Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fehler in Anwendung und TR/patched.gen - StartService.exe (https://www.trojaner-board.de/85469-fehler-anwendung-tr-patched-gen-startservice-exe.html)

porzerwolle 29.04.2010 19:30
Fehler in Anwendung und TR/patched.gen - StartService.exe
 
merkwürdig, Malwarebytes hat mir 2 Logfiles erstellt und OTL nur eins.

Hier erstmal der erste Malwarebytes-Logfile:

Code:


 
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
 
Datenbank Version: 4052
 
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
 
29.04.2010 20:06:24
mbam-log-2010-04-29 (20-06-24).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 101679
Laufzeit: 9 Minute(n), 22 Sekunde(n)
 
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 1
Infizierte Dateien: 17
 
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\lsass.exe (Trojan.Agent) -> No action taken.
 
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
 
Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Data: c:\dokumente und einstellungen\administrator\anwendungsdaten\lsass.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\lsass.exe") Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
 
Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
 
Infizierte Dateien:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\lsass.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr2.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr5.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr8.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr9.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yrv.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yry.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yrz.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yrx.exe (Trojan.FakeAlert) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\csrss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
hier der zweite Malwarebytes-Logfile:


Code:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
 
Datenbank Version: 4052
 
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
 
29.04.2010 20:06:56
mbam-log-2010-04-29 (20-06-56).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 101679
Laufzeit: 9 Minute(n), 22 Sekunde(n)
 
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 1
Infizierte Dateien: 17
 
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
 
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
 
Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Data: c:\dokumente und einstellungen\administrator\anwendungsdaten\lsass.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\lsass.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
 
Infizierte Dateien:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr2.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr5.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr8.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yr9.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yrv.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yry.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yrz.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Yrx.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully
.


auch nach Säubern durch Malwarebytes und OTL hab ich noch die Fehlermeldung mit dem "StartService.exe"

Aber die anderen Browser (Opera. Google Chrome) funktionieren wieder!

porzerwolle 29.04.2010 19:50
hier der erste Teil der OTL.txt:


OTL logfile created on: 29.04.2010 20:42:52 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = E:\Eigene Setups\Primär\AntiSpy etc\AAA Programme NACH Virenbefall
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 3,72 Gb Total Space | 1,13 Gb Free Space | 30,46% Space Free | Partition Type: NTFS
Drive D: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 14,90 Gb Total Space | 6,59 Gb Free Space | 44,19% Space Free | Partition Type: FAT32
Drive F: | 3,71 Gb Total Space | 2,60 Gb Free Space | 69,93% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EEEPC701
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Eigene Setups\Primär\AntiSpy etc\AAA Programme NACH Virenbefall\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - F:\eeectl_0.2.4\eeectl.exe ()
PRC - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3\24439007E352FA23\LaunchPad.exe ()
PRC - F:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Programme\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - F:\Astray\AsTray.exe (WangYue@BLCU.EDU.CN)
PRC - C:\Programme\Asus\EeePC ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\Asus\EeePC ACPI\AsTray.exe (AsusTek Computer Inc,)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - F:\Programme\Styler.exe (ta2027)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - E:\Eigene Setups\Primär\AntiSpy etc\AAA Programme NACH Virenbefall\OTL.exe (OldTimer Tools)
MOD - F:\Programme\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
MOD - F:\Astray\DrvPatch.dll (WangYue@BLCU.EDU.CN)
MOD - F:\Programme\StylerHelper.dll (ta2027)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer4) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (dciiodrv) -- C:\WINDOWS\system32\drivers\dciiodrv.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (intelppm) -- C:\WINDOWS\system32\drivers\intelppm.sys ()
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2010.04.25 19:08:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.04.29 19:44:53 | 000,000,841 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 zeustrack
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Programme\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Programme\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\Asus\EeePC ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\Asus\EeePC ACPI\AsTray.exe (AsusTek Computer Inc,)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartServiceKWFWWALD] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\KWFWWALD\StartService.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Vistadrv] E:\Windows 7 Optik für EEE PC 701\Vista_Drive_Status\Vista Drive Status\vsdrv.exe File not found
O4 - HKCU..\Run: [StartServiceKWFWWALD] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\KWFWWALD\StartService.exe ()
O4 - HKCU..\Run: [Taskbar Shuffle] F:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [TrueTransparency] E:\Windows 7 Optik für EEE PC 701\TrueTransparency14\TrueTransparency\TrueTransparency.exe File not found
O4 - HKCU..\Run: [ViGlance] C:\Programme\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Styler.lnk = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Yahoo! Widgets.lnk = C:\Programme\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 195.50.140.248
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - F:\Programme\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.24 20:31:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.04.19 21:32:34 | 000,000,134 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010.03.24 21:23:02 | 000,000,209 | ---- | M] () - E:\Autorun.ini -- [ FAT32 ]
O32 - AutoRun File - [2010.03.29 07:30:58 | 000,000,134 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{449be6aa-509b-11df-ba0f-0015af8311cf}\Shell - "" = AutoRun
O33 - MountPoints2\{449be6aa-509b-11df-ba0f-0015af8311cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{449be6aa-509b-11df-ba0f-0015af8311cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{449be6ab-509b-11df-ba0f-9db1f08abcc4}\Shell - "" = AutoRun
O33 - MountPoints2\{449be6ab-509b-11df-ba0f-9db1f08abcc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{449be6ab-509b-11df-ba0f-9db1f08abcc4}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{8331689e-5112-11df-ba13-0015af8311cf}\Shell - "" = AutoRun
O33 - MountPoints2\{8331689e-5112-11df-ba13-0015af8311cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8331689e-5112-11df-ba13-0015af8311cf}\Shell\exPLoRE\cOmmAnD - "" = D:\SYSTEM.EXE -- File not found
O33 - MountPoints2\{8331689e-5112-11df-ba13-0015af8311cf}\Shell\opEn\COMmAnd - "" = D:\SYSTEM.EXE -- File not found
O33 - MountPoints2\{8331689f-5112-11df-ba13-0015af8311cf}\Shell - "" = AutoRun
O33 - MountPoints2\{8331689f-5112-11df-ba13-0015af8311cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8331689f-5112-11df-ba13-0015af8311cf}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{833168a1-5112-11df-ba13-0015af8311cf}\Shell\AutoRun\command - "" = H:\svchost.exe -- File not found
O33 - MountPoints2\{b1dabb42-4fd3-11df-b9f4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b1dabb42-4fd3-11df-b9f4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b1dabb42-4fd3-11df-b9f4-806d6172696f}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\{b1dabb43-4fd3-11df-b9f4-806d6172696f}\Shell\AutoRun\command - "" = F:\svchost.exe -- [2010.03.25 22:27:06 | 000,266,752 | -H-- | M] ( )
O33 - MountPoints2\{eb5e68d8-4fe4-11df-b9f9-c6af1b79363c}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5e68d8-4fe4-11df-b9f9-c6af1b79363c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb5e68d8-4fe4-11df-b9f9-c6af1b79363c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{eb5e68d9-4fe4-11df-b9f9-c6af1b79363c}\Shell\AutoRun\command - "" = E:\svchost.exe -- [2010.03.25 22:27:06 | 000,266,752 | -H-- | M] ( )
O33 - MountPoints2\Q\Shell - "" = AutoRun
O33 - MountPoints2\Q\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Q\Shell\EXPLoRe\cOMManD - "" = Q:\SYSTEM.EXE -- File not found
O33 - MountPoints2\Q\Shell\oPen\COMMaND - "" = Q:\SYSTEM.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.29 20:27:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.04.29 19:53:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.04.29 19:52:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 19:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.29 19:52:40 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.29 19:52:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.27 13:25:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.04.27 13:22:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.04.27 07:07:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TrueCrypt
[2010.04.26 21:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.04.26 21:34:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.04.26 16:44:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\KWFWWALD
[2010.04.26 13:58:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2010.04.26 11:11:40 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Videos
[2010.04.25 21:53:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Yahoo
[2010.04.25 20:53:04 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2010.04.25 20:53:04 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2010.04.25 20:53:04 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010.04.25 20:53:04 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2010.04.25 20:53:04 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2010.04.25 20:49:25 | 000,000,000 | ---D | C] -- C:\Programme\Griffin Technology, Inc
[2010.04.25 20:48:13 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010.04.25 20:48:13 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010.04.25 20:39:17 | 000,051,200 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2010.04.25 20:39:17 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\SER9PL.sys
[2010.04.25 20:32:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010.04.25 20:31:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010.04.25 20:24:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.04.25 20:24:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer
[2010.04.25 20:14:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.04.25 20:10:43 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.04.25 20:10:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2010.04.25 20:10:22 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2010.04.25 20:09:58 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2010.04.25 20:09:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.04.25 20:09:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\temp
[2010.04.25 20:09:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2010.04.25 19:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[2010.04.25 19:54:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.04.25 19:47:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010.04.25 19:45:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.04.25 19:45:11 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2010.04.25 19:43:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.04.25 19:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2010.04.25 19:24:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google
[2010.04.25 19:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.04.25 19:21:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Opera
[2010.04.25 19:21:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
[2010.04.25 19:20:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.04.25 19:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.04.25 19:19:34 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.04.25 19:19:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google
[2010.04.25 19:15:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real
[2010.04.25 19:10:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2010.04.25 19:10:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2010.04.25 19:08:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2010.04.25 19:08:03 | 000,185,944 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.04.25 19:06:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Widgets
[2010.04.25 19:06:24 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.04.25 19:05:29 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.04.25 19:05:29 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.04.25 19:05:25 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.25 19:05:25 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.04.25 19:05:25 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.04.25 19:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Real
[2010.04.25 19:05:08 | 000,000,000 | ---D | C] -- C:\Programme\Real
[2010.04.25 19:04:48 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2
[2010.04.25 19:02:22 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2010.04.25 19:00:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.04.25 18:58:47 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.04.25 18:57:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.04.25 18:57:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.04.25 18:55:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2010.04.25 18:54:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
[2010.04.25 18:50:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime
[2010.04.25 18:46:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2010.04.25 18:38:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xp-AntiSpy
[2010.04.25 18:37:34 | 000,188,672 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010.04.25 18:35:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.25 18:35:51 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.04.25 18:35:51 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.04.25 18:35:51 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.04.25 18:35:51 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.04.25 18:21:09 | 002,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2010.04.25 18:06:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2010.04.25 18:05:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.04.25 18:05:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.25 07:32:43 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\UserData
[2010.04.25 07:19:45 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
[2010.04.25 07:18:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Stardock
[2010.04.25 07:06:11 | 000,176,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010.04.25 07:01:43 | 000,212,704 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010.04.25 07:01:43 | 000,147,456 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010.04.25 07:01:43 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010.04.25 07:01:42 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2010.04.25 07:01:41 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2010.04.25 06:59:08 | 002,363,392 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2010.04.25 06:59:08 | 000,454,656 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2010.04.25 06:59:08 | 000,312,320 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difx32.dll
[2010.04.25 06:59:08 | 000,129,560 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010.04.25 06:59:08 | 000,023,552 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2010.04.25 06:58:57 | 003,276,800 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2010.04.25 06:58:57 | 000,457,240 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010.04.25 06:58:57 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2010.04.25 06:58:57 | 000,155,648 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2010.04.25 06:58:57 | 000,113,176 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2010.04.25 06:58:57 | 000,098,304 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010.04.25 06:58:57 | 000,094,208 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010.04.25 06:58:57 | 000,081,920 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2010.04.25 06:58:57 | 000,057,344 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll
[2010.04.25 06:58:57 | 000,044,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2010.04.25 06:58:56 | 002,262,528 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2010.04.25 06:58:56 | 001,442,848 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2010.04.25 06:58:56 | 001,181,824 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
[2010.04.25 06:58:56 | 000,146,432 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2010.04.25 06:58:56 | 000,053,248 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2010.04.25 06:58:34 | 000,371,224 | R--- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2010.04.25 06:58:34 | 000,312,320 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010.04.25 06:57:17 | 000,364,629 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2010.04.25 06:57:01 | 000,254,023 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll
[2010.04.25 06:57:01 | 000,249,925 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll
[2010.04.25 06:57:00 | 001,257,566 | ---- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll
[2010.04.25 06:57:00 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11resloc.dll
[2010.04.25 06:57:00 | 000,082,017 | ---- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll
[2010.04.25 06:57:00 | 000,077,824 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapiloc.dll
[2010.04.25 06:57:00 | 000,057,024 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2010.04.25 06:57:00 | 000,057,024 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2010.04.25 06:56:59 | 000,393,216 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll
[2010.04.25 06:56:59 | 000,376,923 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapi.dll
[2010.04.25 06:56:59 | 000,344,156 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll
[2010.04.25 06:56:59 | 000,303,199 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll
[2010.04.25 06:56:59 | 000,237,568 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll
[2010.04.25 06:56:59 | 000,114,792 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll
[2010.04.25 06:56:59 | 000,114,766 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll
[2010.04.25 06:56:35 | 000,546,976 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2010.04.25 06:56:35 | 000,546,976 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\ar5211.sys
[2010.04.25 06:56:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
[2010.04.25 06:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010.04.25 06:51:00 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010.04.25 06:50:55 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010.04.25 06:50:50 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010.04.25 06:50:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010.04.25 06:50:39 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010.04.25 06:50:34 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010.04.25 06:50:31 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010.04.25 06:50:28 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010.04.25 06:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010.04.25 06:50:09 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010.04.25 06:50:09 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010.04.25 06:49:06 | 000,023,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010.04.25 06:48:51 | 009,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2010.04.25 06:48:50 | 004,611,072 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010.04.25 06:48:39 | 000,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2010.04.25 06:48:38 | 001,826,816 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010.04.25 06:48:37 | 001,191,936 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010.04.25 06:48:36 | 000,282,624 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2010.04.25 06:48:35 | 002,165,760 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010.04.25 06:48:33 | 000,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010.04.25 06:48:32 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010.04.25 06:48:32 | 000,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2010.04.25 06:48:31 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.04.25 06:48:01 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2010.04.25 06:48:00 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010.04.25 06:47:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield
[2010.04.25 06:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.04.25 06:37:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ViGlance
[2010.04.25 06:37:26 | 000,000,000 | ---D | C] -- C:\Programme\ViGlance
[2010.04.25 06:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010.04.25 00:43:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Styler
[2010.04.25 00:42:23 | 000,000,000 | ---D | C] -- C:\Programme\Asus
[2010.04.25 00:36:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.04.24 23:34:04 | 000,000,000 | ---D | C] -- C:\Programme\Styler
[2010.04.24 23:05:48 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2010.04.24 23:03:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2010.04.24 23:03:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2010.04.24 23:01:34 | 000,000,000 | ---D | C] -- C:\692c662bc4dd9d5fc305
[2010.04.24 22:59:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.24 22:58:28 | 000,011,264 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\ASUSACPI.SYS
[2010.04.24 22:14:04 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.uxtender
[2010.04.24 21:50:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010.04.24 21:50:30 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010.04.24 21:50:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010.04.24 21:50:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010.04.24 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010.04.24 21:42:04 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.24 21:42:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.04.24 21:28:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
[2010.04.24 21:14:28 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.04.24 21:11:46 | 000,176,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010.04.24 21:11:46 | 000,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010.04.24 21:11:46 | 000,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010.04.24 21:11:46 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010.04.24 21:11:46 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010.04.24 21:11:46 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010.04.24 21:11:46 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010.04.24 21:11:46 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010.04.24 21:11:46 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010.04.24 21:11:46 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010.04.24 21:11:46 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010.04.24 21:11:46 | 000,155,648 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010.04.24 21:11:46 | 000,147,456 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010.04.24 21:11:46 | 000,139,264 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc

porzerwolle 29.04.2010 20:03
krieg im Mom. den 2. Teil von OTL nicht hochgeladen: Timeout Fehler. Hier die Extras.txt:




OTL Extras logfile created on: 29.04.2010 20:35:36 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = E:\Eigene Setups\Primär\AntiSpy etc\AAA Programme NACH Virenbefall
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 3,72 Gb Total Space | 1,13 Gb Free Space | 30,46% Space Free | Partition Type: NTFS
Drive D: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 14,90 Gb Total Space | 6,59 Gb Free Space | 44,20% Space Free | Partition Type: FAT32
Drive F: | 3,71 Gb Total Space | 2,60 Gb Free Space | 69,93% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EEEPC701
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\PROGRA~1\Opera\opera.exe" (Opera Software)
https [open] -- "C:\PROGRA~1\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\PROGRA~1\Opera\opera.exe" = C:\PROGRA~1\Opera\opera.exe:*:Enabled:WebBrowser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{704EED98-C387-4A79-B536-1E43CCA3B060}" = RocketFM
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF6E933E-760B-40EA-8E00-E6DE3482F472}_is1" = 7stacks 1.5 beta 1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IconPackager" = IconPackager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Partner" = Mobile Partner
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 6.0" = RealPlayer
"SurfMusik 3.1_is1" = SurfMusik 3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TeamViewer 4" = TeamViewer 4
"TrueCrypt" = TrueCrypt
"ViGlance" = ViGlance
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xp-AntiSpy" = xp-AntiSpy 3.97-3
"Yahoo! Widget Engine" = Yahoo! Widgets

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.04.2010 13:13:48 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 13:14:50 | Computer Name = EEEPC701 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .

Error - 25.04.2010 13:16:43 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 13:18:04 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 13:20:08 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 14:04:33 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 14:06:15 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 14:21:46 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 14:24:26 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

Error - 25.04.2010 14:44:29 | Computer Name = EEEPC701 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yahoowidgets.exe, Version 4.5.1.0, fehlgeschlagenes
Modul yahoowidgets.exe, Version 4.5.1.0, Fehleradresse 0x000c33fd.

[ System Events ]
Error - 27.04.2010 15:10:39 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 27.04.2010 15:10:39 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TeamViewer
4.

Error - 27.04.2010 15:10:39 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 4" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error - 28.04.2010 13:20:15 | Computer Name = EEEPC701 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.102 für die Netzwerkkarte mit der Netzwerkadresse
0015AF8311CF wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 28.04.2010 18:10:47 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.

Error - 28.04.2010 18:10:47 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 29.04.2010 02:56:47 | Computer Name = EEEPC701 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\D gefunden.

Error - 29.04.2010 04:06:40 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.

Error - 29.04.2010 04:06:40 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 29.04.2010 14:10:44 | Computer Name = EEEPC701 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde


< End of report >

porzerwolle 29.04.2010 20:52
komisch.... ich krieg den Rest der OTL.txt einfach nicht zu Euch hochgeladen.

Ich füge mal im Anhang die komplette Datei an.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55