2004.08.04 14:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe

PRC - [2004.01.08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.06.09 19:51:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

MOD - [2008.04.14 04:22:18 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

MOD - [2005.12.09 16:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll

MOD - [2004.01.08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL

MOD - [2004.01.08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\LgWndHk.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007.10.18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006.11.17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.03.06 17:07:05 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2010.03.06 17:00:41 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2010.03.06 16:49:01 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2010.03.06 16:48:47 | 000,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2010.03.06 16:47:59 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2010.03.06 16:47:59 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2009.08.16 18:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2009.02.09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009.02.09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009.02.09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009.02.09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sleen16.sys -- (SLEE_16_DRIVER)

DRV - [2008.09.24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.06.03 21:37:45 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2007.05.23 04:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.05.23 04:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.04.23 15:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)

DRV - [2007.03.15 21:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - [2006.11.21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.11.20 07:57:00 | 000,283,776 | R--- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)

DRV - [2006.10.17 19:07:32 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Ultra.dll -- (ultra)

DRV - [2006.09.18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006.09.18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.04.28 17:27:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006.04.28 17:26:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006.04.28 17:24:06 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006.04.28 17:24:00 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2005.12.09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)

DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)

DRV - [2005.12.09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)

DRV - [2005.12.06 05:27:29 | 000,287,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2005.12.06 05:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005.11.05 13:44:59 | 000,036,352 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\extradrv.sys -- (extradrv)

DRV - [2005.11.05 13:44:58 | 000,005,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ramdrive.sys -- (ramdrive)

DRV - [2005.09.15 04:58:30 | 001,339,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)

DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)

DRV - [2005.08.18 18:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2005.06.30 09:27:46 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005.06.30 09:27:44 | 000,033,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005.03.09 15:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004.11.07 21:36:46 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2004.11.07 21:36:38 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2004.11.07 21:33:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2004.09.03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004.09.03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)

DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003.07.11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: ""

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.30 20:42:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.16 11:43:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 22:05:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.04 21:18:14 | 000,000,000 | ---D | M]

 

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com

[2010.06.05 21:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions

[2010.04.27 23:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.24 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}

[2009.12.13 17:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.12.04 17:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com

[2009.10.11 00:42:00 | 000,002,171 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\bing.xml

[2008.03.18 21:41:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-1.xml

[2009.03.24 19:26:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-10.xml

[2009.04.05 11:53:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-11.xml

[2009.04.26 15:38:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-12.xml

[2009.05.01 15:32:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-13.xml

[2009.06.16 21:40:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-14.xml

[2009.07.11 20:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-15.xml

[2009.07.27 19:28:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-16.xml

[2009.08.11 19:52:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-17.xml

[2009.09.02 19:38:40 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-18.xml

[2009.09.19 15:21:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-19.xml

[2008.04.02 20:32:49 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-2.xml

[2009.12.10 18:42:12 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-20.xml

[2009.12.28 21:35:05 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-21.xml

[2010.01.04 23:09:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-22.xml

[2010.01.24 16:46:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-23.xml

[2010.02.19 17:43:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-24.xml

[2010.03.07 11:52:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-25.xml

[2010.04.02 22:06:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-26.xml

[2008.06.10 23:50:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-3.xml

[2008.07.11 21:18:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-4.xml

[2008.08.06 21:56:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-5.xml

[2008.10.07 19:14:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-6.xml

[2008.11.15 22:35:13 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-7.xml

[2009.03.16 10:09:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-8.xml

[2009.03.19 17:29:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-9.xml

[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.gif

[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.src

[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.xml

[2008.08.16 12:21:39 | 000,000,277 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\search.xml

[2010.06.09 22:28:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.02.02 20:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.04.24 09:02:59 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll

[2010.03.06 23:32:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.06 23:32:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.06 23:32:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.06 23:32:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.06 23:32:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.06.08 19:57:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Programme\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.06.05 21:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.09 20:04:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.09 20:04:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.09 19:51:21 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.08 20:14:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.06.07 20:11:35 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.06.07 20:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.06.07 20:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.06.07 20:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.06.07 20:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.06.07 20:07:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.06.07 20:07:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.07 20:04:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2010.06.05 18:52:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.06.02 20:15:52 | 000,000,000 | ---D | C] -- C:\rsit

[2010.05.30 16:22:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\VA-Eurovision Song Contest oslo (2010)

[2010.05.29 16:12:01 | 000,000,000 | ---D | C] -- C:\Programme\Registry Winner

[2010.05.26 20:44:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup

[2010.05.23 14:25:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.05.23 14:20:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter

[2010.05.16 00:52:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\san

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.10 22:00:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.06.10 21:05:17 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.10 21:04:26 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.06.10 21:04:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.10 21:04:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.10 21:04:19 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.10 01:30:29 | 022,020,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat

[2010.06.10 01:30:29 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini

[2010.06.09 23:20:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.06.09 19:51:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.09 00:12:01 | 000,446,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.09 00:12:00 | 001,043,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.09 00:12:00 | 000,466,010 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.09 00:12:00 | 000,087,300 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.09 00:12:00 | 000,073,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.08 19:58:56 | 000,000,244 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.06.08 19:57:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.06.07 23:08:19 | 000,193,024 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.07 20:11:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.05.26 20:44:57 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe

[2010.05.25 20:44:39 | 000,000,881 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010.05.23 11:01:30 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2010.05.16 01:27:58 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

 
 ========== Files Created - No Company Name ==========

 

[2010.06.07 20:11:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.06.07 20:11:35 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.06.07 20:08:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.06.07 20:08:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.06.07 20:08:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.06.07 20:08:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.06.07 20:08:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.05.16 01:27:58 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.02.05 22:04:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.02.05 22:04:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.02.05 22:04:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.02.05 22:04:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010.02.05 22:04:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.12.04 19:53:10 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.11.03 23:15:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2009.11.03 15:19:07 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2009.11.03 15:19:02 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2009.10.19 20:35:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI

[2009.10.17 15:20:00 | 000,000,111 | ---- | C] () -- C:\WINDOWS\installation.ini

[2009.10.17 15:18:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.10.17 15:02:56 | 000,001,376 | ---- | C] () -- C:\WINDOWS\System32\wstcode16a.dll

[2009.10.11 13:18:27 | 000,093,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys

[2009.09.04 12:25:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.08.09 15:43:35 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll

[2009.08.09 15:37:07 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009.04.16 13:24:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2009.04.16 13:24:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2009.04.16 13:24:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2009.04.16 13:24:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll

[2009.01.11 22:07:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2008.12.07 15:22:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI

[2008.10.29 20:40:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008.07.29 20:57:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2008.02.08 19:16:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008.01.09 22:43:15 | 000,000,881 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007.07.17 18:22:55 | 000,000,990 | ---- | C] () -- C:\WINDOWS\AZPR3.INI

[2007.07.13 22:37:39 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll

[2007.07.06 17:59:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007.06.07 21:45:13 | 000,171,520 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

[2007.05.31 20:34:14 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll

[2007.05.22 17:05:13 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll

[2007.04.23 20:53:25 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll

[2006.12.26 20:42:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2006.12.25 15:45:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2006.12.13 20:52:25 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006.12.13 20:52:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006.11.28 22:29:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\rnplf19.dll

[2006.11.28 22:22:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll

[2006.11.27 21:58:19 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys

[2006.11.19 19:29:36 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI

[2006.11.17 22:04:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI

[2006.10.27 19:19:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll

[2006.10.27 19:19:35 | 000,000,327 | ---- | C] () -- C:\WINDOWS\mpsettings.ini

[2006.10.18 21:25:40 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2006.10.17 19:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll

[2006.10.12 22:19:27 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2006.10.12 22:19:27 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2006.10.12 22:19:27 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2006.10.08 20:08:01 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscanx.dll

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoclear.dll

[2006.09.24 20:20:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.09.24 20:20:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.09.24 20:20:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.09.24 20:20:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.09.24 20:20:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.09.24 20:20:05 | 000,540,672 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.08.02 22:01:50 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2006.08.02 22:01:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2006.08.02 18:42:28 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

[2006.08.02 18:42:28 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL

[2006.07.31 19:57:22 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll

[2006.07.27 20:02:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xtrapntx7.dll

[2006.06.23 18:58:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini

[2006.06.23 18:57:08 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\bn.dll

[2006.06.10 13:05:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006.05.12 18:49:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006.05.02 18:38:58 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys

[2006.04.24 19:17:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006.04.14 13:23:42 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll

[2006.04.14 13:23:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll

[2006.03.19 18:49:55 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini

[2006.03.17 20:37:07 | 000,000,938 | ---- | C] () -- C:\WINDOWS\psmplay.ini

[2006.03.17 17:23:35 | 000,000,342 | ---- | C] () -- C:\WINDOWS\MP3trt.ini

[2006.03.13 19:50:16 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll

[2005.12.09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys

[2005.12.09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys

[2005.12.09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005.12.05 18:47:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.12.05 18:13:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005.12.05 18:13:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005.12.05 18:13:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005.12.05 18:13:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005.12.05 18:09:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.12.05 18:07:01 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2005.12.05 17:58:49 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005.12.05 17:32:27 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.12.05 17:27:16 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005.12.05 10:16:54 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2005.12.05 10:13:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2005.11.05 13:44:59 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\extradrv.sys

[2005.11.05 13:44:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramdrive.sys

[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2000.07.22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

--- --- ---

nikos7

10.06.2010 21:42

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 10.06.2010 22:02:10 - Run 4

OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 10,67 Gb Free Space | 7,16% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"4672:TCP" = 4672:TCP:*:Enabled:ppLive

"6492:UDP" = 6492:UDP:*:Enabled:ppLive

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)

"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\StreamerOne\streamerone.exe" = C:\Programme\StreamerOne\streamerone.exe:*:Enabled:streamerone -- ()

"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)

"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)

"C:\Programme\Avant Browser\avant.exe" = C:\Programme\Avant Browser\avant.exe:*:Disabled:Avant Browser -- ()

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung -- (Microsoft Corporation)

"C:\Programme\Java\jre1.6.0_03\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_03\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()

"C:\KAV\kis7.0\german\setup.exe" = C:\KAV\kis7.0\german\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 7.0 -- (Kaspersky Lab)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Disabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)

"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Programme\DAP Premium\DAP.exe" = C:\Programme\DAP Premium\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (Speedbit Ltd.)

"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)

"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)

"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)

"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0354C0B5-AA35-49D8-B7B7-1CF3412465DD}" = DataCastComponent

"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"{05EB4474-5FAC-4069-A167-352FE0D1D099}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.1.0

"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery

"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.10.170c

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{846AC73B-9394-48B9-B941-8F7F472F0047}" = Bluesoleil2.6.0.9 Release 070606

"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM

"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)

"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam-Software

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio

"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity

"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Alice" = Alice-Installationsdateien entfernen

"ATI Display Driver" = ATI Display Driver

"AudioCon" = AudioCon

"CardRecovery" = CardRecovery

"CCleaner" = CCleaner

"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0)

"ÐÂÀËÖ±²¥" = ÐÂÀËÖ±²¥

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2)

"ENTERPRISER" = Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FLVPlayer" = FLV Player 1.3.3

"Free FLV Converter_is1" = Free FLV Converter V 6.7.8

"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InfraRecorder" = InfraRecorder

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio

"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6

"IrfanView" = IrfanView (remove only)

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)

"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec

"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE

"MAGIX Screenshare UK" = MAGIX Screenshare

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MaxDrive PS2" = MaxDrive PS2

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MsgPlus! Plugin" = Messenger Plus! 3

"Nero - Burning Rom!UninstallKey" = Nero 6

"Nero BurnRights!UninstallKey" = Nero BurnRights

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"NVEContent!UninstallKey" = NeroVision Express Content

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"Picasa2" = Picasa 2

"QcDrv" = Logitech® Camera-Treiber

"RealPlayer 6.0" = RealPlayer

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Secunia PSI" = Secunia PSI

"Shockwave" = Shockwave

"SopCast" = SopCast 2.0.4

"Streamripper" = Streamripper (Remove only)

"SystemRequirementsLab" = System Requirements Lab

"Tobit ClipInc Server" = Tobit.Software clipinc.fx

"TV Player" = Veetle TV Player 0.9.11

"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 2.5.0411

"Veetle TV Player" = Veetle TV Player 0.9.11

"VLC media player" = VLC media player 1.0.3

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"Yahoo! Messenger" = Yahoo! Messenger

"YouTube FLV to AVI easy converter_is1" = YouTube FLV to AVI easy converter 2.1.0

"Zattoo4" = Zattoo4 4.0.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.01.2010 15:07:03 | Computer Name = *** | Source = Windows Search Service | ID = 3024

Description = 

 

Error - 28.02.2010 06:11:07 | Computer Name = *** | Source = ESENT | ID = 490

Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

[ System Events ]

Error - 08.06.2010 13:56:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 08.06.2010 14:16:43 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 08.06.2010 17:37:39 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 09.06.2010 12:01:31 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 09.06.2010 13:56:03 | Computer Name = *** | Source = Service Control Manager | ID = 7034

Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 09.06.2010 13:56:03 | Computer Name = *** | Source = Service Control Manager | ID = 7034

Description = Dienst "Logitech Process Monitor" wurde unerwartet beendet. Dies ist

 bereits 1 Mal passiert.

 

Error - 09.06.2010 13:56:05 | Computer Name = *** | Source = Service Control Manager | ID = 7034

Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 09.06.2010 13:56:05 | Computer Name = *** | Source = Service Control Manager | ID = 7034

Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal 

passiert.

 

Error - 09.06.2010 13:57:45 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

Error - 10.06.2010 15:04:25 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "RAM Driver" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1058

 

 

< End of report >

--- --- ---

Larusso

11.06.2010 13:24

Will immernoch irgend ein Programm ins Netz ?

nikos7

11.06.2010 14:12

Nein, beim Hochfahren, bevor W-Lan aktiviert wird, versucht kein Programm mehr ins Netz zu gehen.

Larusso

11.06.2010 16:48

Schritt 1

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.

Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
Danach wieder anstellen nicht vergessen!
Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.

Anwendung

Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:

Code:

KillAll:: Folder:: C:\Programme\Registry Winner FCopy:: c:\windows\$NtServicePackUninstall$\ctfmon.exe | c:\windows\system32\ctfmon.exe c:\windows\$NtServicePackUninstall$\ctfmon.exe | c:\windows\ServicePackFiles\i386\ctfmon.exe
Speichere dies als CFScript.txt auf Deinem Desktop
.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
.
In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
Combofix.txt
OTL.txt
Extras.txt

nikos7

12.06.2010 13:29

Combofix Logfile:

Code:

ComboFix 10-06-11.01 - *** 12.06.2010  12:57:50.3.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1565 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt

AV: G Data InternetSecurity 2010 *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}

FW: G Data Personal Firewall *disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programme\Registry Winner

c:\programme\Registry Winner\Utilities\Favorites\AudioVideoSoft.com - Collection of only the best audio converters, rippers, editors, recorders, burners, text to speed solutions, video encoders, decoders, DVD rippers, DVD burners, etc..url

c:\programme\Registry Winner\Utilities\Favorites\Desktop.ini

c:\programme\Registry Winner\Utilities\Favorites\Download Subtitles - DivX Movies.url

c:\programme\Registry Winner\Utilities\Favorites\Film DivX Untertiel zum herunterladen.url

c:\programme\Registry Winner\Utilities\Favorites\Fussball-International  Index.url

c:\programme\Registry Winner\Utilities\Favorites\Germanwings Online-Buchung.url

c:\programme\Registry Winner\Utilities\Favorites\greeksubs.com - Forum  ?????????? ?.???????? - ??? ??????? ?????????.url

c:\programme\Registry Winner\Utilities\Favorites\inspiRED Club Forums - ??????.url

c:\programme\Registry Winner\Utilities\Favorites\keepvid Download videos from Google, Youtube, iFilm, Putfile, Metacafe, DailyMotion!.url

c:\programme\Registry Winner\Utilities\Favorites\Mein Yahoo!.url

c:\programme\Registry Winner\Utilities\Favorites\Mobile9 - Free ringtones, free themes, free wallpapers, free videos, free software, free games for mobile phone.url

c:\programme\Registry Winner\Utilities\Favorites\MSN.url

c:\programme\Registry Winner\Utilities\Favorites\myK800 Free K800i downloads  Welcome to the new K800 site.url

c:\programme\Registry Winner\Utilities\Favorites\nachtagenten - hamburg im visier.url

c:\programme\Registry Winner\Utilities\Favorites\Pasalimanius - Welcome to the Red World of OLYMPIACOS C.F.P.!.url

c:\programme\Registry Winner\Utilities\Favorites\Sopcast - Der Einstieg zum Internet TV, Serverzeit - Sa, 2. Dezember 2006 - 145216.url

c:\programme\Registry Winner\Utilities\Favorites\Subs4U.gr  Home page.url

c:\programme\Registry Winner\Utilities\Favorites\SUBTiTLES.DE.url

c:\programme\Registry Winner\Utilities\Favorites\swSite.url

c:\programme\Registry Winner\Utilities\Favorites\UnderZsoft The Ultimate Software Engine - Home.url

c:\programme\Registry Winner\Utilities\Favorites\WizardS_Games eSnips Folder.url

c:\programme\Registry Winner\Utilities\Favorites\Yahoo! Bookmarks.url

c:\programme\Registry Winner\Utilities\Favorites\Yahoo! Mail.url

c:\programme\Registry Winner\Utilities\Favorites\Yahoo!.url
 

.

--------------- FCopy ---------------
 

c:\windows\$NtServicePackUninstall$\ctfmon.exe --> c:\windows\system32\ctfmon.exe

c:\windows\$NtServicePackUninstall$\ctfmon.exe --> c:\windows\ServicePackFiles\i386\ctfmon.exe

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-12 bis 2010-06-12  ))))))))))))))))))))))))))))))

.
 

2010-06-12 10:54 . 2010-06-12 11:09        --------        d-----w-        \ComboFix

2010-06-07 18:11 . 2010-06-07 18:11        --------        d-sha-r-        \cmdcons

2010-06-07 18:07 . 2010-06-12 11:08        --------        d-----w-        \Qoobox

2010-06-05 16:52 . 2010-06-05 16:52        --------        d-----w-        C:\_OTL

2010-06-05 16:52 . 2010-06-05 16:52        --------        d-----w-        \_OTL

2010-06-02 18:15 . 2010-06-02 18:16        --------        d-----w-        C:\rsit

2010-06-02 18:15 . 2010-06-02 18:16        --------        d-----w-        \rsit

2010-05-23 12:25 . 2010-05-23 12:25        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

2010-05-23 12:20 . 2010-05-23 12:20        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\FreeFLVConverter
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-12 00:23 . 2010-02-05 20:06        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Media Player Classic

2010-06-11 23:24 . 2009-12-28 19:33        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\vlc

2010-06-11 17:22 . 2009-06-27 17:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help

2010-06-09 18:04 . 2008-08-16 16:09        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-07 18:02 . 2009-10-21 17:41        --------        d-----w-        c:\programme\CCleaner

2010-06-05 22:11 . 2007-04-26 16:26        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ICQ

2010-06-02 18:16 . 2006-10-01 11:10        --------        d-----w-        c:\programme\Trend Micro

2010-05-31 19:29 . 2008-04-11 07:34        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Ehuk

2010-05-31 17:47 . 2006-10-20 19:43        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Skype

2010-05-30 13:12 . 2005-12-05 16:06        --------        d-----w-        c:\programme\Yahoo!

2010-05-30 13:12 . 2008-07-20 19:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo!

2010-05-29 23:00 . 2009-08-30 11:59        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft

2010-05-26 18:38 . 2006-06-16 19:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-05-24 11:46 . 2010-01-01 19:51        --------        d-----w-        c:\programme\JDownloader

2010-05-23 12:20 . 2009-08-08 17:38        --------        d-----w-        c:\programme\Free FLV Converter

2010-05-15 23:27 . 2010-05-15 23:27        4        -c--a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ofubwi.dat

2010-05-09 09:30 . 2008-02-22 11:24        --------        d-----w-        c:\programme\Zattoo

2010-05-07 15:06 . 2007-06-08 20:34        --------        d-----w-        c:\programme\Opera

2010-05-04 19:22 . 2006-10-15 17:45        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DivX

2010-05-04 19:18 . 2010-05-04 18:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX

2010-05-04 19:18 . 2006-04-27 18:04        --------        d-----w-        c:\programme\DivX

2010-05-04 19:15 . 2009-04-04 22:56        --------        d-----w-        c:\programme\Gemeinsame Dateien\DivX Shared

2010-04-21 19:25 . 2010-02-02 18:48        --------        d-----w-        c:\programme\ICQ7.0

2009-06-01 20:49 . 2009-06-01 20:49        29        -c--a-w-        c:\programme\hdtv.sys

2009-06-01 20:48 . 2009-06-01 20:48        23        -c--a-w-        c:\programme\hfkud16.sys

2008-07-12 14:26 . 2008-07-12 14:26        774144        -c--a-w-        c:\programme\RngInterstitial.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        -c--a-w-        c:\programme\opera\program\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        -c--a-w-        c:\programme\opera\program\plugins\ssldivx.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-05-27 413696]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"GDFirewallTray"="c:\programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]

"G DATA AntiVirus Trayapplication"="c:\programme\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuSubFolders"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoPrinters"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoChangeAnimation"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           \0
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk

backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17        952768        -c--a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-02 18:05        40368        -c--a-w-        c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46        1135912        -c--a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44        31072        -c--a-w-        c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 08:50        19968        -c--a-w-        c:\windows\LOGI_MWX.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2005-12-07 08:26        489472        -c--a-w-        c:\programme\Logitech\Video\CameraAssistant.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 10:43        248040        -c--a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Messenger\\Msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\StreamerOne\\streamerone.exe"=

"c:\\Programme\\SopCast\\SopCast.exe"=

"c:\\Programme\\Opera\\Opera.exe"=

"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programme\\Avant Browser\\avant.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Programme\\Zattoo\\Zattoo2.exe"=

"c:\\KAV\\kis7.0\\german\\setup.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Programme\\DAP Premium\\DAP.exe"=

"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\ICQ7.0\\ICQ.exe"=

"c:\\Programme\\ICQ7.0\\aolload.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:TCP"= 4672:TCP:ppLive

"6492:UDP"= 6492:UDP:ppLive
 

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [06.03.2010 16:47 28616]

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [06.03.2010 16:47 22528]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [06.03.2010 17:07 68976]

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11.07.2003 15:22 14912]

R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\sleen16.sys [01.10.2008 15:24 79104]

R2 AVKProxy;G DATA AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [22.09.2009 16:28 1128008]

R2 AVKService;G Data Scheduler;c:\programme\G Data\InternetSecurity\AVK\AVKService.exe [08.08.2009 13:33 397896]

R2 AVKWCtl;G Data Dateisystem Wächter;c:\programme\G Data\InternetSecurity\AVK\AVKWCtl.exe [23.09.2009 15:01 1251488]

R2 extradrv;Extra Driver;c:\windows\system32\drivers\extradrv.sys [05.11.2005 13:44 36352]

R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [06.03.2010 16:47 51784]

R3 GDFwSvc;G Data Personal Firewall;c:\programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe [21.09.2009 02:55 1547104]

R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [06.03.2010 16:49 55624]

R3 GDScan;G Data Scanner;c:\programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [27.07.2009 04:03 302152]

R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [06.03.2010 16:48 34632]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23.04.2007 15:11 224896]

S2 ramdrive;RAM Driver;c:\windows\system32\drivers\ramdrive.sys [05.11.2005 13:44 5632]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07.04.2006 17:57 16512]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 14:20 12648]

S4 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page = c:\windows\system32\blank.htm

mWindow Title = 

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.google.de

FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - component: c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll

FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLC\npvlc.dll

FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\programme\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-06-12 13:08

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1532919398-2870173762-3724845258-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\smss.exe

c:\windows\system32\csrss.exe

c:\windows\system32\winlogon.exe

c:\windows\system32\services.exe

c:\windows\system32\lsass.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\System32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\system32\spoolsv.exe

c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe

c:\windows\system32\svchost.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\svchost.exe

c:\windows\System32\alg.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\SOUNDMAN.EXE

c:\programme\Logitech\MouseWare\system\em_exec.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-06-12  13:18:57 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-12 11:18

ComboFix2.txt  2010-06-07 18:32
 

Vor Suchlauf: 50 Verzeichnis(se), 10.536.062.976 Bytes frei

Nach Suchlauf: 51 Verzeichnis(se), 10.474.926.080 Bytes frei
 

- - End Of File - - F03E6FBDB8ADEEB0BF0FBE187ADA335A

--- --- ---

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jun 12 13:36:19 2010

Found and removed: C:\Programme\Java\jre1.5.0_06

Found and removed: C:\Programme\Java\jre1.5.0_11

Found and removed: C:\Programme\Java\jre1.6.0_01

Found and removed: C:\Programme\Java\jre1.6.0_02

Found and removed: C:\Programme\Java\jre1.6.0_03

Found and removed: C:\Programme\Java\jre1.6.0_05

Found and removed: C:\Programme\Java\jre1.6.0_06

Found and removed: C:\Programme\Java\jre1.6.0_07

Found and removed: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_05

Found and removed: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_11

Found and removed: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_13

Found and removed: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_15

Found and removed: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_17

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jun 12 13:39:21 2010

------------------------------------

Finished reporting.

nikos7

12.06.2010 13:30

OTL Logfile:

Code:

OTL logfile created on: 12.06.2010 13:50:04 - Run 5

OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 9,85 Gb Free Space | 6,61% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.06.12 13:48:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe

PRC - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe

PRC - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe

PRC - [2009.09.24 11:50:58 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2009.09.18 16:49:10 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe

PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.12 16:13:26 | 001,527,808 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe

PRC - [2007.04.16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe

PRC - [2005.12.09 16:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

PRC - [2004.01.08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.06.12 13:48:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

MOD - [2008.04.14 04:22:18 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

MOD - [2005.12.09 16:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll

MOD - [2004.01.08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL

MOD - [2004.01.08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\LgWndHk.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2009.08.08 13:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007.10.18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006.11.17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.12.09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)

DRV - [2010.03.06 17:07:05 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2010.03.06 17:00:41 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2010.03.06 16:49:01 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2010.03.06 16:48:47 | 000,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2010.03.06 16:47:59 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2010.03.06 16:47:59 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2009.08.16 18:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2009.02.09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009.02.09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009.02.09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009.02.09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sleen16.sys -- (SLEE_16_DRIVER)

DRV - [2008.09.24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.06.03 21:37:45 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2007.05.23 04:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.05.23 04:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.04.23 15:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)

DRV - [2007.03.15 21:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - [2006.11.21 22:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.11.20 07:57:00 | 000,283,776 | R--- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)

DRV - [2006.10.17 19:07:32 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Ultra.dll -- (ultra)

DRV - [2006.09.18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006.09.18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.04.28 17:27:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006.04.28 17:26:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006.04.28 17:24:06 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006.04.28 17:24:00 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2005.12.09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)

DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)

DRV - [2005.12.09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)

DRV - [2005.12.06 05:27:29 | 000,287,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2005.12.06 05:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005.11.05 13:44:59 | 000,036,352 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\extradrv.sys -- (extradrv)

DRV - [2005.11.05 13:44:58 | 000,005,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ramdrive.sys -- (ramdrive)

DRV - [2005.09.15 04:58:30 | 001,339,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)

DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)

DRV - [2005.08.18 18:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2005.06.30 09:27:46 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005.06.30 09:27:44 | 000,033,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005.03.09 15:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004.11.07 21:36:46 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2004.11.07 21:36:38 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2004.11.07 21:33:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2004.09.03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004.09.03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004.09.02 09:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)

DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003.07.11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: ""

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.30 20:42:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.16 11:43:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 22:05:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.12 13:46:10 | 000,000,000 | ---D | M]

 

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2009.04.01 00:39:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com

[2010.06.05 21:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions

[2010.04.27 23:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.24 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}

[2009.12.13 17:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.12.04 17:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\extensions\firefox@tvunetworks.com

[2009.10.11 00:42:00 | 000,002,171 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\bing.xml

[2008.03.18 21:41:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-1.xml

[2009.03.24 19:26:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-10.xml

[2009.04.05 11:53:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-11.xml

[2009.04.26 15:38:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-12.xml

[2009.05.01 15:32:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-13.xml

[2009.06.16 21:40:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-14.xml

[2009.07.11 20:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-15.xml

[2009.07.27 19:28:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-16.xml

[2009.08.11 19:52:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-17.xml

[2009.09.02 19:38:40 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-18.xml

[2009.09.19 15:21:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-19.xml

[2008.04.02 20:32:49 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-2.xml

[2009.12.10 18:42:12 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-20.xml

[2009.12.28 21:35:05 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-21.xml

[2010.01.04 23:09:36 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-22.xml

[2010.01.24 16:46:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-23.xml

[2010.02.19 17:43:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-24.xml

[2010.03.07 11:52:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-25.xml

[2010.04.02 22:06:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-26.xml

[2008.06.10 23:50:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-3.xml

[2008.07.11 21:18:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-4.xml

[2008.08.06 21:56:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-5.xml

[2008.10.07 19:14:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-6.xml

[2008.11.15 22:35:13 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-7.xml

[2009.03.16 10:09:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-8.xml

[2009.03.19 17:29:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin-9.xml

[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.gif

[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.src

[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\icqplugin.xml

[2008.08.16 12:21:39 | 000,000,277 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\idtc1t6x.default\searchplugins\search.xml

[2010.06.12 13:46:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.02.02 20:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.04.24 09:02:59 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2010.06.12 13:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.06.12 13:45:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll

[2010.03.06 23:32:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.06 23:32:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.06 23:32:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.06 23:32:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.06 23:32:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.06.12 13:08:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Programme\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.06.05 21:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.12 13:47:56 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.12 13:46:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.06.12 13:46:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.06.12 13:46:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.06.12 13:46:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.06.12 13:46:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.06.12 13:24:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.06.12 13:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010.06.12 02:23:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2010.06.11 17:31:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010.06.09 20:04:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.09 20:04:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.07 20:11:35 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.06.07 20:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.06.07 20:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.06.07 20:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.06.07 20:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.06.07 20:07:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.06.07 20:07:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.05 18:52:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.06.02 20:15:52 | 000,000,000 | ---D | C] -- C:\rsit

[2010.05.30 16:22:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\VA-Eurovision Song Contest oslo (2010)

[2010.05.26 20:44:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup

[2010.05.23 14:25:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.05.23 14:20:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeFLVConverter

[2010.05.16 00:52:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\san

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.12 13:48:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2010.06.12 13:45:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.06.12 13:45:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.06.12 13:45:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.06.12 13:45:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.06.12 13:45:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.06.12 13:42:41 | 001,088,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.12 13:42:41 | 000,466,010 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.12 13:42:41 | 000,446,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.12 13:42:41 | 000,087,300 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.12 13:42:41 | 000,073,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.12 13:08:48 | 000,000,244 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.06.12 13:08:34 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.06.12 13:08:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.06.12 13:07:08 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.12 13:06:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.12 13:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.12 13:06:29 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.12 13:05:12 | 022,020,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat

[2010.06.12 13:05:12 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini

[2010.06.12 01:26:54 | 000,196,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.12 01:26:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.06.12 00:08:45 | 000,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.09 23:20:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.06.07 20:11:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.05.25 20:44:39 | 000,000,881 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010.05.23 11:01:30 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2010.05.16 01:27:58 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

 
 ========== Files Created - No Company Name ==========

 

[2010.06.07 20:11:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.06.07 20:11:35 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.06.07 20:08:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.06.07 20:08:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.06.07 20:08:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.06.07 20:08:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.06.07 20:08:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.05.16 01:27:58 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ofubwi.dat

[2010.02.05 22:04:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.02.05 22:04:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.02.05 22:04:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.02.05 22:04:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010.02.05 22:04:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009.12.04 19:53:10 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.11.03 23:15:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2009.11.03 15:19:07 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2009.11.03 15:19:02 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2009.10.19 20:35:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\PCCT.INI

[2009.10.17 15:20:00 | 000,000,111 | ---- | C] () -- C:\WINDOWS\installation.ini

[2009.10.17 15:18:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.10.17 15:02:56 | 000,001,376 | ---- | C] () -- C:\WINDOWS\System32\wstcode16a.dll

[2009.10.11 13:18:27 | 000,093,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys

[2009.09.04 12:25:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.08.09 15:43:35 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll

[2009.08.09 15:37:07 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009.04.16 13:24:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2009.04.16 13:24:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2009.04.16 13:24:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2009.04.16 13:24:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll

[2009.01.11 22:07:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2008.12.07 15:22:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI

[2008.10.29 20:40:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008.07.29 20:57:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2008.02.08 19:16:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008.01.09 22:43:15 | 000,000,881 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007.07.17 18:22:55 | 000,000,990 | ---- | C] () -- C:\WINDOWS\AZPR3.INI

[2007.07.13 22:37:39 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll

[2007.07.06 17:59:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007.06.07 21:45:13 | 000,171,520 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

[2007.05.31 20:34:14 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll

[2007.05.22 17:05:13 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll

[2007.04.23 20:53:25 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll

[2006.12.26 20:42:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2006.12.25 15:45:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2006.12.13 20:52:25 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006.12.13 20:52:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006.11.28 22:29:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\rnplf19.dll

[2006.11.28 22:22:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll

[2006.11.27 21:58:19 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys

[2006.11.19 19:29:36 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI

[2006.11.17 22:04:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI

[2006.10.27 19:19:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll

[2006.10.27 19:19:35 | 000,000,327 | ---- | C] () -- C:\WINDOWS\mpsettings.ini

[2006.10.18 21:25:40 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2006.10.17 19:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll

[2006.10.12 22:19:27 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2006.10.12 22:19:27 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2006.10.12 22:19:27 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2006.10.08 20:08:01 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscanx.dll

[2006.10.01 12:46:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoclear.dll

[2006.09.24 20:20:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.09.24 20:20:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.09.24 20:20:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006.09.24 20:20:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006.09.24 20:20:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.09.24 20:20:05 | 000,540,672 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.08.02 22:01:50 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2006.08.02 22:01:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2006.08.02 18:42:28 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

[2006.08.02 18:42:28 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL

[2006.07.31 19:57:22 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll

[2006.07.27 20:02:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\xtrapntx7.dll

[2006.06.23 18:58:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini

[2006.06.23 18:57:08 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\bn.dll

[2006.06.10 13:05:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006.05.12 18:49:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006.05.02 18:38:58 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys

[2006.04.24 19:17:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006.04.14 13:23:42 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll

[2006.04.14 13:23:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll

[2006.03.19 18:49:55 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini

[2006.03.17 20:37:07 | 000,000,938 | ---- | C] () -- C:\WINDOWS\psmplay.ini

[2006.03.17 17:23:35 | 000,000,342 | ---- | C] () -- C:\WINDOWS\MP3trt.ini

[2006.03.13 19:50:16 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll

[2005.12.09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys

[2005.12.09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys

[2005.12.09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005.12.05 18:47:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.12.05 18:13:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005.12.05 18:13:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005.12.05 18:13:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005.12.05 18:13:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005.12.05 18:13:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005.12.05 18:09:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.12.05 18:07:01 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2005.12.05 17:58:49 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005.12.05 17:32:27 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.12.05 17:27:16 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005.12.05 10:16:54 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2005.12.05 10:13:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll

[2005.12.05 10:08:24 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2005.11.05 13:44:59 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\extradrv.sys

[2005.11.05 13:44:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramdrive.sys

[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2000.07.22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

--- --- ---

nikos7

12.06.2010 13:31

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 12.06.2010 13:50:04 - Run 5

OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,05 Gb Total Space | 9,85 Gb Free Space | 6,61% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"4672:TCP" = 4672:TCP:*:Enabled:ppLive

"6492:UDP" = 6492:UDP:*:Enabled:ppLive

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)

"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\StreamerOne\streamerone.exe" = C:\Programme\StreamerOne\streamerone.exe:*:Enabled:streamerone -- ()

"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)

"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)

"C:\Programme\Avant Browser\avant.exe" = C:\Programme\Avant Browser\avant.exe:*:Disabled:Avant Browser -- ()

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung -- (Microsoft Corporation)

"C:\Programme\Java\jre1.6.0_03\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_03\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- File not found

"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()

"C:\KAV\kis7.0\german\setup.exe" = C:\KAV\kis7.0\german\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 7.0 -- (Kaspersky Lab)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Disabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)

"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Programme\DAP Premium\DAP.exe" = C:\Programme\DAP Premium\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (Speedbit Ltd.)

"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)

"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)

"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)

"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0354C0B5-AA35-49D8-B7B7-1CF3412465DD}" = DataCastComponent

"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"{05EB4474-5FAC-4069-A167-352FE0D1D099}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.1.0

"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery

"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.10.170c

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{846AC73B-9394-48B9-B941-8F7F472F0047}" = Bluesoleil2.6.0.9 Release 070606

"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM

"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)

"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam-Software

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio

"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity

"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Alice" = Alice-Installationsdateien entfernen

"ATI Display Driver" = ATI Display Driver

"AudioCon" = AudioCon

"CardRecovery" = CardRecovery

"CCleaner" = CCleaner

"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0)

"ÐÂÀËÖ±²¥" = ÐÂÀËÖ±²¥

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2)

"ENTERPRISER" = Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FLVPlayer" = FLV Player 1.3.3

"Free FLV Converter_is1" = Free FLV Converter V 6.7.8

"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InfraRecorder" = InfraRecorder

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio

"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6

"IrfanView" = IrfanView (remove only)

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)

"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec

"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE

"MAGIX Screenshare UK" = MAGIX Screenshare

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MaxDrive PS2" = MaxDrive PS2

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MsgPlus! Plugin" = Messenger Plus! 3

"Nero - Burning Rom!UninstallKey" = Nero 6

"Nero BurnRights!UninstallKey" = Nero BurnRights

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"NVEContent!UninstallKey" = NeroVision Express Content

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"Picasa2" = Picasa 2

"QcDrv" = Logitech® Camera-Treiber

"RealPlayer 6.0" = RealPlayer

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Secunia PSI" = Secunia PSI

"Shockwave" = Shockwave

"SopCast" = SopCast 2.0.4

"Streamripper" = Streamripper (Remove only)

"SystemRequirementsLab" = System Requirements Lab

"Tobit ClipInc Server" = Tobit.Software clipinc.fx

"TV Player" = Veetle TV Player 0.9.11

"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 2.5.0411

"Veetle TV Player" = Veetle TV Player 0.9.11

"VLC media player" = VLC media player 1.0.3

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"Yahoo! Messenger" = Yahoo! Messenger

"YouTube FLV to AVI easy converter_is1" = YouTube FLV to AVI easy converter 2.1.0

"Zattoo4" = Zattoo4 4.0.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.01.2010 15:07:03 | Computer Name = *** | Source = Windows Search Service | ID = 3024

Description = 

 

Error - 28.02.2010 06:11:07 | Computer Name = *** | Source = ESENT | ID = 490

Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der

 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet

 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

 

Error - 12.06.2010 07:42:02 | Computer Name = *** | Source = MsiInstaller | ID = 10005

Description = Produkt: Java(TM) 6 Update 7 -- Interner Fehler 2753. RegUtils

 

[ System Events ]

Error - 12.06.2010 07:42:57 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:57 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:57 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:57 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:57 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:57 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:58 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:58 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:58 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 12.06.2010 07:42:58 | Computer Name = *** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

 

< End of report >

--- --- ---

Larusso

12.06.2010 18:17

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

nikos7

13.06.2010 16:01

Ich habe nun alle Schritte befolgt, hat auch alles gut geklappt..

Vielen Dank nochmal für all deine Hilfe und die ganzen Tipps.
Läzft nun wieder alles top :)

Gruß
Niko

Alle Zeitangaben in WEZ +1. Es ist jetzt 02:10 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131