Antimaleware-Doctor-Attacke und troj/FakeAV-***
 

Liebe Experten,

nach vielen Stunden Arbeit und vielen hilfreichen Tipps hier aus dem Forum habe ich immer noch Probleme nach einer Antimaleware-Attacke und hoffe, dass ich hier Hilfe finde.

Folgendes habe ich bereits getan:
nach der Anleitung von Sophos im abgesicherten Modus gestartet und versucht die Trojaner manuell zu entfernen. Nachdem der Rechner 6 Stunden!!! dafür gebraucht hat, sollten alle Fieslinge entfernt sein. Doch beim normalen Start erwies sich dies als Fehlschluss.
dann:
rkill durchlaufen lassen
dannach 2 mal Malwarebytes' Anti-Malware
dann ccleaner
dann rsit (s.u.)

ach ja, zwischendurch habe ich noch eher zufällig über die Systemsteuerung -> software den AP Manager deinstalliert.



Mein Problem ist folgendes:
ich habe Sophos als Virenschutz, während der beiden Durchläufe von Malwarebytes' Anti Malware hat Sophos jedesmal Fehlermeldungen gegeben. In der Quarantäne sind auch nach dem 2. Durchlauf dort noch zwei Trojaner:

FakeAV-BDW
C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1143\A0773564.exe

und
FakeAV-BAG
C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774723.dll

von denen ich nicht weiß, wie ich sie loswerden soll.
Vor dem zweiten Durchlauf habe ich versucht Sophos zu deaktivieren, dies ist mir jedoch nicht gelungen. Liegt die Fehlermeldung von Sophos nun daran, dass die beiden Programme sich nicht vertragen?

Da ich wirklich wenig von PC-Interna verstehe, bin ich froh mit der Foren-Hilfe wenigstens soweit gekommen zu sein. Da ich aber jetzt nicht mehr weiter weiß, wäre es super, wenn mit jemand bei der Interpretation der Log-files helfen kann.

Hier sind zunächst die Log-Dateien von Malwarebytes, und rist-log, auf Anfrage poste ich auch rsit-info (ist für ein Thema zu lang).


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4042

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

27.04.2010 19:36:48
mbam-log-2010-04-27 (19-36-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 259473
Laufzeit: 2 Stunde(n), 19 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 25
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 10
Infizierte Dateien: 18

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\wrpsiexd.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\79c73821.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yctvvxhn.dll (Adware.EZlife) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e777c604-60ca-6283-6c03-aa644e7ed580} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e777c604-60ca-6283-6c03-aa644e7ed580} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{993d5f0b-b733-9e4a-5ef5-e387206345eb} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{993d5f0b-b733-9e4a-5ef5-e387206345eb} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54055e1-984a-458f-8bbc-0a0cc44d07bf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b54055e1-984a-458f-8bbc-0a0cc44d07bf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6a3b97c-9769-45f0-9729-8a2c35db3ae0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6a3b97c-9769-45f0-9729-8a2c35db3ae0} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aquhes (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apmanager.exe (Rogue.APManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wzuiqoerbp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\79c73821.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\wrpsiexd.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yctvvxhn.dll (Adware.EZlife) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6\hookdll.dll (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\stp04cbd.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\stp1f8ff.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\components\ffxShot.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1144\A0773831.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1151\A0774405.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ybbt.tmp\svchost.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llscrhezpzq.dll (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\wcraxsmnoe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dtpgypsa.dll (Trojan.BHO) -> Delete on reboot.





Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4042

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

27.04.2010 22:20:52
mbam-log-2010-04-27 (22-20-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 260622
Laufzeit: 2 Stunde(n), 12 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774723.dll (Rogue.Agent) -> Quarantined and deleted successfully.




Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-04-27 23:26:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (37%) free of 85 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:57, on 27.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
c:\Programme\Sophos\AutoUpdate\ALsvc.exe
C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Samsung\DisplayManager\DisplayManager.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Sophos\AutoUpdate\ALMon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
C:\Programme\trend micro\***.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://pm.profitizeme.biz/imprss/123go.php
O1 - Hosts: 89.149.249.198 www.google.com
O1 - Hosts: 89.149.249.198 www.google.de
O1 - Hosts: 89.149.249.198 www.google.fr
O1 - Hosts: 89.149.249.198 www.google.co.uk
O1 - Hosts: 89.149.249.198 www.google.com.br
O1 - Hosts: 89.149.249.198 www.google.it
O1 - Hosts: 89.149.249.198 www.google.es
O1 - Hosts: 89.149.249.198 www.google.co.jp
O1 - Hosts: 89.149.249.198 www.google.com.mx
O1 - Hosts: 89.149.249.198 www.google.ca
O1 - Hosts: 89.149.249.198 www.google.com.au
O1 - Hosts: 89.149.249.198 www.google.nl
O1 - Hosts: 89.149.249.198 www.google.co.za
O1 - Hosts: 89.149.249.198 www.google.be
O1 - Hosts: 89.149.249.198 www.google.gr
O1 - Hosts: 89.149.249.198 www.google.at
O1 - Hosts: 89.149.249.198 www.google.se
O1 - Hosts: 89.149.249.198 www.google.ch
O1 - Hosts: 89.149.249.198 www.google.pt
O1 - Hosts: 89.149.249.198 www.google.dk
O1 - Hosts: 89.149.249.198 www.google.fi
O1 - Hosts: 89.149.249.198 www.google.ie
O1 - Hosts: 89.149.249.198 www.google.no
O1 - Hosts: 89.149.249.198 www.google.ru
O1 - Hosts: 89.149.249.198 www.google.ua
O1 - Hosts: 89.149.249.198 www.google.pl
O1 - Hosts: 89.149.249.198 www.google.ro
O1 - Hosts: 89.149.249.198 www.google.co.nz
O1 - Hosts: 89.149.249.198 www.google.in
O1 - Hosts: 89.149.249.198 www.google.th
O1 - Hosts: 89.149.249.198 www.google.tr
O1 - Hosts: 89.149.249.198 www.google.hu
O1 - Hosts: 89.149.249.198 www.google.cr
O1 - Hosts: 89.149.249.198 www.google.lv
O1 - Hosts: 89.149.249.198 www.google.lt
O1 - Hosts: 89.149.249.198 www.google.bg
O1 - Hosts: 89.149.249.198 www.google.be
O1 - Hosts: 89.149.249.198 www.google.vn
O1 - Hosts: 89.149.249.198 www.google.ve
O1 - Hosts: 89.149.249.198 www.google.sw
O1 - Hosts: 89.149.249.198 search.yahoo.com
O1 - Hosts: 89.149.249.198 us.search.yahoo.com
O1 - Hosts: 89.149.249.198 uk.search.yahoo.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4284AA5F-EAC1-43A8-95C2-5050604D007B}: NameServer = 132.252.3.10,132.252.1.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC41B3B-6047-4906-9DA6-393D2C159AEE}: NameServer = 134.95.129.23,134.95.19.48
O17 - HKLM\System\CCS\Services\Tcpip\..\{70D88571-C811-4C97-BCCB-FCCB35F3CE9C}: NameServer = 132.252.3.10,132.252.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{4284AA5F-EAC1-43A8-95C2-5050604D007B}: NameServer = 132.252.3.10,132.252.1.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{4284AA5F-EAC1-43A8-95C2-5050604D007B}: NameServer = 132.252.3.10,132.252.1.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: youja_ - C:\WINDOWS\SYSTEM32\youja_.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Programme\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 14638 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-17 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-02-07 240680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2008-12-19 136600]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-08 7340032]
"nwiz"=nwiz.exe /install []
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"MagicKeyboard"=C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe [2005-04-11 151552]
"farstone"= []
"RestoreIT!"=C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE [2004-09-23 114688]
"DisplayManager"=C:\Programme\Samsung\DisplayManager\DMLoader.exe [2005-11-16 356352]
"AVStation Premium 3.75"=C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe [2006-04-27 155648]
"BatteryManager"=C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe [2006-04-25 2764800]
"Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"B'sCLiP"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2006-05-30 700416]
"Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"IJNetworkScanUtility"=C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-11-19 128352]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-06-17 198160]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AutoUpdate Monitor.lnk - C:\Programme\Sophos\AutoUpdate\ALMon.exe
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
MindManager PDF Writer.lnk - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\youja_]
C:\WINDOWS\system32\youja_.dll [2010-04-26 5136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe"="C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Programme\SPSSInc\Statistics17\statistics.com"="C:\Programme\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com"
"C:\Programme\SPSSInc\Statistics17\statistics.exe"="C:\Programme\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\TEMP\lroy.tmp\svchost.exe"="C:\WINDOWS\TEMP\lroy.tmp\svchost.exe:*:Enabled:svchost"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06ea45e-508a-11df-b812-0013773101e5}]
shell\AutoRun\command - E:\AUTORUN\setup.exe
shell\open\command - E:\AUTORUN\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4c031af-36a1-11df-b7fb-0013773101e5}]
shell\AutoRun\command - F:\AUTORUN\setup.exe
shell\open\command - F:\AUTORUN\setup.exe


======File associations======

.js - open - "C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-04-27 23:26:43 ----D---- C:\Programme\trend micro
2010-04-27 23:26:42 ----D---- C:\rsit
2010-04-27 23:09:56 ----D---- C:\Programme\CCleaner
2010-04-27 17:06:24 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-04-27 17:06:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-27 17:06:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-27 14:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-27 14:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-27 14:52:25 ----D---- C:\WINDOWS\SxsCaPendDel
2010-04-27 14:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-27 14:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-27 14:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-27 14:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-27 14:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-26 18:16:38 ----A---- C:\LOGFILE.TXT
2010-04-26 17:58:00 ----A---- C:\WINDOWS\lsrslt.ini
2010-04-26 17:25:27 ----A---- C:\WINDOWS\system32\f773bb69.exe
2010-04-26 17:24:44 ----A---- C:\WINDOWS\system32\mgvgyvzpjrwycmkyf.exe
2010-04-26 15:23:55 ----A---- C:\WINDOWS\system32\youja_.dll
2010-04-25 23:13:16 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6
2010-04-25 19:18:44 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
2010-04-25 18:45:19 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-19 16:34:04 ----RSH---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe
2010-03-31 22:59:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real

======List of files/folders modified in the last 1 months======

2010-04-27 23:26:43 ----RD---- C:\Programme
2010-04-27 23:22:40 ----D---- C:\Programme\Mozilla Firefox
2010-04-27 23:16:35 ----D---- C:\WINDOWS\Temp
2010-04-27 23:16:35 ----D---- C:\WINDOWS\Minidump
2010-04-27 23:16:35 ----D---- C:\WINDOWS\Debug
2010-04-27 23:16:35 ----D---- C:\WINDOWS
2010-04-27 22:24:16 ----SH---- C:\cj.ini
2010-04-27 22:22:54 ----A---- C:\WINDOWS\ModemLog_SENS LT56ADW Modem.txt
2010-04-27 22:22:09 ----D---- C:\WINDOWS\system32\drivers
2010-04-27 22:21:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-27 20:01:31 ----SHD---- C:\WINDOWS\Installer
2010-04-27 20:01:31 ----D---- C:\Config.Msi
2010-04-27 20:01:29 ----SD---- C:\WINDOWS\Tasks
2010-04-27 19:43:29 ----D---- C:\WINDOWS\Prefetch
2010-04-27 19:38:53 ----D---- C:\WINDOWS\system32
2010-04-27 16:20:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-04-27 16:17:45 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EndNote
2010-04-27 16:01:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2010-04-27 16:01:50 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2010-04-27 16:01:08 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-04-27 15:24:08 ----D---- C:\Programme\DVDVideoSoft
2010-04-27 15:24:07 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-04-27 15:22:12 ----D---- C:\Programme\SlySoft
2010-04-27 15:21:15 ----D---- C:\Programme\Elaborate Bytes
2010-04-27 15:18:58 ----D---- C:\Programme\Canon
2010-04-27 14:59:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-27 14:59:31 ----HD---- C:\WINDOWS\inf
2010-04-27 14:55:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-27 14:53:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-27 14:41:14 ----A---- C:\WINDOWS\win.ini
2010-04-27 14:34:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-26 09:32:10 ----SD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
2010-04-25 18:57:19 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
2010-04-25 18:52:29 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Real
2010-04-20 00:07:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-16 00:48:12 ----D---- C:\Programme\Mozilla Thunderbird
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-01 12:16:17 ----D---- C:\WINDOWS\system32\de-de
2010-04-01 12:16:16 ----D---- C:\Programme\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-02-26 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-02-26 38528]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-09-27 271360]
R2 BsUDF;B.H.A UDF Filesystem; C:\WINDOWS\system32\drivers\BsUDF.sys [2006-05-30 165248]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 FBAPI;FBAPI; \??\C:\WINDOWS\system32\drivers\FBAPI.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-09-27 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-25 140288]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-10-12 6912]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-08 3611168]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 wowfilter;WOW XT Filter Driver; C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 19456]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AX88172;Belkin USB 2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AX88172.sys [2003-02-14 17648]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-07-22 134272]
S3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141]
S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2002-04-03 18102]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2002-04-03 49457]
S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1354620]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SSB2413;SSB2413 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\SSB2413.sys [2006-01-16 470112]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SUEPD;SUE NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 19840]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-10-01 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-01-20 73728]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-08 143426]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2005-01-31 143360]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter; c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-11-02 80936]
R2 SAVService;Sophos Anti-Virus; c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe [2008-10-01 98304]
R2 SNM WLAN Service;SNM WLAN Service; C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; c:\Programme\Sophos\AutoUpdate\ALsvc.exe [2009-07-01 172032]
R2 SRS_PostInstaller;SRS PostInstaller Service; C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2005-11-28 31744]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 Samsung Update Plus;Samsung Update Plus; C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2006-07-21 57344]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------








Ich freue mich wirklich sehr über Hilfe!! :heilig:

viele grüße
mäander

Hallo und :hallo:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hallo cosinus,

danke schon mal für die Unterstützung!!


hier sind die scans:

OTL logfile created on: 29.04.2010 22:57:03 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 30,28 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
PRC - C:\Programme\SAMSUNG\AVStation Premium 3.75\AVSAgent.exe ()
PRC - C:\Programme\SAMSUNG\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\SAMSUNG\DisplayManager\DisplayManager.exe (SAMSUNG)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
PRC - C:\Programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\WINDOWS\system32\mfc42u.dll (Microsoft Corporation)
MOD - C:\Programme\SAMSUNG\AVStation Premium 3.75\KBDHook.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SAVAdminService) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SAVService) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\BsUDF.sys (CyberLink Corporation.)
DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (Cyberlink Co.,Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (RITCPT) -- C:\WINDOWS\system32\drivers\RITCPT.SYS ()
DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys ()
DRV - (AX88172) -- C:\WINDOWS\system32\drivers\AX88172.sys (ASIX Electronics Corp.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\FTSER2K.SYS (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\FTDIBUS.SYS (FTDI Ltd.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {02ffb056-3abb-320b-d592-c3921c590a22}:4.6.6.6
FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.17 20:55:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.25 23:13:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.01 21:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 00:47:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.06 15:21:26 | 000,000,000 | ---D | M]

[2008.09.04 09:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.04.28 14:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions
[2010.04.16 08:17:24 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.04.16 08:17:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.16 08:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\isreaditlater@ideashower.com
[2010.04.26 07:01:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\toolbar@ask.com
[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\askcom.xml
[2010.04.26 00:06:28 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-1.xml
[2008.07.06 23:16:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-2.xml
[2008.07.09 14:32:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-3.xml
[2008.08.02 12:21:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-4.xml
[2008.08.07 20:10:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-5.xml
[2008.08.11 18:16:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-6.xml
[2008.08.22 22:09:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-7.xml
[2008.08.24 18:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-8.xml
[2008.08.25 10:52:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-9.xml
[2008.04.25 19:10:00 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin.xml
[2010.04.29 22:03:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 17:25:27 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22}
[2009.09.04 14:00:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.04 14:00:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.04 14:00:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.11 13:33:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.04 14:00:45 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.26 15:23:55 | 000,002,154 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.149.249.198 www.google.com
O1 - Hosts: 89.149.249.198 www.google.de
O1 - Hosts: 89.149.249.198 www.google.fr
O1 - Hosts: 89.149.249.198 www.google.co.uk
O1 - Hosts: 89.149.249.198 www.google.com.br
O1 - Hosts: 89.149.249.198 www.google.it
O1 - Hosts: 89.149.249.198 www.google.es
O1 - Hosts: 89.149.249.198 www.google.co.jp
O1 - Hosts: 89.149.249.198 www.google.com.mx
O1 - Hosts: 89.149.249.198 www.google.ca
O1 - Hosts: 89.149.249.198 www.google.com.au
O1 - Hosts: 89.149.249.198 www.google.nl
O1 - Hosts: 89.149.249.198 www.google.co.za
O1 - Hosts: 89.149.249.198 www.google.be
O1 - Hosts: 89.149.249.198 www.google.gr
O1 - Hosts: 89.149.249.198 www.google.at
O1 - Hosts: 89.149.249.198 www.google.se
O1 - Hosts: 89.149.249.198 www.google.ch
O1 - Hosts: 89.149.249.198 www.google.pt
O1 - Hosts: 89.149.249.198 www.google.dk
O1 - Hosts: 89.149.249.198 www.google.fi
O1 - Hosts: 89.149.249.198 www.google.ie
O1 - Hosts: 89.149.249.198 www.google.no
O1 - Hosts: 89.149.249.198 www.google.ru
O1 - Hosts: 19 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\SAMSUNG\AVStation Premium 3.75\AVSAgent.exe ()
O4 - HKLM..\Run: [BatteryManager] C:\Programme\SAMSUNG\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [B'sCLiP] C:\Programme\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DisplayManager] C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe (SAMSUNG)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [farstone] File not found
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [PowerBar] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99***-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe) - C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\youja_: DllName - youja_.dll - C:\WINDOWS\System32\youja_.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\alles\anke\fotos\frankreich_2007\Paris\IMG_0128.JPG
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.05 13:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{10cb6d60-***c8-11dd-b6ec-0013773101e5}\Shell - "" = AutoRun
O33 - MountPoints2\{10cb6d60-***c8-11dd-b6ec-0013773101e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10cb6d60-***c8-11dd-b6ec-0013773101e5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{12b5415b-c63d-11dd-b6f6-0013773101e5}\Shell - "" = AutoRun
O33 - MountPoints2\{12b5415b-c63d-11dd-b6f6-0013773101e5}\Shell\Auto\command - "" = E:\,.exe -- File not found
O33 - MountPoints2\{12b5415b-c63d-11dd-b6f6-0013773101e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37a54290-4c5f-11de-b730-0013773101e5}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found
O33 - MountPoints2\{aff37830-463f-11dc-b65c-008000009887}\Shell - "" = AutoRun
O33 - MountPoints2\{aff37830-463f-11dc-b65c-008000009887}\Shell\Auto\command - "" = RavMon.exe
O33 - MountPoints2\{aff37830-463f-11dc-b65c-008000009887}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.29 22:18:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.04.28 14:29:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.04.27 23:26:43 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.27 23:26:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.27 23:09:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.27 17:06:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.27 17:06:12 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.27 14:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.04.25 18:45:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.31 22:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.29 22:18:09 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.04.29 22:11:59 | 000,000,073 | -HS- | M] () -- C:\cj.ini
[2010.04.29 22:11:52 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.04.29 22:11:48 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.04.29 22:11:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.29 21:57:26 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.29 21:55:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.29 21:55:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.29 21:55:39 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.28 17:59:22 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.04.28 17:59:22 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.04.27 19:39:47 | 001,558,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.27 17:06:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.27 16:14:43 | 000,050,994 | ---- | M] () -- C:\WINDOWS\System32\mgvgyvzpjrwycmkyf.exe
[2010.04.27 14:41:14 | 000,000,956 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.27 10:54:06 | 000,069,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.04.26 17:58:00 | 000,001,999 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010.04.26 17:25:27 | 000,096,704 | ---- | M] () -- C:\WINDOWS\System32\f773bb69.exe
[2010.04.26 15:23:55 | 000,005,136 | ---- | M] () -- C:\WINDOWS\System32\youja_.dll
[2010.04.20 00:07:11 | 000,736,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 00:07:11 | 000,321,606 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.20 00:07:11 | 000,315,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.20 00:07:11 | 000,050,046 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.20 00:07:11 | 000,041,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.19 16:33:57 | 000,107,520 | RHS- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe
[2010.04.16 00:38:31 | 001,227,776 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt
[2010.04.16 00:37:29 | 003,196,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt
[2010.04.16 00:36:28 | 000,804,377 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf
[2010.04.16 00:36:14 | 001,224,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf
[2010.04.11 22:56:35 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.04.01 19:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.01 08:36:56 | 000,951,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf
[2010.04.01 08:36:32 | 000,049,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf
[2010.04.01 08:36:19 | 000,029,955 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf
[2010.04.01 08:36:15 | 000,043,571 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf
[2010.04.01 02:01:25 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml
[2010.04.01 01:48:31 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf
[2010.04.01 01:33:30 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.27 17:06:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.27 06:55:14 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.26 17:58:00 | 000,001,999 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010.04.26 17:25:27 | 000,096,704 | ---- | C] () -- C:\WINDOWS\System32\f773bb69.exe
[2010.04.26 17:24:44 | 000,050,994 | ---- | C] () -- C:\WINDOWS\System32\mgvgyvzpjrwycmkyf.exe
[2010.04.26 15:23:55 | 000,005,136 | ---- | C] () -- C:\WINDOWS\System32\youja_.dll
[2010.04.25 23:37:56 | 000,107,520 | RHS- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe
[2010.04.16 00:38:31 | 001,227,776 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt
[2010.04.16 00:37:28 | 003,196,416 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt
[2010.04.16 00:36:28 | 000,804,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf
[2010.04.16 00:36:11 | 001,224,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf
[2010.04.01 08:36:54 | 000,951,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf
[2010.04.01 08:36:32 | 000,049,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf
[2010.04.01 08:36:19 | 000,029,955 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf
[2010.04.01 08:36:14 | 000,043,571 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf
[2010.04.01 02:01:23 | 000,002,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml
[2010.04.01 01:48:30 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf
[2010.04.01 01:33:29 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf
[2009.10.09 16:48:27 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Fabi_KBD.ini
[2009.07.27 11:53:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.02.22 20:10:01 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008.10.16 12:54:54 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2008.05.26 22:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008.05.26 22:18:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008.05.26 22:18:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008.01.03 02:59:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.10.12 22:56:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007.10.12 20:16:21 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2007.09.27 21:45:34 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.09.27 21:45:33 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.09.15 10:06:12 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\worst case_KBD.ini
[2007.04.13 11:30:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007.03.08 11:50:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007.02.04 12:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007.02.04 12:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2007.02.04 12:08:44 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2007.02.04 12:08:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007.02.04 12:06:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007.02.04 12:06:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007.02.04 12:05:05 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini
[2007.02.04 01:36:31 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini
[2007.02.03 21:06:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.23 08:33:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.10 10:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006.11.10 10:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.05.23 03:58:19 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.05.23 03:58:19 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.05.23 03:58:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.05.23 03:58:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.05.23 03:58:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.05.22 19:07:49 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2006.05.22 19:07:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2006.05.22 19:07:46 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2006.05.22 19:07:43 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2006.05.22 19:06:48 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2006.05.22 19:06:46 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2006.05.22 19:06:46 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2006.05.22 19:06:46 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2006.05.22 19:06:46 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2006.05.22 19:06:46 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2006.05.22 19:06:46 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2006.05.22 19:06:46 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2006.05.22 19:06:46 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2006.05.22 19:06:46 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2006.05.22 19:06:46 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2006.05.22 19:06:46 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2006.05.22 19:06:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2006.05.22 19:06:03 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini
[2006.05.22 19:04:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006.04.05 22:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.05 14:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll
[2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2005.12.02 15:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.11.28 12:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.11.28 12:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005.11.28 12:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
< End of report >

... hier der zweite, war zu viel für eine Antwort ...




OTL Extras logfile created on: 29.04.2010 22:57:03 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 30,28 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\SPSSInc\Statistics17\statistics.com" = C:\Programme\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc.)
"C:\Programme\SPSSInc\Statistics17\statistics.exe" = C:\Programme\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc.)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\TEMP\lroy.tmp\svchost.exe" = C:\WINDOWS\TEMP\lroy.tmp\svchost.exe:*:Enabled:svchost -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010
"{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B567E98-126E-4CD0-BF9B-163345BF7852}" = MindManager X5 Pro
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"{BD3443D9-2294-4D47-9A51-4170FE357C6F}" = WinSTAT
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 1.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D379964B-685C-44D5-AE46-C953A9FEEA14}" = EPSON Photo Print
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}" = F5U216
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CUEcards 2000" = CUEcards 2000
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"f4" = f4 3.0.3
"f773bb69" = Contextual Tool Profitmuse
"FileZilla" = FileZilla (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6 Gold
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Kalenderchen_is1" = Kalenderchen 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXQDA2007" = MAXQDA2007 (R290908)
"mgvgyvzpjrwycmkyf" = Performance Maximizer Profitizeme
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"RestoreIT!" = Recover Pro
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2010 18:50:32 | Computer Name = *** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:32 | Computer Name = *** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:32 | Computer Name = *** | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security
Update for Publisher 2003 (KB980469): MSPUB" konnte nicht installiert werden. Fehlercode
1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung
betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie
folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error - 15.04.2010 18:50:42 | Computer Name = *** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:42 | Computer Name = *** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:42 | Computer Name = *** | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security
Update for PowerPoint 2003 (KB976881): POWERPNT" konnte nicht installiert werden.
Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung
betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie
folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error - 25.04.2010 12:47:14 | Computer Name = *** | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
MessageResDSFactory kann nicht ausgegeben werden.

Error - 25.04.2010 12:47:14 | Computer Name = *** | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
MessageResDSFactory kann nicht ausgegeben werden.

Error - 27.04.2010 05:45:12 | Computer Name = *** | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module mso.dll, version 12.0.6425.1000, stamp 49d65443, debug? 0, fault
address 0x000fb8e0.

Error - 27.04.2010 08:25:26 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17023, fehlgeschlagenes
Modul flash9.ocx, Version 9.0.16.0, Fehleradresse 0x0017995d.

[ OSession Events ]
Error - 13.12.2007 11:16:29 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13634
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 18.12.2007 16:38:41 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81618
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 21.12.2007 05:47:43 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 217901
seconds with 7680 seconds of active time. This session ended with a crash.

Error - 23.12.2007 16:04:25 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 209761
seconds with 2880 seconds of active time. This session ended with a crash.

Error - 18.01.2008 19:08:33 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 839439
seconds with 32820 seconds of active time. This session ended with a crash.

Error - 07.06.2008 13:37:39 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 475771
seconds with 12240 seconds of active time. This session ended with a crash.

Error - 25.01.2009 20:56:37 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 317323
seconds with 27060 seconds of active time. This session ended with a crash.

Error - 18.03.2009 05:05:26 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 178 seconds with 120 seconds of active time. This session ended with a crash.

Error - 13.05.2009 14:23:29 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 114392 seconds with 11400 seconds of active time. This session ended with
a crash.

Error - 27.04.2010 05:44:25 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3035
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28.04.2010 09:53:24 | Computer Name = *** | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 28.04.2010 09:53:24 | Computer Name = *** | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 28.04.2010 09:53:24 | Computer Name = *** | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 28.04.2010 11:19:34 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 28.04.2010 11:19:50 | Computer Name = *** | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 28.04.2010 11:19:50 | Computer Name = *** | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 29.04.2010 15:55:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 29.04.2010 15:56:07 | Computer Name = *** | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 29.04.2010 15:56:07 | Computer Name = *** | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 29.04.2010 16:01:24 | Computer Name = *** | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.


< End of report >

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

hallo,

hier ist das log-file (wieder anonymisiert ;-) ) (ich muss allerdings gestehen, dass ich vergessen habe, den editor, in den ich deine anleitung kopiert habe, zu schließen. soll ich alles nochmal wiederholen?)

viele grüße und danke, danke, danke!!!
anke

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\farstone deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\nljf.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\youja_\ deleted successfully.
C:\WINDOWS\system32\youja_.dll moved successfully.
C:\WINDOWS\system32\mgvgyvzpjrwycmkyf.exe moved successfully.
C:\WINDOWS\lsrslt.ini moved successfully.
C:\WINDOWS\system32\f773bb69.exe moved successfully.
File C:\WINDOWS\System32\youja_.dll not found.
File C:\Dokumente und Einstellungen\a1\Anwendungsdaten\nljf.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ***
->Temp folder emptied: 299031324 bytes
->Temporary Internet Files folder emptied: 772926313 bytes
->Java cache emptied: 33883662 bytes
->FireFox cache emptied: 68789228 bytes
->Apple Safari cache emptied: 18232084 bytes
->Flash cache emptied: 78977 bytes

User: All Users

User: ***
->Temp folder emptied: 1116 bytes
->Temporary Internet Files folder emptied: 3551141 bytes
->Flash cache emptied: 348 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: ***
->Temp folder emptied: 5454148 bytes
->Temporary Internet Files folder emptied: 153916 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73783144 bytes
->Flash cache emptied: 2364 bytes

User: ***
->Temp folder emptied: 126166 bytes
->Temporary Internet Files folder emptied: 163207 bytes
->FireFox cache emptied: 2895407 bytes

User: LocalService
->Temp folder emptied: 66268 bytes
->Temporary Internet Files folder emptied: 50513 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 479702271 bytes

User: ***
->Temp folder emptied: 223 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1677765 bytes
%systemroot%\System32 .tmp files removed: 4148615 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74713200 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.754,00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 05012010_003745

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ich habe immer noch ein problem mit einem sich im browser automatisch öffnenden fester (bootcamp), obwohl popups im browser ausgeschaltet sind ...
hat das was mit der antimalware-doctor-attacke zu tun oder ist das ein isoliertes problem? ich nutze firefox als browser (allerdings bin ich nicht der ständige nutzer des rechners, da ich nun auf mac umgestiegen bin und den alten micro-rechner meinem sohn überlassen habe. weiß daher auch nicht so genau, was er alles umgestellt hat ... :schrei::schrei:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne,

habe alles gemache, kann nur nicht antworten, die Verbindung zum Server wird immer zurückgesetzt.
Ich versuche es jetzt mal ohne den scan ...


VG
Anke

So, das ging ja. Jetzt nochmal mit scan ...

pfff, geht wieder nicht, was mache ich falsch? Welche Möglichkeit habe ich noch, den scan zu schicken?

vg
anke

Lad das Log zB hier hoch => File-Upload.net

ComboFix 10-04-30.03 - *** 01.05.2010 15:55:03.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.659 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe
c:\dokumente und einstellungen\**\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6
c:\dokumente und einstellungen\**\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6\enemies-names.txt
c:\dokumente und einstellungen\**\Anwendungsdaten\A556232E4DF68386E3345CFF086B97E6\lsrslt.ini
c:\programme\CyberLink\PowerDVD\PDVDServ.exe
c:\programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe
c:\programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe
c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe
c:\programme\Synaptics\SynTP\SynTPEnh.exe
c:\programme\WindowsUpdate
c:\recycler\S-1-5-21-386437563-2475944886-3145706236-1003
c:\windows\system32\HDAShCut .exe
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll

Infizierte Kopie von c:\windows\system32\drivers\compbatt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-01 bis 2010-05-01 ))))))))))))))))))))))))))))))
.

2010-04-30 22:37 . 2010-04-30 22:37 -------- d-----w- C:\_OTL
2010-04-28 12:29 . 2010-04-28 12:29 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-04-27 21:26 . 2010-04-27 21:26 -------- d-----w- c:\programme\trend micro
2010-04-27 21:26 . 2010-04-27 21:30 -------- d-----w- C:\rsit
2010-04-27 21:09 . 2010-05-01 13:31 -------- d-----w- c:\programme\CCleaner
2010-04-27 17:48 . 2010-04-27 17:48 -------- d-----w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\Sophos
2010-04-27 15:06 . 2010-04-27 15:06 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\Malwarebytes
2010-04-27 15:06 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 15:06 . 2010-04-27 17:35 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-04-27 15:06 . 2010-04-27 15:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-27 15:06 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 12:52 . 2010-04-27 14:08 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 20:57 . 2010-04-25 20:57 -------- d-----w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2010-04-25 17:18 . 2010-04-25 17:18 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\AdobeUM
2010-04-25 16:45 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-19 14:34 . 2010-04-19 14:33 107520 --sh--r- c:\dokumente und einstellungen\**\Anwendungsdaten\nljf.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 14:09 . 2009-12-06 13:20 -------- d-----w- c:\programme\QuickTime
2010-05-01 13:50 . 2006-04-05 12:41 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-05-01 13:30 . 2007-02-03 17:54 69440 ----a-w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-05-01 13:14 . 2010-04-30 22:35 112 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\CsGly48.dat
2010-04-30 22:33 . 2009-07-25 19:12 -------- d-----w- c:\programme\iTunes
2010-04-30 22:33 . 2010-05-01 14:09 35844 ----a-w- c:\windows\Fonts\kks637.com
2010-04-28 09:41 . 2010-03-31 20:59 443912 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\setup.exe
2010-04-27 17:55 . 2009-12-06 13:10 69440 ----a-w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-27 14:20 . 2007-06-17 21:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-04-27 14:19 . 2010-02-16 16:10 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\EndNote
2010-04-27 14:01 . 2009-09-26 08:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2010-04-27 14:01 . 2009-09-26 08:39 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2010-04-27 14:01 . 2007-10-23 10:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-04-27 13:24 . 2009-09-27 15:32 -------- d-----w- c:\programme\DVDVideoSoft
2010-04-27 13:24 . 2009-09-27 15:32 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-04-27 13:22 . 2007-06-09 08:19 -------- d-----w- c:\programme\SlySoft
2010-04-27 13:21 . 2007-06-09 08:21 -------- d-----w- c:\programme\Elaborate Bytes
2010-04-27 13:18 . 2007-02-04 10:11 -------- d-----w- c:\programme\Canon
2010-04-27 09:47 . 2007-02-07 21:34 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\EndNote
2010-04-25 16:57 . 2009-10-09 14:50 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\ICQ
2010-04-19 22:07 . 2006-04-05 20:32 50046 ----a-w- c:\windows\system32\perfc007.dat
2010-04-19 22:07 . 2006-04-05 20:32 321606 ----a-w- c:\windows\system32\perfh007.dat
2010-04-15 22:48 . 2007-02-03 18:17 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-04-12 16:26 . 2009-11-08 11:14 79488 ----a-w- c:\dokumente und einstellungen\**\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-01 06:03 . 2010-04-01 06:02 21308912 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\rp\RealPlayerSPGold_de.exe
2010-04-01 06:02 . 2010-04-01 06:02 8405312 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-01 06:02 . 2010-04-01 06:02 149000 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-01 06:02 . 2010-04-01 06:02 10309448 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-01 06:02 . 2010-04-01 06:02 79368 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\vista.exe
2010-04-01 06:02 . 2010-04-01 06:02 64000 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-01 06:02 . 2010-04-01 06:02 52288 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-01 06:02 . 2010-04-01 06:02 50688 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-01 06:02 . 2010-04-01 06:02 49152 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-01 06:02 . 2010-04-01 06:02 118784 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-31 22:30 . 2010-03-31 22:30 2131336 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-11 12:31 . 2006-04-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2006-04-05 20:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2006-04-05 20:31 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-04-05 20:32 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 18:48 . 2010-03-06 18:48 -------- d-----w- c:\programme\Microsoft
2010-03-06 18:48 . 2010-03-06 18:47 -------- d-----w- c:\programme\Windows Live
2010-03-06 18:47 . 2010-03-06 18:47 -------- d-----w- c:\programme\Windows Live SkyDrive
2010-03-06 18:44 . 2010-03-06 18:44 -------- d-----w- c:\programme\Gemeinsame Dateien\Windows Live
2010-03-04 18:10 . 2010-03-04 18:10 -------- d-----w- c:\programme\iPod
2010-03-04 18:04 . 2010-03-04 18:04 72488 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 13:11 . 2006-04-05 20:31 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2006-04-05 20:31 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2004-08-04 00:50 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 22:36 . 2009-11-22 22:22 79488 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-12 04:33 . 2006-04-05 20:31 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-04-05 20:32 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
1999-10-27 16:20 . 1999-10-27 16:20 557328 ----a-w- c:\programme\Gemeinsame Dateien\DAO360.DLL
1998-06-30 14:12 . 1998-06-30 14:12 73184 -c--a-w- c:\programme\Gemeinsame Dateien\Dao2535.tlb
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\QTTask .exe -atboottime" [X]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2010-04-30 35844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"nwiz"="nwiz.exe" [2005-12-08 1519616]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [N/A]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2010-04-30 35844]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"MagicKeyboard"="c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe" [N/A]
"RestoreIT!"="c:\programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [N/A]
"DisplayManager"="c:\programme\Samsung\DisplayManager\DMLoader.exe" [2010-04-30 35844]
"AVStation Premium 3.75"="c:\programme\Samsung\AVStation Premium 3.75\AVSAgent.exe" [N/A]
"BatteryManager"="c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [N/A]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [N/A]
"B'sCLiP"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2010-04-30 35844]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2010-04-30 35844]
"IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe" [2010-05-01 35852]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-04-30 35844]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-04-30 35844]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-7-12 25214]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoUpdate Monitor.lnk - c:\programme\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
MindManager PDF Writer.lnk - c:\programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe [2003-2-21 61440]
VPN Client.lnk - c:\windows\Installer\{176130BC-99***-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-9-29 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Programme\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Programme\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [11.02.2007 21:22 10112]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [22.05.2006 19:07 43512]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [04.02.2007 13:39 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [04.02.2007 13:39 38528]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [19.06.2007 18:51 108768]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [11.02.2007 21:22 165248]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [05.04.2006 14:16 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [22.05.2006 19:07 5088]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [02.11.2009 09:45 80936]
R2 SAVService;Sophos Anti-Virus;c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [01.10.2008 10:56 98304]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28.11.2005 12:06 31744]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28.11.2005 12:06 19456]
S2 SNM WLAN Service;SNM WLAN Service;c:\programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe [28.05.2005 08:35 36864]
S3 AX88172;Belkin USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\AX88172.sys [13.04.2007 11:30 17648]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.02.2005 12:29 162176]
S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [22.05.2006 20:07 470112]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [11.02.2007 22:48 19840]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [01.10.2008 10:59 14976]
.
Inhalt des "geplante Tasks" Ordners

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-30 c:\windows\Tasks\At1.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At10.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At100.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At101.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At102.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At103.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At104.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At105.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At106.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At107.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At108.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At109.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At11.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At110.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At111.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At112.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At113.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At114.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At115.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At116.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At117.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At118.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At119.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At12.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At120.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At13.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At14.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At15.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At16.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At17.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At18.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At19.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At2.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At20.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At21.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At22.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At23.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At24.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At3.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At4.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At5.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At6.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At7.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At73.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At74.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At75.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At76.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At77.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At78.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At79.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At8.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At80.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At81.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At82.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At83.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At84.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At85.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At86.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At87.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At88.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At89.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-04-30 c:\windows\Tasks\At9.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At90.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At91.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At92.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At93.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At94.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At95.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At96.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At97.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At98.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]

2010-05-01 c:\windows\Tasks\At99.job
- c:\windows\Fonts\kks637.com [2010-05-01 22:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15015&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {4284AA5F-EAC1-43A8-95C2-5050604D007B} = 132.252.3.10,132.252.1.7
TCP: {4EC41B3B-6047-4906-9DA6-393D2C159AEE} = 134.95.129.23,134.95.19.48
TCP: {70D88571-C811-4C97-BCCB-FCCB35F3CE9C} = 132.252.3.10,132.252.1.7
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=
FF - component: c:\programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22}\components\b9cc1199.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
WebBrowser-{D4027C7F-154A-4066-***AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-01 16:09
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\system32\HDAShCut .exe 35844 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EB1AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78e0f28
\Driver\ACPI -> ACPI.sys @ 0xf7832cb8
\Driver\atapi -> atapi.sys @ 0xf77cc852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf76d8bb0
PacketIndicateHandler -> NDIS.sys @ 0xf76c7a0d
SendHandler -> NDIS.sys @ 0xf76dbb40
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Sophos\AutoUpdate\ALsvc.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\programme\Java\jre6\bin\jusched .exe
c:\programme\Analog Devices\Core\smax4pnp .exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn .exe
c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-01 16:18:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-01 14:18

Vor Suchlauf: 21 Verzeichnis(se), 33.329.205.248 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 33.211.977.728 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 993EE2A2CD9490FBB16BD4A39EB9AAC7

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du Deinen unkenntlich gemachten Benutzernamen in Deinen richtigen wieder verwandeln, sonst funktioniert das Script nicht!!

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

All processes killed
========== FILES ==========
c:\dokumente und einstellungen\**\Anwendungsdaten\nljf.exe moved successfully.
File\Folder c:\windows\Fonts\kks637.com not found.
c:\windows\Tasks\At1.job moved successfully.
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At100.job moved successfully.
c:\windows\Tasks\At101.job moved successfully.
c:\windows\Tasks\At102.job moved successfully.
c:\windows\Tasks\At103.job moved successfully.
c:\windows\Tasks\At104.job moved successfully.
c:\windows\Tasks\At105.job moved successfully.
c:\windows\Tasks\At106.job moved successfully.
c:\windows\Tasks\At107.job moved successfully.
c:\windows\Tasks\At108.job moved successfully.
c:\windows\Tasks\At109.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At110.job moved successfully.
c:\windows\Tasks\At111.job moved successfully.
c:\windows\Tasks\At112.job moved successfully.
c:\windows\Tasks\At113.job moved successfully.
c:\windows\Tasks\At114.job moved successfully.
c:\windows\Tasks\At115.job moved successfully.
c:\windows\Tasks\At116.job moved successfully.
c:\windows\Tasks\At117.job moved successfully.
c:\windows\Tasks\At118.job moved successfully.
c:\windows\Tasks\At119.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At120.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At73.job moved successfully.
c:\windows\Tasks\At74.job moved successfully.
c:\windows\Tasks\At75.job moved successfully.
c:\windows\Tasks\At76.job moved successfully.
c:\windows\Tasks\At77.job moved successfully.
c:\windows\Tasks\At78.job moved successfully.
c:\windows\Tasks\At79.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At80.job moved successfully.
c:\windows\Tasks\At81.job moved successfully.
c:\windows\Tasks\At82.job moved successfully.
c:\windows\Tasks\At83.job moved successfully.
c:\windows\Tasks\At84.job moved successfully.
c:\windows\Tasks\At85.job moved successfully.
c:\windows\Tasks\At86.job moved successfully.
c:\windows\Tasks\At87.job moved successfully.
c:\windows\Tasks\At88.job moved successfully.
c:\windows\Tasks\At89.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\windows\Tasks\At90.job moved successfully.
c:\windows\Tasks\At91.job moved successfully.
c:\windows\Tasks\At92.job moved successfully.
c:\windows\Tasks\At93.job moved successfully.
c:\windows\Tasks\At94.job moved successfully.
c:\windows\Tasks\At95.job moved successfully.
c:\windows\Tasks\At96.job moved successfully.
c:\windows\Tasks\At97.job moved successfully.
c:\windows\Tasks\At98.job moved successfully.
c:\windows\Tasks\At99.job moved successfully.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\CsGly48.dat moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ***
->Temp folder emptied: 71773 bytes
->Temporary Internet Files folder emptied: 398860 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45953740 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 562 bytes

User: All Users

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 491654 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3238610 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 05012010_202036

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sieht nicht so aus, als wäre alles weg, oder?
lg
anke

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/01/2010 at 11:12 PM

Application Version : 4.36.1006

Core Rules Database Version : 4877
Trace Rules Database Version: 2689

Scan type : Complete Scan
Total Scan Time : 02:15:20

Memory items scanned : 505
Memory threats detected : 0
Registry items scanned : 6094
Registry threats detected : 0
File items scanned : 123242
File threats detected : 15

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\***\Cookies\***@adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\***\Cookies\***@atdmt[2].txt
C:\Dokumente und Einstellungen\***\Cookies\***@bs.serving-sys[1].txt
C:\Dokumente und Einstellungen\***\Cookies\***@doubleclick[1].txt
C:\Dokumente und Einstellungen\***\Cookies\***@msnportal.112.2o7[1].txt
C:\Dokumente und Einstellungen\***\Cookies\***@serving-sys[1].txt

Trojan.Agent/Gen
C:\QOOBOX\QUARANTINE\C\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\7IAXK8NI.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1153\A0776344.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1154\A0776977.EXE
C:\_OTL\MOVEDFILES\05012010_003745\C_WINDOWS\SYSTEM32\YOUJA_.DLL

Adware.Vundo/Variant-Slider
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1151\A0774404.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774722.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774724.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774725.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP1152\A0774726.EXE


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4057

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

02.05.2010 00:45:42
mbam-log-2010-05-02 (00-45-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 267677
Time elapsed: 59 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Da waren nur noch einige Reste, die entfernt wurden. Rechner wieder ok?

nein, leider nicht ...
Der Browser versucht sich immer noch mit irgendwas zu verbinden, sieht man unten in der Leiste, und dieses lästige Popup-Fenster kommt auch immer noch. Heute morgen ist auch der IE wieder von allein aufgegangen.

Also die ganze Prozedur nochmal?? In welcher Reihenfolge? Oder hilft das jetzt auch nicht mehr weiter?

vg
anke

PS.: Ach ja, sophos hat heute morgen dies angezeigt: Mal/obfJS-CM in h**p://ticimat.com

Die Dinger werden immer hartnäckiger... :balla:
Mach bitte Logs mit OSAM und GMER und poste sie.

Hier schon mal das log von OSAM, mit dem gmer tut sich mein Rechner schwer, zweimal wurde der Vorgang gestoppt, weil ich (nach 3 Stunden!) schauen wollte, ob er fertig ist. Dann habe ich es über Nacht laufen lassen, da hat er sich aber auch aufgehängt, konnte kein log mehr sichern. Gibt es noch einAlternative?

vg
anke

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:23:55 on 03.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17023

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"At1.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At10.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At100.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At101.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At102.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At103.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At104.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At105.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At106.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At107.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At108.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At109.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At11.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At110.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At111.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At112.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At113.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At114.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At115.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At116.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At117.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At118.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At119.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At12.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At120.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At121.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At122.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At123.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At124.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At125.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At126.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At127.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At128.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At129.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At13.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At130.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At131.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At132.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At133.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At134.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At135.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At136.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At137.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At138.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At139.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At14.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At140.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At141.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At142.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At143.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At144.job" - ? - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At15.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At16.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At17.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At18.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At19.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At2.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At20.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At21.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At22.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At23.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At24.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At25.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At26.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At27.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At28.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At29.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At3.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At30.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At31.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At32.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At33.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At34.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At35.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At36.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At37.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At38.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At39.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At4.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At40.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At41.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At42.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At43.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At44.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At45.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At46.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At47.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At48.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At49.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At5.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At50.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At51.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At52.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At53.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At54.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At55.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At56.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At57.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At58.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At59.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At6.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At60.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At61.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At62.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At63.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At64.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At65.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At66.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At67.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At68.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At69.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At7.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At70.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At71.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At72.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At73.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At74.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At75.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At76.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At77.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At78.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At79.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At8.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At80.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At81.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At82.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At83.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At84.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At85.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At86.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At87.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At88.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At89.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At9.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At90.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At91.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At92.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At93.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At94.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At95.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At96.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At97.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At98.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At99.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\WINDOWS\system32\MagicKBD.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"pdfSaver.cpl" - "Tracker Software Products" - C:\WINDOWS\system32\pdfSaver.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
"SRSCpl" - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\srscpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found)
"ASCTRM" (ASCTRM) - ? - C:\WINDOWS\system32\drivers\ASCTRM.sys (File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"B.H.A Storage Helper Driver" (BsStor) - "Cyberlink Co.,Ltd." - C:\WINDOWS\system32\drivers\BsStor.sys
"B.H.A UDF Filesystem" (BsUDF) - "CyberLink Corporation." - C:\WINDOWS\system32\drivers\BsUDF.sys
"Belkin USB 2.0 to Fast Ethernet Adapter" (AX88172) - "ASIX Electronics Corp." - C:\WINDOWS\System32\DRIVERS\AX88172.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"FBAPI" (FBAPI) - ? - C:\WINDOWS\system32\drivers\FBAPI.sys (File found, but it contains no detailed information)
"ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MEMIO" (DOSMEMIO) - ? - C:\WINDOWS\system32\MEMIO.SYS (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RITCPT" (RITCPT) - ? - C:\WINDOWS\system32\drivers\RITCPT.sys (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"SUE NDIS Protocol Driver" (SUEPD) - "Samsung" - C:\WINDOWS\System32\DRIVERS\SUE_PD.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WOW XT Filter Driver" (wowfilter) - ? - C:\WINDOWS\System32\drivers\wowfilter.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} "MS TrueType File Properties" - "Microsoft Corporation" - C:\Programme\OpenType Extension\TTFExtNT.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.5.0" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists)
"AutoUpdate Monitor.lnk" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"MindManager PDF Writer.lnk" - "Tracker Software Products" - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\a1\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - ? - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - ? - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (File found, but it contains no detailed information)
"AVStation Premium 3.75" - ? - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe (File not found)
"B'sCLiP" - ? - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (File not found)
"BatteryManager" - ? - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe (File not found)
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DisplayManager" - ? - C:\Programme\Samsung\DisplayManager\DMLoader.exe (File found, but it contains no detailed information)
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"IJNetworkScanUtility" - ? - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe (File found, but it contains no detailed information)
"iTunesHelper" - ? - "C:\Programme\iTunes\iTunesHelper.exe" (File found, but it contains no detailed information)
"MagicKeyboard" - ? - C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe (File not found)
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask .exe" -atboottime
"RemoteControl" - ? - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (File not found)
"RestoreIT!" - ? - "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart (File not found)
"SoundMAXPnP" - ? - C:\Programme\Analog Devices\Core\smax4pnp.exe (File found, but it contains no detailed information)
"SunJavaUpdateSched" - ? - "C:\Programme\Java\jre6\bin\jusched.exe" (File not found)
"SynTPEnh" - ? - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (File not found)
"TkBellExe" - ? - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (File found, but it contains no detailed information)
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite" - ? - HDAShCut.exe (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information)
"SNM WLAN Service" (SNM WLAN Service) - ? - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (File found, but it contains no detailed information)
"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - c:\Programme\Sophos\AutoUpdate\ALsvc.exe
"SRS PostInstaller Service" (SRS_PostInstaller) - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
"igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

gmer hatte ich heute morgen nochmal gestartet, jetzt hat es geklappt!
auch den log-file von OTL poste ich jetzt, das habe ich gerade durchlaufen lassen.


GMER 1.0.15.15281 - hxxp://w*w.gmer.net
Rootkit scan 2010-05-04 16:31:09
Windows 5.1.2600 Service Pack 3
Running: 5l9rhqgi.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uftiqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3116900]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF682E360, 0x2154AD, 0xE8000020]
.text C:\WINDOWS\system32\drivers\ACEDRV08.sys section is writeable [0xBAC5F000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0xBACA3000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV08.sys unknown last section [0xBACBF000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xBA10C300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7B4C300, 0x1B7E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (Windows2000)/CyberLink Corporation.)
Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (Windows2000)/CyberLink Corporation.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (Windows2000)/CyberLink Corporation.)

---- EOF - GMER 1.0.15 ----




OTL


All processes killed
========== FILES ==========
c:\windows\tasks\At1.job moved successfully.
c:\windows\tasks\At10.job moved successfully.
c:\windows\tasks\At100.job moved successfully.
c:\windows\tasks\At101.job moved successfully.
c:\windows\tasks\At102.job moved successfully.
c:\windows\tasks\At103.job moved successfully.
c:\windows\tasks\At104.job moved successfully.
c:\windows\tasks\At105.job moved successfully.
c:\windows\tasks\At106.job moved successfully.
c:\windows\tasks\At107.job moved successfully.
c:\windows\tasks\At108.job moved successfully.
c:\windows\tasks\At109.job moved successfully.
c:\windows\tasks\At11.job moved successfully.
c:\windows\tasks\At110.job moved successfully.
c:\windows\tasks\At111.job moved successfully.
c:\windows\tasks\At112.job moved successfully.
c:\windows\tasks\At113.job moved successfully.
c:\windows\tasks\At114.job moved successfully.
c:\windows\tasks\At115.job moved successfully.
c:\windows\tasks\At116.job moved successfully.
c:\windows\tasks\At117.job moved successfully.
c:\windows\tasks\At118.job moved successfully.
c:\windows\tasks\At119.job moved successfully.
c:\windows\tasks\At12.job moved successfully.
c:\windows\tasks\At120.job moved successfully.
c:\windows\tasks\At121.job moved successfully.
c:\windows\tasks\At122.job moved successfully.
c:\windows\tasks\At123.job moved successfully.
c:\windows\tasks\At124.job moved successfully.
c:\windows\tasks\At125.job moved successfully.
c:\windows\tasks\At126.job moved successfully.
c:\windows\tasks\At127.job moved successfully.
c:\windows\tasks\At128.job moved successfully.
c:\windows\tasks\At129.job moved successfully.
c:\windows\tasks\At13.job moved successfully.
c:\windows\tasks\At130.job moved successfully.
c:\windows\tasks\At131.job moved successfully.
c:\windows\tasks\At132.job moved successfully.
c:\windows\tasks\At133.job moved successfully.
c:\windows\tasks\At134.job moved successfully.
c:\windows\tasks\At135.job moved successfully.
c:\windows\tasks\At136.job moved successfully.
c:\windows\tasks\At137.job moved successfully.
c:\windows\tasks\At138.job moved successfully.
c:\windows\tasks\At139.job moved successfully.
c:\windows\tasks\At14.job moved successfully.
c:\windows\tasks\At140.job moved successfully.
c:\windows\tasks\At141.job moved successfully.
c:\windows\tasks\At142.job moved successfully.
c:\windows\tasks\At143.job moved successfully.
c:\windows\tasks\At144.job moved successfully.
c:\windows\tasks\At145.job moved successfully.
c:\windows\tasks\At146.job moved successfully.
c:\windows\tasks\At147.job moved successfully.
c:\windows\tasks\At148.job moved successfully.
c:\windows\tasks\At149.job moved successfully.
c:\windows\tasks\At15.job moved successfully.
c:\windows\tasks\At150.job moved successfully.
c:\windows\tasks\At151.job moved successfully.
c:\windows\tasks\At152.job moved successfully.
c:\windows\tasks\At153.job moved successfully.
c:\windows\tasks\At154.job moved successfully.
c:\windows\tasks\At155.job moved successfully.
c:\windows\tasks\At156.job moved successfully.
c:\windows\tasks\At157.job moved successfully.
c:\windows\tasks\At158.job moved successfully.
c:\windows\tasks\At159.job moved successfully.
c:\windows\tasks\At16.job moved successfully.
c:\windows\tasks\At160.job moved successfully.
c:\windows\tasks\At161.job moved successfully.
c:\windows\tasks\At162.job moved successfully.
c:\windows\tasks\At163.job moved successfully.
c:\windows\tasks\At164.job moved successfully.
c:\windows\tasks\At165.job moved successfully.
c:\windows\tasks\At166.job moved successfully.
c:\windows\tasks\At167.job moved successfully.
c:\windows\tasks\At168.job moved successfully.
c:\windows\tasks\At169.job moved successfully.
c:\windows\tasks\At17.job moved successfully.
c:\windows\tasks\At170.job moved successfully.
c:\windows\tasks\At171.job moved successfully.
c:\windows\tasks\At172.job moved successfully.
c:\windows\tasks\At173.job moved successfully.
c:\windows\tasks\At174.job moved successfully.
c:\windows\tasks\At175.job moved successfully.
c:\windows\tasks\At176.job moved successfully.
c:\windows\tasks\At177.job moved successfully.
c:\windows\tasks\At178.job moved successfully.
c:\windows\tasks\At179.job moved successfully.
c:\windows\tasks\At18.job moved successfully.
c:\windows\tasks\At180.job moved successfully.
c:\windows\tasks\At181.job moved successfully.
c:\windows\tasks\At182.job moved successfully.
c:\windows\tasks\At183.job moved successfully.
c:\windows\tasks\At184.job moved successfully.
c:\windows\tasks\At185.job moved successfully.
c:\windows\tasks\At186.job moved successfully.
c:\windows\tasks\At187.job moved successfully.
c:\windows\tasks\At188.job moved successfully.
c:\windows\tasks\At189.job moved successfully.
c:\windows\tasks\At19.job moved successfully.
c:\windows\tasks\At190.job moved successfully.
c:\windows\tasks\At191.job moved successfully.
c:\windows\tasks\At192.job moved successfully.
c:\windows\tasks\At193.job moved successfully.
c:\windows\tasks\At194.job moved successfully.
c:\windows\tasks\At195.job moved successfully.
c:\windows\tasks\At196.job moved successfully.
c:\windows\tasks\At197.job moved successfully.
c:\windows\tasks\At198.job moved successfully.
c:\windows\tasks\At199.job moved successfully.
c:\windows\tasks\At2.job moved successfully.
c:\windows\tasks\At20.job moved successfully.
c:\windows\tasks\At200.job moved successfully.
c:\windows\tasks\At201.job moved successfully.
c:\windows\tasks\At202.job moved successfully.
c:\windows\tasks\At203.job moved successfully.
c:\windows\tasks\At204.job moved successfully.
c:\windows\tasks\At205.job moved successfully.
c:\windows\tasks\At206.job moved successfully.
c:\windows\tasks\At207.job moved successfully.
c:\windows\tasks\At208.job moved successfully.
c:\windows\tasks\At209.job moved successfully.
c:\windows\tasks\At21.job moved successfully.
c:\windows\tasks\At210.job moved successfully.
c:\windows\tasks\At211.job moved successfully.
c:\windows\tasks\At212.job moved successfully.
c:\windows\tasks\At213.job moved successfully.
c:\windows\tasks\At214.job moved successfully.
c:\windows\tasks\At215.job moved successfully.
c:\windows\tasks\At216.job moved successfully.
c:\windows\tasks\At217.job moved successfully.
c:\windows\tasks\At218.job moved successfully.
c:\windows\tasks\At219.job moved successfully.
c:\windows\tasks\At22.job moved successfully.
c:\windows\tasks\At220.job moved successfully.
c:\windows\tasks\At221.job moved successfully.
c:\windows\tasks\At222.job moved successfully.
c:\windows\tasks\At223.job moved successfully.
c:\windows\tasks\At224.job moved successfully.
c:\windows\tasks\At225.job moved successfully.
c:\windows\tasks\At226.job moved successfully.
c:\windows\tasks\At227.job moved successfully.
c:\windows\tasks\At228.job moved successfully.
c:\windows\tasks\At229.job moved successfully.
c:\windows\tasks\At23.job moved successfully.
c:\windows\tasks\At230.job moved successfully.
c:\windows\tasks\At231.job moved successfully.
c:\windows\tasks\At232.job moved successfully.
c:\windows\tasks\At233.job moved successfully.
c:\windows\tasks\At234.job moved successfully.
c:\windows\tasks\At235.job moved successfully.
c:\windows\tasks\At236.job moved successfully.
c:\windows\tasks\At237.job moved successfully.
c:\windows\tasks\At238.job moved successfully.
c:\windows\tasks\At239.job moved successfully.
c:\windows\tasks\At24.job moved successfully.
c:\windows\tasks\At240.job moved successfully.
c:\windows\tasks\At241.job moved successfully.
c:\windows\tasks\At242.job moved successfully.
c:\windows\tasks\At243.job moved successfully.
c:\windows\tasks\At244.job moved successfully.
c:\windows\tasks\At245.job moved successfully.
c:\windows\tasks\At246.job moved successfully.
c:\windows\tasks\At247.job moved successfully.
c:\windows\tasks\At248.job moved successfully.
c:\windows\tasks\At249.job moved successfully.
c:\windows\tasks\At25.job moved successfully.
c:\windows\tasks\At250.job moved successfully.
c:\windows\tasks\At251.job moved successfully.
c:\windows\tasks\At252.job moved successfully.
c:\windows\tasks\At253.job moved successfully.
c:\windows\tasks\At254.job moved successfully.
c:\windows\tasks\At255.job moved successfully.
c:\windows\tasks\At256.job moved successfully.
c:\windows\tasks\At257.job moved successfully.
c:\windows\tasks\At258.job moved successfully.
c:\windows\tasks\At259.job moved successfully.
c:\windows\tasks\At26.job moved successfully.
c:\windows\tasks\At260.job moved successfully.
c:\windows\tasks\At261.job moved successfully.
c:\windows\tasks\At262.job moved successfully.
c:\windows\tasks\At263.job moved successfully.
c:\windows\tasks\At264.job moved successfully.
c:\windows\tasks\At265.job moved successfully.
c:\windows\tasks\At266.job moved successfully.
c:\windows\tasks\At267.job moved successfully.
c:\windows\tasks\At268.job moved successfully.
c:\windows\tasks\At269.job moved successfully.
c:\windows\tasks\At27.job moved successfully.
c:\windows\tasks\At270.job moved successfully.
c:\windows\tasks\At271.job moved successfully.
c:\windows\tasks\At272.job moved successfully.
c:\windows\tasks\At273.job moved successfully.
c:\windows\tasks\At274.job moved successfully.
c:\windows\tasks\At275.job moved successfully.
c:\windows\tasks\At276.job moved successfully.
c:\windows\tasks\At277.job moved successfully.
c:\windows\tasks\At278.job moved successfully.
c:\windows\tasks\At279.job moved successfully.
c:\windows\tasks\At28.job moved successfully.
c:\windows\tasks\At280.job moved successfully.
c:\windows\tasks\At281.job moved successfully.
c:\windows\tasks\At282.job moved successfully.
c:\windows\tasks\At283.job moved successfully.
c:\windows\tasks\At284.job moved successfully.
c:\windows\tasks\At285.job moved successfully.
c:\windows\tasks\At286.job moved successfully.
c:\windows\tasks\At287.job moved successfully.
c:\windows\tasks\At288.job moved successfully.
c:\windows\tasks\At289.job moved successfully.
c:\windows\tasks\At29.job moved successfully.
c:\windows\tasks\At290.job moved successfully.
c:\windows\tasks\At291.job moved successfully.
c:\windows\tasks\At292.job moved successfully.
c:\windows\tasks\At293.job moved successfully.
c:\windows\tasks\At294.job moved successfully.
c:\windows\tasks\At295.job moved successfully.
c:\windows\tasks\At296.job moved successfully.
c:\windows\tasks\At297.job moved successfully.
c:\windows\tasks\At298.job moved successfully.
c:\windows\tasks\At299.job moved successfully.
c:\windows\tasks\At3.job moved successfully.
c:\windows\tasks\At30.job moved successfully.
c:\windows\tasks\At300.job moved successfully.
c:\windows\tasks\At301.job moved successfully.
c:\windows\tasks\At302.job moved successfully.
c:\windows\tasks\At303.job moved successfully.
c:\windows\tasks\At304.job moved successfully.
c:\windows\tasks\At305.job moved successfully.
c:\windows\tasks\At306.job moved successfully.
c:\windows\tasks\At307.job moved successfully.
c:\windows\tasks\At308.job moved successfully.
c:\windows\tasks\At309.job moved successfully.
c:\windows\tasks\At31.job moved successfully.
c:\windows\tasks\At310.job moved successfully.
c:\windows\tasks\At311.job moved successfully.
c:\windows\tasks\At312.job moved successfully.
c:\windows\tasks\At313.job moved successfully.
c:\windows\tasks\At314.job moved successfully.
c:\windows\tasks\At315.job moved successfully.
c:\windows\tasks\At316.job moved successfully.
c:\windows\tasks\At317.job moved successfully.
c:\windows\tasks\At318.job moved successfully.
c:\windows\tasks\At319.job moved successfully.
c:\windows\tasks\At32.job moved successfully.
c:\windows\tasks\At320.job moved successfully.
c:\windows\tasks\At321.job moved successfully.
c:\windows\tasks\At322.job moved successfully.
c:\windows\tasks\At323.job moved successfully.
c:\windows\tasks\At324.job moved successfully.
c:\windows\tasks\At325.job moved successfully.
c:\windows\tasks\At326.job moved successfully.
c:\windows\tasks\At327.job moved successfully.
c:\windows\tasks\At328.job moved successfully.
c:\windows\tasks\At329.job moved successfully.
c:\windows\tasks\At33.job moved successfully.
c:\windows\tasks\At330.job moved successfully.
c:\windows\tasks\At331.job moved successfully.
c:\windows\tasks\At332.job moved successfully.
c:\windows\tasks\At333.job moved successfully.
c:\windows\tasks\At334.job moved successfully.
c:\windows\tasks\At335.job moved successfully.
c:\windows\tasks\At336.job moved successfully.
c:\windows\tasks\At337.job moved successfully.
c:\windows\tasks\At338.job moved successfully.
c:\windows\tasks\At339.job moved successfully.
c:\windows\tasks\At34.job moved successfully.
c:\windows\tasks\At340.job moved successfully.
c:\windows\tasks\At341.job moved successfully.
c:\windows\tasks\At342.job moved successfully.
c:\windows\tasks\At343.job moved successfully.
c:\windows\tasks\At344.job moved successfully.
c:\windows\tasks\At345.job moved successfully.
c:\windows\tasks\At346.job moved successfully.
c:\windows\tasks\At347.job moved successfully.
c:\windows\tasks\At348.job moved successfully.
c:\windows\tasks\At349.job moved successfully.
c:\windows\tasks\At35.job moved successfully.
c:\windows\tasks\At350.job moved successfully.
c:\windows\tasks\At351.job moved successfully.
c:\windows\tasks\At352.job moved successfully.
c:\windows\tasks\At353.job moved successfully.
c:\windows\tasks\At354.job moved successfully.
c:\windows\tasks\At355.job moved successfully.
c:\windows\tasks\At356.job moved successfully.
c:\windows\tasks\At357.job moved successfully.
c:\windows\tasks\At358.job moved successfully.
c:\windows\tasks\At359.job moved successfully.
c:\windows\tasks\At36.job moved successfully.
c:\windows\tasks\At360.job moved successfully.
c:\windows\tasks\At361.job moved successfully.
c:\windows\tasks\At362.job moved successfully.
c:\windows\tasks\At363.job moved successfully.
c:\windows\tasks\At364.job moved successfully.
c:\windows\tasks\At365.job moved successfully.
c:\windows\tasks\At366.job moved successfully.
c:\windows\tasks\At367.job moved successfully.
c:\windows\tasks\At368.job moved successfully.
c:\windows\tasks\At369.job moved successfully.
c:\windows\tasks\At37.job moved successfully.
c:\windows\tasks\At370.job moved successfully.
c:\windows\tasks\At371.job moved successfully.
c:\windows\tasks\At372.job moved successfully.
c:\windows\tasks\At373.job moved successfully.
c:\windows\tasks\At374.job moved successfully.
c:\windows\tasks\At375.job moved successfully.
c:\windows\tasks\At376.job moved successfully.
c:\windows\tasks\At377.job moved successfully.
c:\windows\tasks\At378.job moved successfully.
c:\windows\tasks\At379.job moved successfully.
c:\windows\tasks\At38.job moved successfully.
c:\windows\tasks\At380.job moved successfully.
c:\windows\tasks\At381.job moved successfully.
c:\windows\tasks\At382.job moved successfully.
c:\windows\tasks\At383.job moved successfully.
c:\windows\tasks\At384.job moved successfully.
c:\windows\tasks\At385.job moved successfully.
c:\windows\tasks\At386.job moved successfully.
c:\windows\tasks\At387.job moved successfully.
c:\windows\tasks\At388.job moved successfully.
c:\windows\tasks\At389.job moved successfully.
c:\windows\tasks\At39.job moved successfully.
c:\windows\tasks\At390.job moved successfully.
c:\windows\tasks\At391.job moved successfully.
c:\windows\tasks\At392.job moved successfully.
c:\windows\tasks\At393.job moved successfully.
c:\windows\tasks\At394.job moved successfully.
c:\windows\tasks\At395.job moved successfully.
c:\windows\tasks\At396.job moved successfully.
c:\windows\tasks\At397.job moved successfully.
c:\windows\tasks\At398.job moved successfully.
c:\windows\tasks\At399.job moved successfully.
c:\windows\tasks\At4.job moved successfully.
c:\windows\tasks\At40.job moved successfully.
c:\windows\tasks\At400.job moved successfully.
c:\windows\tasks\At401.job moved successfully.
c:\windows\tasks\At402.job moved successfully.
c:\windows\tasks\At403.job moved successfully.
c:\windows\tasks\At404.job moved successfully.
c:\windows\tasks\At405.job moved successfully.
c:\windows\tasks\At406.job moved successfully.
c:\windows\tasks\At407.job moved successfully.
c:\windows\tasks\At408.job moved successfully.
c:\windows\tasks\At409.job moved successfully.
c:\windows\tasks\At41.job moved successfully.
c:\windows\tasks\At410.job moved successfully.
c:\windows\tasks\At411.job moved successfully.
c:\windows\tasks\At412.job moved successfully.
c:\windows\tasks\At413.job moved successfully.
c:\windows\tasks\At414.job moved successfully.
c:\windows\tasks\At415.job moved successfully.
c:\windows\tasks\At416.job moved successfully.
c:\windows\tasks\At417.job moved successfully.
c:\windows\tasks\At418.job moved successfully.
c:\windows\tasks\At419.job moved successfully.
c:\windows\tasks\At42.job moved successfully.
c:\windows\tasks\At420.job moved successfully.
c:\windows\tasks\At421.job moved successfully.
c:\windows\tasks\At422.job moved successfully.
c:\windows\tasks\At423.job moved successfully.
c:\windows\tasks\At424.job moved successfully.
c:\windows\tasks\At425.job moved successfully.
c:\windows\tasks\At426.job moved successfully.
c:\windows\tasks\At427.job moved successfully.
c:\windows\tasks\At428.job moved successfully.
c:\windows\tasks\At429.job moved successfully.
c:\windows\tasks\At43.job moved successfully.
c:\windows\tasks\At430.job moved successfully.
c:\windows\tasks\At431.job moved successfully.
c:\windows\tasks\At432.job moved successfully.
c:\windows\tasks\At433.job moved successfully.
c:\windows\tasks\At434.job moved successfully.
c:\windows\tasks\At435.job moved successfully.
c:\windows\tasks\At436.job moved successfully.
c:\windows\tasks\At437.job moved successfully.
c:\windows\tasks\At438.job moved successfully.
c:\windows\tasks\At439.job moved successfully.
c:\windows\tasks\At44.job moved successfully.
c:\windows\tasks\At440.job moved successfully.
c:\windows\tasks\At441.job moved successfully.
c:\windows\tasks\At442.job moved successfully.
c:\windows\tasks\At443.job moved successfully.
c:\windows\tasks\At444.job moved successfully.
c:\windows\tasks\At445.job moved successfully.
c:\windows\tasks\At446.job moved successfully.
c:\windows\tasks\At447.job moved successfully.
c:\windows\tasks\At448.job moved successfully.
c:\windows\tasks\At449.job moved successfully.
c:\windows\tasks\At45.job moved successfully.
c:\windows\tasks\At450.job moved successfully.
c:\windows\tasks\At451.job moved successfully.
c:\windows\tasks\At452.job moved successfully.
c:\windows\tasks\At453.job moved successfully.
c:\windows\tasks\At454.job moved successfully.
c:\windows\tasks\At455.job moved successfully.
c:\windows\tasks\At456.job moved successfully.
c:\windows\tasks\At46.job moved successfully.
c:\windows\tasks\At47.job moved successfully.
c:\windows\tasks\At48.job moved successfully.
c:\windows\tasks\At49.job moved successfully.
c:\windows\tasks\At5.job moved successfully.
c:\windows\tasks\At50.job moved successfully.
c:\windows\tasks\At51.job moved successfully.
c:\windows\tasks\At52.job moved successfully.
c:\windows\tasks\At53.job moved successfully.
c:\windows\tasks\At54.job moved successfully.
c:\windows\tasks\At55.job moved successfully.
c:\windows\tasks\At56.job moved successfully.
c:\windows\tasks\At57.job moved successfully.
c:\windows\tasks\At58.job moved successfully.
c:\windows\tasks\At59.job moved successfully.
c:\windows\tasks\At6.job moved successfully.
c:\windows\tasks\At60.job moved successfully.
c:\windows\tasks\At61.job moved successfully.
c:\windows\tasks\At62.job moved successfully.
c:\windows\tasks\At63.job moved successfully.
c:\windows\tasks\At64.job moved successfully.
c:\windows\tasks\At65.job moved successfully.
c:\windows\tasks\At66.job moved successfully.
c:\windows\tasks\At67.job moved successfully.
c:\windows\tasks\At68.job moved successfully.
c:\windows\tasks\At69.job moved successfully.
c:\windows\tasks\At7.job moved successfully.
c:\windows\tasks\At70.job moved successfully.
c:\windows\tasks\At71.job moved successfully.
c:\windows\tasks\At72.job moved successfully.
c:\windows\tasks\At73.job moved successfully.
c:\windows\tasks\At74.job moved successfully.
c:\windows\tasks\At75.job moved successfully.
c:\windows\tasks\At76.job moved successfully.
c:\windows\tasks\At77.job moved successfully.
c:\windows\tasks\At78.job moved successfully.
c:\windows\tasks\At79.job moved successfully.
c:\windows\tasks\At8.job moved successfully.
c:\windows\tasks\At80.job moved successfully.
c:\windows\tasks\At81.job moved successfully.
c:\windows\tasks\At82.job moved successfully.
c:\windows\tasks\At83.job moved successfully.
c:\windows\tasks\At84.job moved successfully.
c:\windows\tasks\At85.job moved successfully.
c:\windows\tasks\At86.job moved successfully.
c:\windows\tasks\At87.job moved successfully.
c:\windows\tasks\At88.job moved successfully.
c:\windows\tasks\At89.job moved successfully.
c:\windows\tasks\At9.job moved successfully.
c:\windows\tasks\At90.job moved successfully.
c:\windows\tasks\At91.job moved successfully.
c:\windows\tasks\At92.job moved successfully.
c:\windows\tasks\At93.job moved successfully.
c:\windows\tasks\At94.job moved successfully.
c:\windows\tasks\At95.job moved successfully.
c:\windows\tasks\At96.job moved successfully.
c:\windows\tasks\At97.job moved successfully.
c:\windows\tasks\At98.job moved successfully.
c:\windows\tasks\At99.job moved successfully.
File\Folder C:\WINDOWS\Fonts\*.com not found.
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\*.exe not found.
C:\WINDOWS\system32\kks637.com moved successfully.
C:\WINDOWS\system32\drivers\FBAPI.sys moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ***
->Temp folder emptied: 649493 bytes
->Temporary Internet Files folder emptied: 7757144 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27839799 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 562 bytes

User: All Users

User: **
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: **
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: **
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3284366 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38,00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 05042010_163712

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Im Browser öffnen sich Werbebanner und auch dieses lästige Popup ist noch da.

Poste bitte ein frisches OSAM Log.

Lieber Arne,

erstmal zwischendurch ein herzliches Dankeschön für Deine Geduld!!! :applaus:


hier das osam-log

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:13:37 on 04.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17023

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"At1.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At10.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At11.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At12.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At13.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At14.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At15.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At16.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At17.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At18.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At19.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At2.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At20.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At21.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At22.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At23.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At24.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At25.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At26.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At27.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At28.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At29.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At3.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At30.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At31.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At32.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At33.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At34.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At35.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At36.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At37.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At38.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At39.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At4.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At40.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At41.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At42.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At43.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At44.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At45.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At46.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At47.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At48.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
"At5.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At6.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At7.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At8.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)
"At9.job" - ? - C:\WINDOWS\Fonts\kks637.com (File not found)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\WINDOWS\system32\MagicKBD.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"pdfSaver.cpl" - "Tracker Software Products" - C:\WINDOWS\system32\pdfSaver.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
"SRSCpl" - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\srscpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found)
"ASCTRM" (ASCTRM) - ? - C:\WINDOWS\system32\drivers\ASCTRM.sys (File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"B.H.A Storage Helper Driver" (BsStor) - "Cyberlink Co.,Ltd." - C:\WINDOWS\system32\drivers\BsStor.sys
"B.H.A UDF Filesystem" (BsUDF) - "CyberLink Corporation." - C:\WINDOWS\system32\drivers\BsUDF.sys
"Belkin USB 2.0 to Fast Ethernet Adapter" (AX88172) - "ASIX Electronics Corp." - C:\WINDOWS\System32\DRIVERS\AX88172.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"FBAPI" (FBAPI) - ? - C:\WINDOWS\system32\drivers\FBAPI.sys (File not found)
"ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MEMIO" (DOSMEMIO) - ? - C:\WINDOWS\system32\MEMIO.SYS (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RITCPT" (RITCPT) - ? - C:\WINDOWS\system32\drivers\RITCPT.sys (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"SUE NDIS Protocol Driver" (SUEPD) - "Samsung" - C:\WINDOWS\System32\DRIVERS\SUE_PD.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WOW XT Filter Driver" (wowfilter) - ? - C:\WINDOWS\System32\drivers\wowfilter.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} "MS TrueType File Properties" - "Microsoft Corporation" - C:\Programme\OpenType Extension\TTFExtNT.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.5.0" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists)
"AutoUpdate Monitor.lnk" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"MindManager PDF Writer.lnk" - "Tracker Software Products" - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\a1\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - ? - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - ? - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (File found, but it contains no detailed information)
"AVStation Premium 3.75" - ? - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe (File not found)
"B'sCLiP" - ? - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (File not found)
"BatteryManager" - ? - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe (File not found)
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DisplayManager" - ? - C:\Programme\Samsung\DisplayManager\DMLoader.exe (File found, but it contains no detailed information)
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"IJNetworkScanUtility" - ? - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe (File found, but it contains no detailed information)
"iTunesHelper" - ? - "C:\Programme\iTunes\iTunesHelper.exe" (File found, but it contains no detailed information)
"MagicKeyboard" - ? - C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe (File not found)
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask .exe" -atboottime
"RemoteControl" - ? - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (File not found)
"RestoreIT!" - ? - "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart (File not found)
"SoundMAXPnP" - ? - C:\Programme\Analog Devices\Core\smax4pnp.exe (File found, but it contains no detailed information)
"SunJavaUpdateSched" - ? - "C:\Programme\Java\jre6\bin\jusched.exe" (File not found)
"SynTPEnh" - ? - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (File not found)
"TkBellExe" - ? - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (File found, but it contains no detailed information)
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite" - ? - HDAShCut.exe (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information)
"SNM WLAN Service" (SNM WLAN Service) - ? - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (File found, but it contains no detailed information)
"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - c:\Programme\Sophos\AutoUpdate\ALsvc.exe
"SRS PostInstaller Service" (SRS_PostInstaller) - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
"igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Diese komischen at-Jobs sind da noch immer :balla:
Bitte alle Einträge mit OSAM fixen:

Sorry aber ich finde es lustig!

Punkt 1: alle Windows Updates aufspielen.
Punkt 2 Firewall installieren
Punkt 3 kk.exe von kasperski drüberjagen (freeware)
erst dann kannst du den rest entfernen

c:\windows\tasks\At152.job moved successfully.
c:\windows\tasks\At153.job moved successfully. ...

Das sind typische Conficker Jobs. und den zu entfernen ist nicht mehr so schwer.

Gruss vom Russ

und ganz wichtig ist es noch deine USB Sticks zu prüfen, autorun zu deaktivieren (geht auch mit kk.exe einfach), und die anderen Rechner im netz zu säubern (vorausgesetzt du hast mehrere rechner am netz)

Bring ihn jetzt nicht durcheinander. Er soll erst die Dinger entfernen und die Windows-Updates kommen zum Schluss!

hier ist das frische OSAM-Log, ich lass mich mal durch die weiteren Anmerkungen nicht durcheinander bringen ... als weitere Rechner ist ein Mac am Netz und noch ein Windows-Rechner, der bisher keine Symptome zeigt, hoffe, das bleibt auch so ...


Ach ja, OSAM hat sich aufgehangen, so dass ich nur das "frische" Log habe, nicht der Zwischenbericht ...

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:52:29 on 04.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17023

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"At100.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At101.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At102.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At103.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At104.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At105.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At106.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At107.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At108.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At109.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At110.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At111.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At112.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At113.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At114.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At115.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At116.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At117.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At118.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At119.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At120.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At49.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At50.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At51.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At52.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At53.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At54.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At55.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At56.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At57.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At58.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At59.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At60.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At61.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At62.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At63.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At64.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At65.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At66.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At67.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At68.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At69.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At70.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At71.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At72.job" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe (File found, but it contains no detailed information)
"At97.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At98.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
"At99.job" - ? - C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe (File found, but it contains no detailed information)
(Disabled) "At1.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At10.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At11.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At12.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At13.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At14.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At15.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At16.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At17.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At18.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At19.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At2.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At20.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At21.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At22.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At23.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At24.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At25.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At26.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At27.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At28.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At29.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At3.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At30.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At31.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At32.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At33.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At34.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At35.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At36.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At37.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At38.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At39.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At4.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At40.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At41.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At42.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At43.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At44.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At45.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At46.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At47.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At48.job" - ? - C:\WINDOWS\system32\kks637.com (File found, but it contains no detailed information)
(Disabled) "At5.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At6.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At7.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At73.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At74.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At75.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At76.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At77.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At78.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At79.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At8.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At80.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At81.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At82.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At83.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At84.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At85.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At86.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At87.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At88.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At89.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At9.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At90.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At91.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At92.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At93.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At94.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At95.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)
(Disabled) "At96.job" - ? - C:\WINDOWS\Fonts\kks637.com (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\WINDOWS\system32\MagicKBD.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"pdfSaver.cpl" - "Tracker Software Products" - C:\WINDOWS\system32\pdfSaver.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
"SRSCpl" - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\srscpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found)
"ASCTRM" (ASCTRM) - ? - C:\WINDOWS\system32\drivers\ASCTRM.sys (File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"B.H.A Storage Helper Driver" (BsStor) - "Cyberlink Co.,Ltd." - C:\WINDOWS\system32\drivers\BsStor.sys
"B.H.A UDF Filesystem" (BsUDF) - "CyberLink Corporation." - C:\WINDOWS\system32\drivers\BsUDF.sys
"Belkin USB 2.0 to Fast Ethernet Adapter" (AX88172) - "ASIX Electronics Corp." - C:\WINDOWS\System32\DRIVERS\AX88172.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"FBAPI" (FBAPI) - ? - C:\WINDOWS\system32\drivers\FBAPI.sys (File not found)
"ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MEMIO" (DOSMEMIO) - ? - C:\WINDOWS\system32\MEMIO.SYS (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RITCPT" (RITCPT) - ? - C:\WINDOWS\system32\drivers\RITCPT.sys (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"SUE NDIS Protocol Driver" (SUEPD) - "Samsung" - C:\WINDOWS\System32\DRIVERS\SUE_PD.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WOW XT Filter Driver" (wowfilter) - ? - C:\WINDOWS\System32\drivers\wowfilter.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} "MS TrueType File Properties" - "Microsoft Corporation" - C:\Programme\OpenType Extension\TTFExtNT.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.5.0" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists)
"AutoUpdate Monitor.lnk" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"MindManager PDF Writer.lnk" - "Tracker Software Products" - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\a1\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - ? - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - ? - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (File found, but it contains no detailed information)
"AVStation Premium 3.75" - ? - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe (File not found)
"B'sCLiP" - ? - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (File not found)
"BatteryManager" - ? - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe (File not found)
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DisplayManager" - ? - C:\Programme\Samsung\DisplayManager\DMLoader.exe (File found, but it contains no detailed information)
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"IJNetworkScanUtility" - ? - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe (File found, but it contains no detailed information)
"iTunesHelper" - ? - "C:\Programme\iTunes\iTunesHelper.exe" (File found, but it contains no detailed information)
"MagicKeyboard" - ? - C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe (File not found)
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask .exe" -atboottime
"RemoteControl" - ? - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (File not found)
"RestoreIT!" - ? - "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart (File not found)
"SoundMAXPnP" - ? - C:\Programme\Analog Devices\Core\smax4pnp.exe (File found, but it contains no detailed information)
"SunJavaUpdateSched" - ? - "C:\Programme\Java\jre6\bin\jusched.exe" (File not found)
"SynTPEnh" - ? - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (File not found)
"TkBellExe" - ? - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (File found, but it contains no detailed information)
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite" - ? - HDAShCut.exe (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information)
"SNM WLAN Service" (SNM WLAN Service) - ? - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (File found, but it contains no detailed information)
"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - c:\Programme\Sophos\AutoUpdate\ALsvc.exe
"SRS PostInstaller Service" (SRS_PostInstaller) - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
"igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Bitte wieder mit OSAM deaktivieren und löschen (mit delete from storage, auch die anderen die Du schon deaktiviert hast):

hi arne,

keine AtJobs mehr!? aber ich traue dem braten nicht, das nervige popup kommt immer noch :kloppen:

vg
anke



Report of OSAM: Autorun Manager v5.0.11926.0
h**p://www.online-solutions.ru/en/
Saved at 23:14:15 on 05.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17023

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\WINDOWS\system32\MagicKBD.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"pdfSaver.cpl" - "Tracker Software Products" - C:\WINDOWS\system32\pdfSaver.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
"SRSCpl" - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\srscpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found)
"ASCTRM" (ASCTRM) - ? - C:\WINDOWS\system32\drivers\ASCTRM.sys (File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"B.H.A Storage Helper Driver" (BsStor) - "Cyberlink Co.,Ltd." - C:\WINDOWS\system32\drivers\BsStor.sys
"B.H.A UDF Filesystem" (BsUDF) - "CyberLink Corporation." - C:\WINDOWS\system32\drivers\BsUDF.sys
"Belkin USB 2.0 to Fast Ethernet Adapter" (AX88172) - "ASIX Electronics Corp." - C:\WINDOWS\System32\DRIVERS\AX88172.sys
"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"FBAPI" (FBAPI) - ? - C:\WINDOWS\system32\drivers\FBAPI.sys (File not found)
"ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MEMIO" (DOSMEMIO) - ? - C:\WINDOWS\system32\MEMIO.SYS (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RITCPT" (RITCPT) - ? - C:\WINDOWS\system32\drivers\RITCPT.sys (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"SUE NDIS Protocol Driver" (SUEPD) - "Samsung" - C:\WINDOWS\System32\DRIVERS\SUE_PD.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WOW XT Filter Driver" (wowfilter) - ? - C:\WINDOWS\System32\drivers\wowfilter.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} "MS TrueType File Properties" - "Microsoft Corporation" - C:\Programme\OpenType Extension\TTFExtNT.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.5.0" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists)
"AutoUpdate Monitor.lnk" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"MindManager PDF Writer.lnk" - "Tracker Software Products" - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\a1\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - ? - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - ? - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (File found, but it contains no detailed information)
"AVStation Premium 3.75" - ? - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe (File not found)
"B'sCLiP" - ? - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (File not found)
"BatteryManager" - ? - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe (File not found)
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DisplayManager" - ? - C:\Programme\Samsung\DisplayManager\DMLoader.exe (File found, but it contains no detailed information)
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"IJNetworkScanUtility" - ? - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe (File found, but it contains no detailed information)
"iTunesHelper" - ? - "C:\Programme\iTunes\iTunesHelper.exe" (File found, but it contains no detailed information)
"MagicKeyboard" - ? - C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe (File not found)
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask .exe" -atboottime
"RemoteControl" - ? - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (File not found)
"RestoreIT!" - ? - "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart (File not found)
"SoundMAXPnP" - ? - C:\Programme\Analog Devices\Core\smax4pnp.exe (File not found)
"SunJavaUpdateSched" - ? - "C:\Programme\Java\jre6\bin\jusched.exe" (File not found)
"SynTPEnh" - ? - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (File not found)
"TkBellExe" - ? - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (File found, but it contains no detailed information)
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite" - ? - HDAShCut.exe (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information)
"SNM WLAN Service" (SNM WLAN Service) - ? - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (File found, but it contains no detailed information)
"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - c:\Programme\Sophos\AutoUpdate\ALsvc.exe
"SRS PostInstaller Service" (SRS_PostInstaller) - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
"igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru

Das OSAM Log ist jetzt aber unauffällig. Mach nochmal ein frisches OTL-Log, stell aber mal file-age auf 90 Tage...

violà

gruß
anke

OTL logfile created on: 06.05.2010 21:15:59 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 607,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 31,48 Gb Free Space | 38,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ****
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE ()
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware .exe (SUPERAntiSpyware.com)
PRC - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe (RealNetworks, Inc.)
PRC - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\SAMSUNG\DisplayManager\DisplayManager.exe (SAMSUNG)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
PRC - C:\Programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)


========== Win32 Services (SafeList) ==========

SRV - (SAVAdminService) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SAVService) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\BsUDF.sys (CyberLink Corporation.)
DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (Cyberlink Co.,Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (RITCPT) -- C:\WINDOWS\system32\drivers\RITCPT.SYS ()
DRV - (AX88172) -- C:\WINDOWS\system32\drivers\AX88172.sys (ASIX Electronics Corp.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\FTSER2K.SYS (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\FTDIBUS.SYS (FTDI Ltd.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {02ffb056-3abb-320b-d592-c3921c590a22}:4.6.6.6
FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.17 20:55:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.03 18:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.03 18:37:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 00:47:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.06 15:21:26 | 000,000,000 | ---D | M]

[2008.09.04 09:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.05.03 18:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions
[2010.04.16 08:17:24 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.04.16 08:17:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.16 08:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\isreaditlater@ideashower.com
[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\askcom.xml
[2010.05.03 18:31:18 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-1.xml
[2008.07.06 23:16:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-2.xml
[2008.07.09 14:32:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-3.xml
[2008.08.02 12:21:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-4.xml
[2008.08.07 20:10:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-5.xml
[2008.08.11 18:16:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-6.xml
[2008.08.22 22:09:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-7.xml
[2008.08.24 18:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-8.xml
[2008.08.25 10:52:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-9.xml
[2008.04.25 19:10:00 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin.xml
[2010.05.03 18:39:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 17:25:27 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22}
[2010.05.03 18:37:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.05.03 18:37:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.05.03 18:37:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.05.03 18:37:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.05.03 18:37:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.05.04 16:37:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe ()
O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe File not found
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe File not found
O4 - HKLM..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DisplayManager] C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe File not found
O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe ()
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99***-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.05 13:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.05.04 23:40:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Online Solutions
[2010.05.03 19:17:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable
[2010.05.01 20:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.05.01 20:48:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2010.05.01 20:20:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.01 15:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.01 15:44:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.01 15:44:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.01 15:44:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.01 15:44:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.01 15:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.01 15:42:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.01 15:34:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.05.01 15:25:27 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe
[2010.05.01 00:37:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.29 22:18:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.04.28 14:29:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.04.27 23:26:43 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.27 23:26:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.27 23:09:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.27 17:06:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.27 17:06:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.27 14:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.04.25 18:45:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.31 22:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real
[2010.03.11 18:28:29 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.06 20:48:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.03.06 20:47:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[2010.03.06 20:47:48 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.03.06 20:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.03.06 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Windows Live
[2010.03.04 20:10:20 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.03 21:11:39 | 000,130,104 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll

========== Files - Modified Within 90 Days ==========

[2010.05.06 21:06:54 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.05.06 21:06:50 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.05.06 21:06:45 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.06 21:06:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.06 21:06:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.06 21:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.06 21:06:06 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.05 23:26:47 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.05.05 23:26:47 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.05.05 22:35:13 | 000,046,328 | ---- | M] () -- C:\debug
[2010.05.05 22:35:11 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat
[2010.05.05 22:35:10 | 000,068,618 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe
[2010.05.04 23:46:27 | 000,004,580 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html
[2010.05.04 16:37:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.05.04 07:23:50 | 000,000,956 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.03 19:23:38 | 000,104,358 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html
[2010.05.03 19:15:26 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.05.01 20:50:10 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.05.01 20:46:42 | 008,050,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe
[2010.05.01 19:18:56 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe
[2010.05.01 16:09:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.01 15:47:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.01 15:36:29 | 000,097,502 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg
[2010.05.01 15:31:45 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.05.01 15:30:19 | 000,069,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.05.01 15:28:03 | 003,924,810 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2010.05.01 15:25:28 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe
[2010.05.01 15:11:46 | 000,000,073 | -HS- | M] () -- C:\cj.ini
[2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe
[2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe
[2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\WINDOWS\System32\kks637.com
[2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\Dokumente und Einstellungen\***\kks637.com
[2010.04.29 22:18:09 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 19:39:47 | 001,558,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.27 17:06:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.20 00:07:11 | 000,736,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 00:07:11 | 000,321,606 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.20 00:07:11 | 000,315,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.20 00:07:11 | 000,050,046 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.20 00:07:11 | 000,041,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.16 00:38:31 | 001,227,776 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt
[2010.04.16 00:37:29 | 003,196,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt
[2010.04.16 00:36:28 | 000,804,377 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf
[2010.04.16 00:36:14 | 001,224,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf
[2010.04.11 22:56:35 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.04.01 19:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.01 08:36:56 | 000,951,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf
[2010.04.01 08:36:32 | 000,049,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf
[2010.04.01 08:36:19 | 000,029,955 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf
[2010.04.01 08:36:15 | 000,043,571 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf
[2010.04.01 02:01:25 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml
[2010.04.01 01:48:31 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf
[2010.04.01 01:33:30 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf
[2010.03.11 14:31:33 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.03.11 14:31:33 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.03.11 14:31:33 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010.03.11 14:31:32 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010.03.11 14:31:32 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010.03.11 14:31:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010.03.11 14:31:30 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010.03.11 14:31:29 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010.03.11 14:31:27 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010.03.11 14:31:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010.03.11 14:31:26 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010.03.10 15:18:17 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010.02.24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.02.23 07:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2010.02.17 14:04:26 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.02.16 21:04:25 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010.02.16 18:09:54 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.02.12 12:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.12 06:33:08 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys

========== Files Created - No Company Name ==========

[2010.05.05 22:41:43 | 000,035,844 | ---- | C] () -- C:\Dokumente und Einstellungen\***\kks637.com
[2010.05.05 22:35:13 | 000,046,328 | ---- | C] () -- C:\debug
[2010.05.05 22:28:07 | 000,035,844 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe
[2010.05.04 23:46:27 | 000,004,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html
[2010.05.04 23:42:49 | 000,035,844 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe
[2010.05.04 23:29:58 | 000,035,844 | ---- | C] () -- C:\WINDOWS\Fonts\kks637.com
[2010.05.04 17:07:54 | 000,035,844 | ---- | C] () -- C:\WINDOWS\System32\kks637.com
[2010.05.03 19:23:38 | 000,104,358 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html
[2010.05.03 08:51:10 | 000,068,618 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe
[2010.05.03 08:51:09 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat
[2010.05.01 20:50:10 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.05.01 20:46:30 | 008,050,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe
[2010.05.01 19:21:51 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.05.01 19:18:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe
[2010.05.01 15:47:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.01 15:47:24 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.05.01 15:44:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.01 15:44:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.01 15:44:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.05.01 15:44:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.01 15:44:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.01 15:36:25 | 000,097,502 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg
[2010.05.01 15:31:45 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.05.01 15:28:02 | 003,924,810 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2010.04.27 17:06:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.27 06:55:14 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.16 00:38:31 | 001,227,776 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt
[2010.04.16 00:37:28 | 003,196,416 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt
[2010.04.16 00:36:28 | 000,804,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf
[2010.04.16 00:36:11 | 001,224,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf
[2010.04.01 08:36:54 | 000,951,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf
[2010.04.01 08:36:32 | 000,049,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf
[2010.04.01 08:36:19 | 000,029,955 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf
[2010.04.01 08:36:14 | 000,043,571 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf
[2010.04.01 02:01:23 | 000,002,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml
[2010.04.01 01:48:30 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf
[2010.04.01 01:33:29 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf
[2010.03.04 20:11:22 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.10.09 16:48:27 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\**_KBD.ini
[2009.07.27 11:53:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.02.22 20:10:01 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008.10.16 12:54:54 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008.05.26 22:18:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008.05.26 22:18:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008.01.03 02:59:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.10.12 22:56:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007.10.12 20:16:21 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2007.09.27 21:45:34 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.09.27 21:45:33 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.09.15 10:06:12 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\worst case_KBD.ini
[2007.04.13 11:30:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007.03.08 11:50:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007.02.04 12:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007.02.04 12:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2007.02.04 12:08:44 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2007.02.04 12:08:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007.02.04 12:06:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007.02.04 12:06:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007.02.04 12:05:05 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini
[2007.02.04 01:36:31 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini
[2007.02.03 21:06:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.23 08:33:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.10 10:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006.11.10 10:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.05.23 03:58:19 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.05.23 03:58:19 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.05.23 03:58:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.05.23 03:58:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.05.23 03:58:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.05.22 19:07:49 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2006.05.22 19:07:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2006.05.22 19:07:46 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2006.05.22 19:06:48 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2006.05.22 19:06:46 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2006.05.22 19:06:46 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2006.05.22 19:06:46 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2006.05.22 19:06:46 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2006.05.22 19:06:46 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2006.05.22 19:06:46 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2006.05.22 19:06:46 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2006.05.22 19:06:46 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2006.05.22 19:06:46 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2006.05.22 19:06:46 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2006.05.22 19:06:46 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2006.05.22 19:06:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2006.05.22 19:06:03 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini
[2006.05.22 19:04:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006.04.05 22:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.05 14:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll
[2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2005.12.02 15:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.11.28 12:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.11.28 12:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005.11.28 12:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
< End of report >

... und nummer 2

OTL Extras logfile created on: 06.05.2010 21:15:59 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 607,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 31,48 Gb Free Space | 38,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ****
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\SPSSInc\Statistics17\statistics.com" = C:\Programme\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc.)
"C:\Programme\SPSSInc\Statistics17\statistics.exe" = C:\Programme\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc.)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010
"{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B567E98-126E-4CD0-BF9B-163345BF7852}" = MindManager X5 Pro
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"{BD3443D9-2294-4D47-9A51-4170FE357C6F}" = WinSTAT
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 1.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D379964B-685C-44D5-AE46-C953A9FEEA14}" = EPSON Photo Print
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}" = F5U216
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CUEcards 2000" = CUEcards 2000
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"f4" = f4 3.0.3
"FileZilla" = FileZilla (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6 Gold
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Kalenderchen_is1" = Kalenderchen 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXQDA2007" = MAXQDA2007 (R290908)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"RestoreIT!" = Recover Pro
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2010 18:50:32 | Computer Name = **** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:32 | Computer Name = **** | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security
Update for Publisher 2003 (KB980469): MSPUB" konnte nicht installiert werden. Fehlercode
1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung
betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie
folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error - 15.04.2010 18:50:42 | Computer Name = **** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:42 | Computer Name = **** | Source = MsiInstaller | ID = 11606
Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606.
Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich.

Error - 15.04.2010 18:50:42 | Computer Name = **** | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security
Update for PowerPoint 2003 (KB976881): POWERPNT" konnte nicht installiert werden.
Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung
betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie
folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error - 25.04.2010 12:47:14 | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
MessageResDSFactory kann nicht ausgegeben werden.

Error - 25.04.2010 12:47:14 | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
MessageResDSFactory kann nicht ausgegeben werden.

Error - 27.04.2010 05:45:12 | Computer Name = **** | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module mso.dll, version 12.0.6425.1000, stamp 49d65443, debug? 0, fault
address 0x000fb8e0.

Error - 27.04.2010 08:25:26 | Computer Name = **** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17023, fehlgeschlagenes
Modul flash9.ocx, Version 9.0.16.0, Fehleradresse 0x0017995d.

Error - 01.05.2010 12:56:02 | Computer Name = **** | Source = SophosAntiVirus | ID = 327685
Description = Der Versuch, einen gelöschten Konfigurationsnode zu verändern, ist
fehlgeschlagen.

[ OSession Events ]
Error - 13.12.2007 11:16:29 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13634
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 18.12.2007 16:38:41 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81618
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 21.12.2007 05:47:43 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 217901
seconds with 7680 seconds of active time. This session ended with a crash.

Error - 23.12.2007 16:04:25 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 209761
seconds with 2880 seconds of active time. This session ended with a crash.

Error - 18.01.2008 19:08:33 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 839439
seconds with 32820 seconds of active time. This session ended with a crash.

Error - 07.06.2008 13:37:39 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 475771
seconds with 12240 seconds of active time. This session ended with a crash.

Error - 25.01.2009 20:56:37 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 317323
seconds with 27060 seconds of active time. This session ended with a crash.

Error - 18.03.2009 05:05:26 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 178 seconds with 120 seconds of active time. This session ended with a crash.

Error - 13.05.2009 14:23:29 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 114392 seconds with 11400 seconds of active time. This session ended with
a crash.

Error - 27.04.2010 05:44:25 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3035
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04.05.2010 17:42:31 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 04.05.2010 17:42:31 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.05.2010 16:27:34 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.05.2010 16:27:34 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.05.2010 16:40:42 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.05.2010 16:40:42 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.05.2010 17:03:44 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.05.2010 17:03:44 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 06.05.2010 15:06:20 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 06.05.2010 15:06:20 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


< End of report >

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Den unkenntlich gemachten Benutzernamen musst Du wieder in den richtigen verwandeln, sonst funktioniert das Script nicht!!

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

hallo arne,

hier ist das log vom avenger und der link: hxxp://www.file-upload.net/download-2497590/backup.zip.html

gruß
anke


Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat" deleted successfully.
File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe" deleted successfully.
File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe" deleted successfully.
File "C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe" deleted successfully.
File "C:\Dokumente und Einstellungen\a1\kks637.com" deleted successfully.
File "C:\cj.ini" deleted successfully.
File "C:\WINDOWS\System32\kks637.com" deleted successfully.
File "C:\WINDOWS\Fonts\kks637.com" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ok. Ich hoffe die Dateien sind jetzt dauerhaft weg. Poste bitte erneut ein frisches OTL Log zur Überprüfung (die extras.txt brauch ich nicht) und stell file-age bitte auf 90 Tage.

so, hier das frische OTL-Log.
aaaber: werbebanner und popups kommen immer noch. ich bin mal mit dem mauszeiger auf eins gegangen und hab die url abgeschrieben. hinter der werbung für nokia steckt ein ganz anderer link: hxxp://ad-emea.doubleclick.net
kannst du damit was anfangen?

herzlichen gruß
anke



OTL logfile created on: 07.05.2010 22:30:54 - Run 3
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 605,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 31,28 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ****
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe ()
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware .exe (SUPERAntiSpyware.com)
PRC - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe (RealNetworks, Inc.)
PRC - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\SAMSUNG\DisplayManager\DisplayManager.exe (SAMSUNG)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
PRC - C:\Programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SAVAdminService) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SAVService) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\BsUDF.sys (CyberLink Corporation.)
DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (Cyberlink Co.,Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (RITCPT) -- C:\WINDOWS\system32\drivers\RITCPT.SYS ()
DRV - (AX88172) -- C:\WINDOWS\system32\drivers\AX88172.sys (ASIX Electronics Corp.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\FTSER2K.SYS (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\FTDIBUS.SYS (FTDI Ltd.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {02ffb056-3abb-320b-d592-c3921c590a22}:4.6.6.6
FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.17 20:55:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.03 18:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.03 18:37:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 00:47:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.06 15:21:26 | 000,000,000 | ---D | M]

[2008.09.04 09:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.05.07 22:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions
[2010.04.16 08:17:24 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.04.16 08:17:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.16 08:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\isreaditlater@ideashower.com
[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\askcom.xml
[2010.05.03 18:31:18 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-1.xml
[2008.07.06 23:16:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-2.xml
[2008.07.09 14:32:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-3.xml
[2008.08.02 12:21:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-4.xml
[2008.08.07 20:10:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-5.xml
[2008.08.11 18:16:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-6.xml
[2008.08.22 22:09:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-7.xml
[2008.08.24 18:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-8.xml
[2008.08.25 10:52:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-9.xml
[2008.04.25 19:10:00 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin.xml
[2010.05.07 22:25:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 17:25:27 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22}
[2010.05.03 18:37:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.05.03 18:37:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.05.03 18:37:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.05.03 18:37:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.05.03 18:37:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.05.04 16:37:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe ()
O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe File not found
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe File not found
O4 - HKLM..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DisplayManager] C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe File not found
O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe ()
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.05 13:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.05.07 20:54:45 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.05.04 23:40:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Online Solutions
[2010.05.03 19:17:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable
[2010.05.01 20:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.05.01 20:48:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2010.05.01 20:20:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.01 15:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.01 15:44:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.01 15:44:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.01 15:44:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.01 15:44:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.01 15:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.01 15:42:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.01 15:34:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.05.01 15:25:27 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe
[2010.05.01 00:37:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.29 22:18:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.04.28 14:29:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.04.27 23:26:43 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.27 23:26:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.27 23:09:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.27 17:06:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.27 17:06:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.27 14:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.04.25 18:45:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.31 22:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real
[2010.03.11 18:28:29 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.06 20:48:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.03.06 20:47:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[2010.03.06 20:47:48 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.03.06 20:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.03.06 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Windows Live
[2010.03.04 20:10:20 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.03 21:11:39 | 000,130,104 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll

========== Files - Modified Within 90 Days ==========

[2010.05.07 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010.05.07 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.05.07 20:55:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.07 20:55:47 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010.05.07 20:55:37 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.05.07 20:55:32 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.07 20:55:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.07 20:55:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.07 20:55:11 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.07 20:53:59 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.05.07 20:53:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.05.07 20:45:50 | 000,724,952 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\avenger.zip
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010.05.06 22:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.05.05 22:35:13 | 000,046,328 | ---- | M] () -- C:\debug
[2010.05.04 23:46:27 | 000,004,580 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html
[2010.05.04 16:37:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.05.04 07:23:50 | 000,000,956 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.03 19:23:38 | 000,104,358 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html
[2010.05.03 19:15:26 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.05.01 20:50:10 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.05.01 20:46:42 | 008,050,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe
[2010.05.01 19:18:56 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe
[2010.05.01 16:09:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.01 15:47:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.01 15:36:29 | 000,097,502 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg
[2010.05.01 15:31:45 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.05.01 15:30:19 | 000,069,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.05.01 15:28:03 | 003,924,810 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2010.05.01 15:25:28 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe
[2010.04.29 22:18:09 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 19:39:47 | 001,558,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.27 17:06:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.20 00:07:11 | 000,736,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 00:07:11 | 000,321,606 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.20 00:07:11 | 000,315,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.20 00:07:11 | 000,050,046 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.20 00:07:11 | 000,041,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.16 00:38:31 | 001,227,776 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt
[2010.04.16 00:37:29 | 003,196,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt
[2010.04.16 00:36:28 | 000,804,377 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf
[2010.04.16 00:36:14 | 001,224,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf
[2010.04.11 22:56:35 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.04.01 19:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.01 08:36:56 | 000,951,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf
[2010.04.01 08:36:32 | 000,049,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf
[2010.04.01 08:36:19 | 000,029,955 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf
[2010.04.01 08:36:15 | 000,043,571 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf
[2010.04.01 02:01:25 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml
[2010.04.01 01:48:31 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf
[2010.04.01 01:33:30 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf
[2010.03.11 14:31:33 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.03.11 14:31:33 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.03.11 14:31:33 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010.03.11 14:31:32 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010.03.11 14:31:32 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010.03.11 14:31:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010.03.11 14:31:30 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010.03.11 14:31:29 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010.03.11 14:31:27 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010.03.11 14:31:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010.03.11 14:31:26 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010.03.10 15:18:17 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010.02.24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.02.23 07:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2010.02.17 14:04:26 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.02.16 21:04:25 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010.02.16 18:09:54 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.02.12 12:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.02.12 06:33:08 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys

========== Files Created - No Company Name ==========

[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010.05.07 20:55:43 | 000,035,844 | ---- | C] () -- C:\WINDOWS\Fonts\kks637.com
[2010.05.07 20:55:43 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010.05.07 20:46:45 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\avenger.exe
[2010.05.07 20:45:43 | 000,724,952 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\avenger.zip
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.05.05 22:35:13 | 000,046,328 | ---- | C] () -- C:\debug
[2010.05.04 23:46:27 | 000,004,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html
[2010.05.03 19:23:38 | 000,104,358 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html
[2010.05.01 20:50:10 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.05.01 20:46:30 | 008,050,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe
[2010.05.01 19:21:51 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.05.01 19:18:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe
[2010.05.01 15:47:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.01 15:47:24 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.05.01 15:44:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.01 15:44:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.01 15:44:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.05.01 15:44:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.01 15:44:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.01 15:36:25 | 000,097,502 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg
[2010.05.01 15:31:45 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.05.01 15:28:02 | 003,924,810 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe
[2010.04.27 17:06:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.27 06:55:14 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.16 00:38:31 | 001,227,776 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt
[2010.04.16 00:37:28 | 003,196,416 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt
[2010.04.16 00:36:28 | 000,804,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf
[2010.04.16 00:36:11 | 001,224,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf
[2010.04.01 08:36:54 | 000,951,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf
[2010.04.01 08:36:32 | 000,049,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf
[2010.04.01 08:36:19 | 000,029,955 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf
[2010.04.01 08:36:14 | 000,043,571 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf
[2010.04.01 02:01:23 | 000,002,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml
[2010.04.01 01:48:30 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf
[2010.04.01 01:33:29 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf
[2010.03.04 20:11:22 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.10.09 16:48:27 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\**_KBD.ini
[2009.07.27 11:53:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.02.22 20:10:01 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008.10.16 12:54:54 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008.05.26 22:18:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008.05.26 22:18:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008.01.03 02:59:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.10.12 22:56:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007.10.12 20:16:21 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2007.09.27 21:45:34 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.09.27 21:45:33 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.09.15 10:06:12 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\worst case_KBD.ini
[2007.04.13 11:30:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007.03.08 11:50:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007.02.04 12:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007.02.04 12:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2007.02.04 12:08:44 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2007.02.04 12:08:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007.02.04 12:06:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007.02.04 12:06:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007.02.04 12:05:05 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini
[2007.02.04 01:36:31 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini
[2007.02.03 21:06:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.23 08:33:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.10 10:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006.11.10 10:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.05.23 03:58:19 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.05.23 03:58:19 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.05.23 03:58:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.05.23 03:58:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.05.23 03:58:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.05.22 19:07:49 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2006.05.22 19:07:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2006.05.22 19:07:46 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2006.05.22 19:06:48 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2006.05.22 19:06:46 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2006.05.22 19:06:46 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2006.05.22 19:06:46 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2006.05.22 19:06:46 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2006.05.22 19:06:46 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2006.05.22 19:06:46 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2006.05.22 19:06:46 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2006.05.22 19:06:46 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2006.05.22 19:06:46 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2006.05.22 19:06:46 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2006.05.22 19:06:46 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2006.05.22 19:06:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2006.05.22 19:06:03 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini
[2006.05.22 19:04:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006.04.05 22:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.05 14:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll
[2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2005.12.02 15:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.11.28 12:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.11.28 12:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005.11.28 12:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
< End of report >

Die Dinger sind schon wieder da...probier bitte nochmal einen Durchgang mit Combofix (neu herunterladen und alte cofi.exe löschen) - poste das Log.
Wenn das auch nicht fruchtet probieren wir es mit OTLPE:

Systemscan mit OTLPE

• Lade Dir zuerst ISOBurner herunter und installiere es.
• Lade Dir dann OTLPE.iso von Oldtimer und brenne sie per Imagebrennfunktion auf eine leere CD-R.
• Bei Verwendung von ISOBurner reicht ein Doppelklick auf OTLPE.iso.
• Boote nun den infizierten Rechner von der OTLPE-CD (evtl. Reihenfolge im BIOS umstellen).
• Dein System sollte nun einen REATOGO-X-PE Desktop anzeigen.
• Starte OTLPE mit einem Doppelklick auf das OTLPE Icon.
• "Do you wish to load the remote registry" und "Do you wish to load remote user profile(s) for scanning" mit Yes beantworten.
• Entsichere die Box "Automatically Load All Remaining Users" wenn sie gewählt ist und drücke OK.
• Im Block "Drivers" Use SafeList auswählen und dann mit Run Scan den Scan starten.
• Nach dem Scan wird ein Logfile erstellt (C:\OTL.txt)
• Kopiere dieses auf einen USB-Stick und poste es hier.

da isse, die cofi-log-datei


ComboFix 10-05-07.01 - *** 07.05.2010 23:25:03.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.467 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe
c:\windows\SEC
c:\windows\SEC\install.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\MP10GER.exe
c:\windows\system32\config\systemprofile\kks637.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-07 bis 2010-05-07 ))))))))))))))))))))))))))))))
.

2010-05-04 21:40 . 2010-05-04 21:40 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Online Solutions
2010-05-01 18:51 . 2010-05-01 18:51 52224 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-01 18:51 . 2010-05-01 18:51 117760 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-01 18:50 . 2010-05-01 18:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-05-01 18:50 . 2010-05-01 21:38 -------- d-----w- c:\programme\SUPERAntiSpyware
2010-05-01 18:50 . 2010-05-01 18:50 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
2010-05-01 18:48 . 2010-05-01 18:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-05-01 18:44 . 2010-05-01 18:44 6153352 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-30 22:37 . 2010-04-30 22:37 -------- d-----w- C:\_OTL
2010-04-28 12:29 . 2010-04-28 12:29 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-04-27 21:26 . 2010-04-27 21:26 -------- d-----w- c:\programme\trend micro
2010-04-27 21:26 . 2010-04-27 21:30 -------- d-----w- C:\rsit
2010-04-27 21:09 . 2010-05-01 13:31 -------- d-----w- c:\programme\CCleaner
2010-04-27 17:48 . 2010-04-27 17:48 -------- d-----w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\Sophos
2010-04-27 15:06 . 2010-04-27 15:06 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\Malwarebytes
2010-04-27 15:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 15:06 . 2010-05-01 21:42 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-04-27 15:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 15:06 . 2010-04-27 15:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-27 12:52 . 2010-04-27 14:08 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 20:57 . 2010-04-25 20:57 -------- d-----w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2010-04-25 17:18 . 2010-04-25 17:18 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\AdobeUM
2010-04-25 16:45 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 21:20 . 2010-05-07 21:20 112 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\CsGly48.dat
2010-05-07 21:09 . 2009-12-06 13:20 -------- d-----w- c:\programme\QuickTime
2010-05-04 05:24 . 2009-04-01 17:01 -------- d-----w- c:\programme\Trust
2010-05-01 13:30 . 2007-02-03 17:54 69440 ----a-w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-30 22:33 . 2009-07-25 19:12 -------- d-----w- c:\programme\iTunes
2010-04-28 09:41 . 2010-03-31 20:59 443912 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\setup.exe
2010-04-27 17:55 . 2009-12-06 13:10 69440 ----a-w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-27 14:20 . 2007-06-17 21:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-04-27 14:19 . 2010-02-16 16:10 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\EndNote
2010-04-27 14:01 . 2009-09-26 08:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2010-04-27 14:01 . 2009-09-26 08:39 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2010-04-27 14:01 . 2007-10-23 10:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-04-27 13:24 . 2009-09-27 15:32 -------- d-----w- c:\programme\DVDVideoSoft
2010-04-27 13:24 . 2009-09-27 15:32 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-04-27 13:22 . 2007-06-09 08:19 -------- d-----w- c:\programme\SlySoft
2010-04-27 13:21 . 2007-06-09 08:21 -------- d-----w- c:\programme\Elaborate Bytes
2010-04-27 13:18 . 2007-02-04 10:11 -------- d-----w- c:\programme\Canon
2010-04-27 09:47 . 2007-02-07 21:34 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\EndNote
2010-04-25 16:57 . 2009-10-09 14:50 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\ICQ
2010-04-19 22:07 . 2006-04-05 20:32 50046 ----a-w- c:\windows\system32\perfc007.dat
2010-04-19 22:07 . 2006-04-05 20:32 321606 ----a-w- c:\windows\system32\perfh007.dat
2010-04-15 22:48 . 2007-02-03 18:17 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-04-12 16:26 . 2009-11-08 11:14 79488 ----a-w- c:\dokumente und einstellungen\**\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-01 06:03 . 2010-04-01 06:02 21308912 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\rp\RealPlayerSPGold_de.exe
2010-04-01 06:02 . 2010-04-01 06:02 8405312 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-01 06:02 . 2010-04-01 06:02 149000 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-01 06:02 . 2010-04-01 06:02 10309448 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-01 06:02 . 2010-04-01 06:02 79368 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\vista.exe
2010-04-01 06:02 . 2010-04-01 06:02 64000 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-01 06:02 . 2010-04-01 06:02 52288 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-01 06:02 . 2010-04-01 06:02 50688 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-01 06:02 . 2010-04-01 06:02 49152 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-01 06:02 . 2010-04-01 06:02 118784 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-11 12:31 . 2006-04-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2006-04-05 20:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2006-04-05 20:31 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-04-05 20:32 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 18:04 . 2010-03-04 18:04 72488 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 13:11 . 2006-04-05 20:31 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2006-04-05 20:31 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2004-08-04 00:50 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 22:36 . 2009-11-22 22:22 79488 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-12 04:33 . 2006-04-05 20:31 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-04-05 20:32 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
1999-10-27 16:20 . 1999-10-27 16:20 557328 ----a-w- c:\programme\Gemeinsame Dateien\DAO360.DLL
1998-06-30 14:12 . 1998-06-30 14:12 73184 -c--a-w- c:\programme\Gemeinsame Dateien\Dao2535.tlb
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-01 35848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\QTTask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"nwiz"="nwiz.exe" [2005-12-08 1519616]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [N/A]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"DisplayManager"="c:\programme\Samsung\DisplayManager\DMLoader.exe" [2010-04-30 35844]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2010-04-30 35844]
"IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe" [2010-05-01 35852]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-04-30 35844]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-04-30 35844]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-7-12 25214]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoUpdate Monitor.lnk - c:\programme\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
MindManager PDF Writer.lnk - c:\programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe [2003-2-21 61440]
VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-9-29 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Programme\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Programme\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [11.02.2007 21:22 10112]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [22.05.2006 19:07 43512]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [27.04.2010 17:30 61440]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [04.02.2007 13:39 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [04.02.2007 13:39 38528]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [19.06.2007 18:51 108768]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [11.02.2007 21:22 165248]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [05.04.2006 14:16 4300]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [02.11.2009 09:45 80936]
R2 SAVService;Sophos Anti-Virus;c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [01.10.2008 10:56 98304]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28.11.2005 12:06 31744]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28.11.2005 12:06 19456]
S2 FBAPI;FBAPI;\??\c:\windows\system32\drivers\FBAPI.sys --> c:\windows\system32\drivers\FBAPI.sys [?]
S2 SNM WLAN Service;SNM WLAN Service;c:\programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe [28.05.2005 08:35 36864]
S3 AX88172;Belkin USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\AX88172.sys [13.04.2007 11:30 17648]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.02.2005 12:29 162176]
S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [22.05.2006 20:07 470112]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [11.02.2007 22:48 19840]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [01.10.2008 10:59 14976]
.
Inhalt des "geplante Tasks" Ordners

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15015&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {4284AA5F-EAC1-43A8-95C2-5050604D007B} = 132.252.3.10,132.252.1.7
TCP: {4EC41B3B-6047-4906-9DA6-393D2C159AEE} = 134.95.129.23,134.95.19.48
TCP: {70D88571-C811-4C97-BCCB-FCCB35F3CE9C} = 132.252.3.10,132.252.1.7
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=
FF - component: c:\programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22}\components\b9cc1199.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1356)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2010-05-07 23:31:30
ComboFix-quarantined-files.txt 2010-05-07 21:31
ComboFix2.txt 2010-05-01 14:18

Vor Suchlauf: 23 Verzeichnis(se), 33.567.830.016 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 33.557.233.664 Bytes frei

- - End Of File - - DE014080F59DB95EFC90C3CCCC59C114

Immer noch ein kleines Durcheinander :rolleyes:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

violà:


ComboFix 10-05-07.01 - *** 07.05.2010 23:52:18.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.519 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

FILE ::
"c:\dokumente und einstellungen\All Users\Anwendungsdaten\CsGly48.dat"
"c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe"
"c:\programme\Analog Devices\Core\smax4pnp .exe"
"c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe"
"c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe"
"c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe"
"c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe"
"c:\programme\CyberLink\InstantBurn\Win2K\IBurn .exe"
"c:\programme\CyberLink\PowerDVD\PDVDServ .exe"
"c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe"
"c:\programme\iTunes\iTunesHelper .exe"
"c:\programme\Java\jre6\bin\jusched .exe"
"c:\programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\QuickTime\QTTask .exe"
"c:\programme\SAMSUNG\AVStation Premium 3.75\AVSAgent .exe"
"c:\programme\SAMSUNG\DisplayManager\DMLoader .exe"
"c:\programme\SAMSUNG\MagicKBD\PreMKBD .exe"
"c:\programme\SAMSUNG\Samsung Battery Manager\BatteryManager .exe"
"c:\programme\SUPERAntiSpyware\SUPERAntiSpyware .exe"
"c:\programme\Synaptics\SynTP\SynTPEnh .exe"
"c:\programme\Synaptics\SynTP\SynTPLpr .exe"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\CsGly48.dat
c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
c:\programme\Analog Devices\Core\smax4pnp .exe
c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\programme\CyberLink\InstantBurn\Win2K\IBurn .exe
c:\programme\CyberLink\PowerDVD\PDVDServ .exe
c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe
c:\programme\iTunes\iTunesHelper .exe
c:\programme\Java\jre6\bin\jusched .exe
c:\programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\QuickTime\QTTask .exe
c:\programme\SAMSUNG\AVStation Premium 3.75\AVSAgent .exe
c:\programme\SAMSUNG\DisplayManager\DMLoader .exe
c:\programme\SAMSUNG\MagicKBD\PreMKBD .exe
c:\programme\SAMSUNG\Samsung Battery Manager\BatteryManager .exe
c:\programme\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\programme\Synaptics\SynTP\SynTPEnh .exe
c:\programme\Synaptics\SynTP\SynTPLpr .exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-07 bis 2010-05-07 ))))))))))))))))))))))))))))))
.

2010-05-07 22:00 . 2010-05-01 21:38 35848 ----a-w- c:\windows\system32\kks637.com
2010-05-07 21:24 . 2010-05-07 21:31 -------- d-----w- C:\cofi
2010-05-04 21:40 . 2010-05-04 21:40 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Online Solutions
2010-05-01 18:51 . 2010-05-01 18:51 52224 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-01 18:51 . 2010-05-01 18:51 117760 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-01 18:50 . 2010-05-01 18:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-05-01 18:50 . 2010-05-07 22:01 -------- d-----w- c:\programme\SUPERAntiSpyware
2010-05-01 18:50 . 2010-05-01 18:50 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
2010-05-01 18:48 . 2010-05-01 18:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-05-01 18:44 . 2010-05-01 18:44 6153352 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-30 22:37 . 2010-04-30 22:37 -------- d-----w- C:\_OTL
2010-04-28 12:29 . 2010-04-28 12:29 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-04-27 21:26 . 2010-04-27 21:26 -------- d-----w- c:\programme\trend micro
2010-04-27 21:26 . 2010-04-27 21:30 -------- d-----w- C:\rsit
2010-04-27 21:09 . 2010-05-01 13:31 -------- d-----w- c:\programme\CCleaner
2010-04-27 17:48 . 2010-04-27 17:48 -------- d-----w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\Sophos
2010-04-27 15:06 . 2010-04-27 15:06 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\Malwarebytes
2010-04-27 15:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 15:06 . 2010-05-01 21:42 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-04-27 15:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 15:06 . 2010-04-27 15:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-27 12:52 . 2010-04-27 14:08 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 20:57 . 2010-04-25 20:57 -------- d-----w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2010-04-25 17:18 . 2010-04-25 17:18 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\AdobeUM
2010-04-25 16:45 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 22:00 . 2009-07-25 19:12 -------- d-----w- c:\programme\iTunes
2010-05-07 21:56 . 2009-12-06 13:20 -------- d-----w- c:\programme\QuickTime
2010-05-04 05:24 . 2009-04-01 17:01 -------- d-----w- c:\programme\Trust
2010-05-01 13:30 . 2007-02-03 17:54 69440 ----a-w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-30 22:33 . 2010-05-07 22:00 35844 ----a-w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe
2010-04-30 22:33 . 2010-05-07 22:00 35844 ----a-w- c:\windows\Fonts\kks637.com
2010-04-28 09:41 . 2010-03-31 20:59 443912 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\setup.exe
2010-04-27 17:55 . 2009-12-06 13:10 69440 ----a-w- c:\dokumente und einstellungen\**\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-27 14:20 . 2007-06-17 21:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-04-27 14:19 . 2010-02-16 16:10 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\EndNote
2010-04-27 14:01 . 2009-09-26 08:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2010-04-27 14:01 . 2009-09-26 08:39 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2010-04-27 14:01 . 2007-10-23 10:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-04-27 13:24 . 2009-09-27 15:32 -------- d-----w- c:\programme\DVDVideoSoft
2010-04-27 13:24 . 2009-09-27 15:32 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-04-27 13:22 . 2007-06-09 08:19 -------- d-----w- c:\programme\SlySoft
2010-04-27 13:21 . 2007-06-09 08:21 -------- d-----w- c:\programme\Elaborate Bytes
2010-04-27 13:18 . 2007-02-04 10:11 -------- d-----w- c:\programme\Canon
2010-04-27 09:47 . 2007-02-07 21:34 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\EndNote
2010-04-25 16:57 . 2009-10-09 14:50 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\ICQ
2010-04-19 22:07 . 2006-04-05 20:32 50046 ----a-w- c:\windows\system32\perfc007.dat
2010-04-19 22:07 . 2006-04-05 20:32 321606 ----a-w- c:\windows\system32\perfh007.dat
2010-04-15 22:48 . 2007-02-03 18:17 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-04-12 16:26 . 2009-11-08 11:14 79488 ----a-w- c:\dokumente und einstellungen\**\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-01 06:03 . 2010-04-01 06:02 21308912 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\rp\RealPlayerSPGold_de.exe
2010-04-01 06:02 . 2010-04-01 06:02 8405312 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-01 06:02 . 2010-04-01 06:02 149000 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-01 06:02 . 2010-04-01 06:02 10309448 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-01 06:02 . 2010-04-01 06:02 79368 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\vista.exe
2010-04-01 06:02 . 2010-04-01 06:02 64000 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-01 06:02 . 2010-04-01 06:02 52288 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-01 06:02 . 2010-04-01 06:02 50688 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-01 06:02 . 2010-04-01 06:02 49152 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-01 06:02 . 2010-04-01 06:02 118784 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-11 12:31 . 2006-04-05 20:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2006-04-05 20:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2006-04-05 20:31 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-04-05 20:32 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 18:04 . 2010-03-04 18:04 72488 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 13:11 . 2006-04-05 20:31 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2006-04-05 20:31 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2004-08-04 00:50 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 22:36 . 2009-11-22 22:22 79488 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-12 04:33 . 2006-04-05 20:31 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-04-05 20:32 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
1999-10-27 16:20 . 1999-10-27 16:20 557328 ----a-w- c:\programme\Gemeinsame Dateien\DAO360.DLL
1998-06-30 14:12 . 1998-06-30 14:12 73184 -c--a-w- c:\programme\Gemeinsame Dateien\Dao2535.tlb
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\QTTask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"nwiz"="nwiz.exe" [2005-12-08 1519616]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [N/A]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"DisplayManager"="c:\programme\Samsung\DisplayManager\DMLoader.exe" [2010-05-07 35852]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2010-05-07 35852]
"IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe" [N/A]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-05-07 35852]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-05-07 35852]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-7-12 25214]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoUpdate Monitor.lnk - c:\programme\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 618557]
MindManager PDF Writer.lnk - c:\programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe [2003-2-21 61440]
VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-9-29 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Programme\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Programme\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [11.02.2007 21:22 10112]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [22.05.2006 19:07 43512]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [27.04.2010 17:30 61440]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [04.02.2007 13:39 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [04.02.2007 13:39 38528]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [19.06.2007 18:51 108768]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [11.02.2007 21:22 165248]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [05.04.2006 14:16 4300]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [02.11.2009 09:45 80936]
R2 SAVService;Sophos Anti-Virus;c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [01.10.2008 10:56 98304]
R2 SNM WLAN Service;SNM WLAN Service;c:\programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe [28.05.2005 08:35 36864]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28.11.2005 12:06 31744]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28.11.2005 12:06 19456]
S2 FBAPI;FBAPI;\??\c:\windows\system32\drivers\FBAPI.sys --> c:\windows\system32\drivers\FBAPI.sys [?]
S3 AX88172;Belkin USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\AX88172.sys [13.04.2007 11:30 17648]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.02.2005 12:29 162176]
S3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [22.05.2006 20:07 470112]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [11.02.2007 22:48 19840]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [01.10.2008 10:59 14976]
.
Inhalt des "geplante Tasks" Ordners

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-07 c:\windows\Tasks\At1.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At10.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At100.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At101.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At102.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At103.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At104.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At105.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At106.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At107.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At108.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At109.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At11.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At110.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At111.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At112.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At113.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At114.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At115.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At116.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At117.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At118.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At119.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At12.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At120.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At13.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At14.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At15.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At16.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At17.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At18.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At19.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At2.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At20.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At21.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At22.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At23.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At24.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At25.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At26.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At27.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At28.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At29.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At3.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At30.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At31.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At32.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At33.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At34.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At35.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At36.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At37.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At38.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At39.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At4.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At40.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At41.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At42.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At43.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At44.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At45.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At46.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At47.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At48.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At49.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At5.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At50.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At51.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At52.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At53.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At54.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At55.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At56.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At57.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At58.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At59.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At6.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At60.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At61.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At62.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At63.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At64.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At65.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At66.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At67.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At68.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At69.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At7.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At70.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At71.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At72.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At73.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At74.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At75.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At76.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At77.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At78.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At79.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At8.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At80.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At81.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At82.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At83.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At84.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At85.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At86.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At87.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At88.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At89.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At9.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At90.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At91.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At92.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At93.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At94.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At95.job
- c:\windows\Fonts\kks637.com [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At96.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010-05-07 22:33]

2010-05-07 c:\windows\Tasks\At97.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At98.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]

2010-05-07 c:\windows\Tasks\At99.job
- c:\windows\system32\kks637.com [2010-05-07 21:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15015&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {4284AA5F-EAC1-43A8-95C2-5050604D007B} = 132.252.3.10,132.252.1.7
TCP: {4EC41B3B-6047-4906-9DA6-393D2C159AEE} = 134.95.129.23,134.95.19.48
TCP: {70D88571-C811-4C97-BCCB-FCCB35F3CE9C} = 132.252.3.10,132.252.1.7
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=
FF - component: c:\programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22}\components\b9cc1199.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-08 00:00
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\system32\kks637.com 35848 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1356)
c:\programme\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2600)
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Sophos\AutoUpdate\ALsvc.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-08 00:06:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-07 22:06
ComboFix2.txt 2010-05-07 21:31
ComboFix3.txt 2010-05-01 14:18

Vor Suchlauf: 25 Verzeichnis(se), 33.568.641.024 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 33.528.340.480 Bytes frei

- - End Of File - - 66FA97E56F6A72CF48DC6BE021E715EC