Trojaner-Board - Computer hängt sich auf! Trojaner?!

Hallo Zusammen!
Ich habe ein Problem mit meinem Computer, wenn ich Antivir oder sonst irgendwelche Virensuchprogramme starte bleibt er nach einer Zeit einfach stehen und es geht nichts mehr. Danach muss ich den PC immer per Knopf neu starten

Hier poste ich einen aktuellen Log aus RSIT Programm wie es in der Anleitung stand :

info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.08 2010-08-02 11:49:00

 

======Uninstall list======

 

-->C:\PROGRA~1\FOLDER~1\FOLDER~1.EXE UnInstall

-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}

-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{001D48FA-1834-4B18-BEAD-E0BDD17126CA}\Setup.exe" -l0x7 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

802.11g Wireless USB 2.0 Adapter HW.14-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{F266A90C-3F4A-4F65-9901-3DBBB0D77D80} 

Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\setup.exe" -l0x7  -uninst 

a-squared Free 4.0-->"C:\Programme\a-squared Free\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE

BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{F5BDF2BB-C990-4351-A05B-B2243D4037D4}

BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{F5BDF2BB-C990-4351-A05B-B2243D4037D4}

BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner-->"C:\Programme\CCleaner\uninst.exe"

CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}

Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 

Die große Kartenspiele-Box-->"C:\Programme\Die große Kartenspiele-Box\unins000.exe"

Die Schlacht um Mittelerde™ II-->C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe

Enclave-->MsiExec.exe /I{93C676F9-9F00-431B-B344-6E84A7D1AF38}

Free Studio version 4.1-->"C:\Programme\DVDVideoSoft\Free Studio\unins000.exe"

Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"

ICQ Away Reader 1.4-->"C:\Programme\ICQ Away Reader\unins000.exe"

ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}

Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

KhalSetup-->MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}

Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}

Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7  -removeonly

Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

mobile PhoneTools-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x7 

Mozilla Firefox (3.6.8)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}

POD-Bot 2.5-->C:\WINDOWS\unvise32.exe C:\DOKUMENTE UND EINSTELLUNGEN\CHRISTIAN.PETER-R1ZVKF9T6\DESKTOP\SIERRA\HALF-LIFE\cstrike\poduninst.log

PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7  -removeonly

Roxio Media Manager-->MsiExec.exe /X{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}

SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9B59DAD-86AC-456C-80A7-B665E77AA325}\Setup.exe" -l0x9 

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe

SiSAGP driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x7 

Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"

TeamViewer 4-->C:\Programme\TeamViewer\Version4\uninstall.exe

TomTom HOME 2.7.3.1894-->C:\Programme\TomTom HOME 2\Uninstall TomTom HOME.exe

TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}

Trojancheck 6-->"C:\Programme\Trojancheck 6\unins000.exe"

TRUST 120 SPACEC@M-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110.txt

Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"

VistaMizer 1.1.5-->C:\WINDOWS\VistaMizer\Uninstall.exe

Visual Task Tips 2.1-->C:\Programme\VisualTaskTips\uninst.exe

Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe

ZoneAlarm-->C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe

Zoner Photo Studio 10-->"C:\Programme\Zoner\Photo Studio 10\unins000.exe" /SILENT

 

======Security center information======

 

AV: AntiVir Desktop (outdated)

FW: ZoneAlarm Firewall (disabled)

 

======System event log======

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 7036

Message: Dienst "Roxio Upnp Server 9" befindet sich jetzt im Status "Beendet".

 

Record Number: 41758

Source Name: Service Control Manager

Time Written: 20100715193801.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 7036

Message: Dienst "LiveShare P2P Server 9" befindet sich jetzt im Status "Beendet".

 

Record Number: 41757

Source Name: Service Control Manager

Time Written: 20100715193801.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 7036

Message: Dienst "Roxio Upnp Server 9" befindet sich jetzt im Status "Ausgeführt".

 

Record Number: 41756

Source Name: Service Control Manager

Time Written: 20100715193801.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 7036

Message: Dienst "LiveShare P2P Server 9" befindet sich jetzt im Status "Ausgeführt".

 

Record Number: 41755

Source Name: Service Control Manager

Time Written: 20100715193801.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 7036

Message: Dienst "iPod-Dienst" befindet sich jetzt im Status "Ausgeführt".

 

Record Number: 41754

Source Name: Service Control Manager

Time Written: 20100715193758.000000+120

Event Type: Informationen

User: 

 

=====Application event log=====

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 102

Message: wuaueng.dll (3012) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).

 

Record Number: 9200

Source Name: ESENT

Time Written: 20100331173121.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 100

Message: wuauclt (3012) Das Datenbankmodul 5.01.2600.2180 ist gestartet.

 

Record Number: 9199

Source Name: ESENT

Time Written: 20100331173121.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 4096

Message: Der AntiVir Dienst wurde erfolgreich gestartet!

 

Record Number: 9198

Source Name: Avira AntiVir

Time Written: 20100331173041.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 0

Message: 

Record Number: 9197

Source Name: SearchAnonymizer

Time Written: 20100331173033.000000+120

Event Type: Informationen

User: 

 

Computer Name: PETER-R1ZVKF9T6

Event Code: 1

Message: 

Record Number: 9196

Source Name: Bonjour Service

Time Written: 20100331173027.000000+120

Event Type: Informationen

User: 

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\QuickTime\QTSystem;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0c00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"tvdumpflags"=8

"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

--- --- ---
RSIT Logfile:

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Christian at 2010-08-02 11:48:22

Microsoft Windows XP Professional Service Pack 2

System drive C: has 4 GB (11%) free of 39 GB

Total RAM: 2047 MB (75% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:48:57, on 02.08.2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\a-squared Free\a2service.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programme\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\vsnpstd.exe

C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RimAutoUpdate.exe

C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Eigene Dateien\Downloads\RSIT.exe

C:\Programme\trend micro\Christian.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.helinet.de:3128

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk.disabled

O4 - Global Startup: Logitech SetPoint.lnk.disabled

O4 - Global Startup: VisualTaskTips.lnk.disabled

O4 - Global Startup: Wireless Configuration Utility HW.14.lnk.disabled

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{71AEA215-C8F2-4BF9-A4C7-241044CC0D8D}: NameServer = 192.168.0.2,192.168.0.1

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6484 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-14 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Programme\styler\TB\StylerTB.dll [2006-05-02 102400]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]

C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

 

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

Logitech SetPoint.lnk.disabled - C:\Programme\Logitech\SetPoint\SetPoint.exe

VisualTaskTips.lnk.disabled - C:\Programme\VisualTaskTips\VisualTaskTips.exe

Wireless Configuration Utility HW.14.lnk.disabled - C:\Programme\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe

 

C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Startmenü\Programme\Autostart

Stardock ObjectDock.lnk.disabled - C:\Programme\Stardock\ObjectDock\ObjectDock.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\seppgm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\seppgs.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\seppgm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\seppgs.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======List of files/folders created in the last 1 months======

 

2010-08-02 11:48:23 ----D---- C:\Programme\trend micro

2010-08-02 11:48:22 ----D---- C:\rsit

2010-08-02 10:14:39 ----SD---- C:\ComboFix

2010-07-31 17:53:02 ----D---- C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Anwendungsdaten\Zoner

2010-07-31 17:52:29 ----D---- C:\Programme\Zoner

2010-07-30 16:01:17 ----SHD---- C:\RECYCLER

2010-07-30 15:03:36 ----A---- C:\WINDOWS\PEV.exe

2010-07-30 15:03:36 ----A---- C:\WINDOWS\NIRCMD.exe

2010-07-30 15:03:36 ----A---- C:\WINDOWS\MBR.exe

2010-07-30 15:03:35 ----A---- C:\WINDOWS\zip.exe

2010-07-30 15:03:35 ----A---- C:\WINDOWS\SWREG.exe

2010-07-30 15:03:35 ----A---- C:\WINDOWS\grep.exe

2010-07-30 15:03:34 ----A---- C:\WINDOWS\sed.exe

2010-07-30 15:03:33 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-07-30 15:03:33 ----A---- C:\WINDOWS\SWSC.exe

2010-07-30 15:01:34 ----D---- C:\WINDOWS\ERDNT

2010-07-30 14:59:14 ----D---- C:\Qoobox

2010-07-30 14:52:49 ----D---- C:\Programme\CCleaner

2010-07-30 14:51:03 ----D---- C:\Programme\Trojancheck 6

2010-07-28 21:26:39 ----AD---- C:\Kaspersky Rescue Disk 10.0

2010-07-24 20:28:07 ----D---- C:\Programme\Spybot - Search & Destroy

2010-07-24 20:28:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-07-24 18:13:26 ----D---- C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Anwendungsdaten\Avira

2010-07-24 13:56:44 ----D---- C:\Programme\Die große Kartenspiele-Box

2010-07-24 13:49:51 ----A---- C:\WINDOWS\system32\dxtmeta2.dll

2010-07-22 21:00:05 ----D---- C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Anwendungsdaten\QuickScan

2010-07-19 19:57:51 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys

2010-07-19 19:57:46 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys

2010-07-19 19:57:46 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys

2010-07-19 19:57:46 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys

2010-07-19 19:57:46 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys

2010-07-19 19:57:44 ----D---- C:\Programme\Avira

2010-07-19 19:57:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

 

======List of files/folders modified in the last 1 months======

 

2010-08-02 11:48:58 ----D---- C:\WINDOWS\Prefetch

2010-08-02 11:48:23 ----RD---- C:\Programme

2010-08-02 11:24:48 ----D---- C:\WINDOWS\Internet Logs

2010-08-02 11:02:09 ----D---- C:\WINDOWS\Temp

2010-08-02 11:00:00 ----D---- C:\WINDOWS\system32\CatRoot2

2010-08-02 10:26:45 ----D---- C:\WINDOWS

2010-08-02 10:19:15 ----D---- C:\WINDOWS\system32\drivers

2010-08-02 10:19:15 ----D---- C:\WINDOWS\system32

2010-08-02 10:19:14 ----D---- C:\WINDOWS\AppPatch

2010-08-02 10:19:10 ----D---- C:\Programme\Gemeinsame Dateien

2010-08-02 10:14:50 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-08-02 10:10:27 ----D---- C:\WINDOWS\Minidump

2010-07-31 16:11:00 ----D---- C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Anwendungsdaten\Macromedia

2010-07-30 16:27:38 ----SHD---- C:\WINDOWS\Installer

2010-07-30 16:27:38 ----D---- C:\Config.Msi

2010-07-30 15:30:11 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-07-30 15:14:57 ----N---- C:\WINDOWS\system.ini

2010-07-30 15:13:46 ----D---- C:\WINDOWS\system32\drivers\etc

2010-07-30 15:12:22 ----D---- C:\WINDOWS\system32\config

2010-07-30 14:55:11 ----D---- C:\WINDOWS\Debug

2010-07-28 22:02:08 ----D---- C:\Programme\a-squared Free

2010-07-28 17:19:26 ----D---- C:\Programme\Mozilla Firefox

2010-07-26 20:55:59 ----AC---- C:\WINDOWS\NeroDigital.ini

2010-07-26 20:37:40 ----A---- C:\WINDOWS\RTacDbg.txt

2010-07-25 12:37:41 ----A---- C:\WINDOWS\winamp.ini

2010-07-24 18:12:43 ----D---- C:\Programme\Opera

2010-07-24 18:12:33 ----D---- C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Anwendungsdaten\McLoad

2010-07-24 18:05:53 ----D---- C:\Programme\DivX

2010-07-24 13:35:36 ----SHD---- C:\System Volume Information

2010-07-24 13:31:06 ----D---- C:\WINDOWS\system32\NtmsData

2010-07-24 13:30:24 ----D---- C:\WINDOWS\Registration

2010-07-19 19:56:31 ----D---- C:\Dokumente und Einstellungen\Christian.PETER-R1ZVKF9T6\Anwendungsdaten\ICQ

2010-07-06 06:20:30 ----D---- C:\WINDOWS\security

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2005-08-15 5888]

R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2005-08-15 127488]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]

R0 sisagp;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-07-18 36992]

R0 SiSide;SiSide; C:\WINDOWS\System32\DRIVERS\siside.sys [2003-03-25 4096]

R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]

R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]

R0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys [2008-02-27 51176]

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]

R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2005-01-06 223616]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-26 21035]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2005-01-06 88448]

R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2005-01-06 63232]

R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2005-01-06 55936]

R2 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2005-01-06 5888]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-01-06 9600]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2005-01-06 163584]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-04-08 13924]

R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]

R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040]

R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2005-01-06 12416]

R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2005-01-06 26496]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S1 seppgm;TCP x IP2 Kernel; C:\WINDOWS\system32\drivers\seppgm.sys []

S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-04 62799]

S2 seppgs;TCP x IP2 Kernel32; C:\WINDOWS\system32\drivers\seppgs.sys []

S3 AVMWAN;AVM NDIS WAN CAPI Treiber; C:\WINDOWS\System32\DRIVERS\avmwan.sys [2002-09-11 37568]

S3 catchme;catchme; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys []

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 CLPCIID;CLPCIID; \??\C:\Programme\CyberLink\PowerDVD\clpciid.sys []

S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-03-06 389135]

S3 fpcibase;FRITZ!Card PCI; C:\WINDOWS\System32\DRIVERS\fpcibase.sys [2002-09-11 484176]

S3 hidgame;Microsoft HID-zu-Joystickanschlussaktivierung; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2005-01-06 8576]

S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2005-01-06 10880]

S3 NETFRITZ;AVM FRITZ!web PPP over ISDN; C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS []

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]

S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\System32\DRIVERS\s116bus.sys [2007-06-29 83336]

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\s116mdfl.sys [2007-06-29 15112]

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\s116mdm.sys [2007-06-29 108680]

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\System32\DRIVERS\s116unic.sys [2007-06-29 99080]

S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\System32\DRIVERS\s716bus.sys [2007-06-29 83208]

S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\s716mdfl.sys [2007-06-29 15112]

S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\s716mdm.sys [2007-06-29 108552]

S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\s716mgmt.sys [2007-06-29 100360]

S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\System32\DRIVERS\s716nd5.sys [2007-06-29 23176]

S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\s716obex.sys [2007-06-29 98568]

S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\System32\DRIVERS\s716unic.sys [2007-06-29 98952]

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-04-16 32256]

S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2005-01-06 11136]

S3 snpstd;TRUST 120 SPACEC@M; C:\WINDOWS\System32\DRIVERS\snpstd.sys [2004-02-19 299776]

S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2005-01-06 15360]

S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-16 2851]

S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2005-03-04 47230]

S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-02-01 98560]

S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531]

S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2004-11-15 50048]

S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-15 50048]

S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2005-01-06 25600]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-02-28 682232]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2005-01-06 14336]

R2 a2free;a-squared Free Service; C:\Programme\a-squared Free\a2service.exe [2009-02-25 425080]

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-14 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]

R2 NWCWorkstation;Client Service für NetWare; C:\WINDOWS\system32\svchost.exe [2005-01-06 14336]

R2 TomTomHOMEService;TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]

S2 LckFldService;LckFldService; C:\WINDOWS\system32\LckFldService.exe []

S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]

S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]

S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe []

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568]

S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]

S3 RoxMediaDB9;RoxMediaDB9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]

 

-----------------EOF-----------------

--- --- ---

Bin gerade auch noch auf eine wichtige Info gestoßen :

In der Datei 'C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Av-test.txt'
wurde ein Virus oder unerwünschtes Programm 'Eicar-Test-Signature' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

vielleicht sagt das ja auch was aus!

Hoffe nun auf schnelle Hilfe von euch

Log 1:

OTL Logfile:

Code:

OTL logfile created on: 5.8.2010 19:16:34 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 38,34 Gb Total Space | 10,55 Gb Free Space | 27,51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 594,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive F: | 976,97 Mb Total Space | 931,14 Mb Free Space | 95,31% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PETER-R1ZVKF9T6

Current User Name: Chris

NOT logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Opera\opera.exe (Opera Software)

PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

 
 ========== Driver Services (SafeList) ==========

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0

 

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.08.05 00:31:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.04 17:26:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.04 17:26:08 | 000,000,000 | ---D | M]

 

[2010.08.04 20:55:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Mozilla\Extensions

[2010.08.05 00:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Mozilla\Firefox\Profiles\3kzqnwqe.default\extensions

[2010.08.04 20:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Mozilla\Firefox\Profiles\3kzqnwqe.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010.08.04 20:21:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.07.13 17:27:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.13 17:27:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.13 17:27:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.13 17:27:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.13 17:27:36 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.07.30 15:13:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\styler\TB\StylerTB.dll (StyleFantasist)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [KernelFaultCheck]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk.disabled ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VisualTaskTips.lnk.disabled ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.14.lnk.disabled ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.01.27 23:49:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.08.05 19:13:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\OTL.exe

[2010.08.05 15:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\ZPS10

[2010.08.05 15:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Zoner

[2010.08.05 15:45:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\My Pictures

[2010.08.05 15:45:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\My Albums

[2010.08.05 15:45:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\ArcSoft

[2010.08.05 15:20:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Recent

[2010.08.05 00:17:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Avira

[2010.08.05 00:09:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\ForceField Shared Files

[2010.08.05 00:08:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\CheckPoint

[2010.08.05 00:03:21 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint

[2010.08.05 00:03:09 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll

[2010.08.05 00:03:07 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010.08.05 00:03:04 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010.08.05 00:03:04 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010.08.05 00:02:55 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010.08.05 00:02:53 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010.08.05 00:02:53 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010.08.05 00:02:53 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010.08.05 00:02:53 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010.08.05 00:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs

[2010.08.05 00:02:43 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[2010.08.05 00:01:57 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010.08.05 00:01:57 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010.08.05 00:01:57 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010.08.04 23:59:11 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs

[2010.08.04 23:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Frieling

[2010.08.04 23:49:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Downloads

[2010.08.04 22:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen\Anwendungsdaten\Opera

[2010.08.04 22:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Opera

[2010.08.04 22:25:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Eigene Videos

[2010.08.04 22:23:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Ahead

[2010.08.04 22:00:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Malwarebytes

[2010.08.04 21:57:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\SNES-SECRET OF MANA

[2010.08.04 21:57:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\ICQ

[2010.08.04 21:14:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Zocke

[2010.08.04 21:13:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Me

[2010.08.04 21:13:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Programme

[2010.08.04 21:03:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Macromedia

[2010.08.04 21:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Adobe

[2010.08.04 21:02:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\ICQ

[2010.08.04 20:54:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen\Anwendungsdaten\Mozilla

[2010.08.04 20:54:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Mozilla

[2010.08.04 20:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Apple Computer

[2010.08.04 20:53:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen\Anwendungsdaten\Apple Computer

[2010.08.04 20:53:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Identities

[2010.08.04 20:52:58 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Cookies

[2010.08.04 20:52:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Eigene Musik

[2010.08.04 20:52:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\Eigene Bilder

[2010.08.04 20:52:54 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten\Microsoft

[2010.08.04 20:52:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Anwendungsdaten

[2010.08.04 20:52:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Druckumgebung

[2010.08.04 20:52:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop

[2010.08.04 20:52:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\SendTo

[2010.08.04 20:52:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Startmenü

[2010.08.04 20:52:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Favoriten

[2010.08.04 20:52:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien

[2010.08.04 20:52:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Vorlagen

[2010.08.04 20:52:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Netzwerkumgebung

[2010.08.04 20:52:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen

[2010.08.04 20:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen\Anwendungsdaten\Microsoft

[2010.08.04 17:42:41 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2010.08.04 17:42:28 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2010.08.04 17:42:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.08.04 17:25:22 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime

[2010.08.04 17:23:57 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update

[2010.08.04 17:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2010.08.02 21:53:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.08.02 21:53:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.08.02 20:34:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER(3)

[2010.08.02 12:05:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.08.02 12:05:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.08.02 11:48:23 | 000,000,000 | ---D | C] -- C:\Programme\trend micro

[2010.08.02 11:48:22 | 000,000,000 | ---D | C] -- C:\rsit

[2010.07.31 17:52:29 | 000,000,000 | ---D | C] -- C:\Programme\Zoner

[2010.07.30 16:01:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.07.30 15:03:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.07.30 15:03:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.07.30 15:03:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.07.30 15:03:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.07.30 15:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.07.30 14:59:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.07.30 14:52:49 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.07.24 13:49:51 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\WINDOWS\System32\dxtmeta2.dll

[2010.07.19 19:57:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010.07.19 19:57:46 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010.07.19 19:57:46 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010.07.19 19:57:46 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010.07.19 19:57:46 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010.07.19 19:57:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira

[2010.07.19 19:57:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

[2005.04.27 22:24:29 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll

[2005.04.27 22:24:29 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.08.05 19:14:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\OTL.exe

[2010.08.05 18:56:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.08.05 18:55:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.08.05 18:41:32 | 001,048,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\NTUSER.DAT

[2010.08.05 18:41:10 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2010.08.05 18:31:26 | 000,080,268 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.08.05 18:14:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.08.05 16:48:35 | 000,149,938 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image6.jpeg

[2010.08.05 16:47:33 | 000,660,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image5.jpeg

[2010.08.05 16:47:19 | 000,751,781 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image2.jpeg

[2010.08.05 16:45:43 | 000,061,541 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image 1.jpeg

[2010.08.05 16:45:27 | 000,102,985 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image.jpeg

[2010.08.05 15:52:03 | 002,346,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\IMG_6202.jpg

[2010.08.05 13:20:46 | 000,002,341 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2010.08.05 00:49:57 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\ntuser.ini

[2010.08.05 00:49:42 | 004,840,636 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.08.05 00:04:29 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.05 00:03:19 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.08.04 22:23:35 | 000,000,179 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\default.pls

[2010.08.04 22:19:49 | 000,000,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\Verknüpfung mit Eigene Dateien.lnk

[2010.08.04 21:01:53 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\CCleaner.lnk

[2010.08.04 20:54:46 | 000,038,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2010.08.04 17:25:48 | 000,001,592 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk

[2010.08.04 17:24:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.08.04 14:26:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.08.02 22:26:12 | 000,405,118 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.08.02 22:26:12 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.08.02 22:26:12 | 000,070,580 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.08.02 22:26:12 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.08.02 22:26:11 | 000,938,224 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.08.02 21:53:40 | 000,000,684 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.08.02 11:30:27 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

[2010.07.31 17:52:56 | 000,001,668 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Zoner Photo Studio 10.lnk

[2010.07.30 15:14:57 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.07.30 15:13:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.07.29 16:12:50 | 003,746,860 | R--- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\ComboFix.exe

[2010.07.28 18:29:24 | 202,678,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\kav_rescue_10.iso

[2010.07.28 17:30:40 | 074,082,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\rescue_system-common-en.iso

[2010.07.25 12:37:41 | 000,000,177 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2010.07.22 20:04:36 | 000,100,868 | ---- | M] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\BetterPrivacy148.zip

[2010.07.19 19:58:51 | 000,001,679 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010.07.16 20:56:33 | 000,000,580 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.05 16:46:31 | 000,149,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image6.jpeg

[2010.08.05 16:46:19 | 000,660,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image5.jpeg

[2010.08.05 16:45:55 | 000,751,781 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image2.jpeg

[2010.08.05 16:45:43 | 000,061,541 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image 1.jpeg

[2010.08.05 16:45:26 | 000,102,985 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\image.jpeg

[2010.08.05 15:52:02 | 002,346,521 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\IMG_6202.jpg

[2010.08.05 00:02:43 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.04 22:23:35 | 000,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\default.pls

[2010.08.04 22:19:49 | 000,000,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\Verknüpfung mit Eigene Dateien.lnk

[2010.08.04 21:10:01 | 000,100,868 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\BetterPrivacy148.zip

[2010.08.04 21:01:53 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\CCleaner.lnk

[2010.08.04 20:52:55 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\ntuser.ini

[2010.08.04 20:52:53 | 001,048,576 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\NTUSER.DAT

[2010.08.04 20:52:53 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\NtUser.dat.LOG

[2010.08.04 17:43:38 | 000,002,341 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2010.08.04 17:25:48 | 000,001,592 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk

[2010.08.04 17:24:01 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.08.02 21:53:40 | 000,000,684 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.31 17:52:56 | 000,001,668 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Zoner Photo Studio 10.lnk

[2010.07.30 15:03:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.07.30 15:03:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.07.30 15:03:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.07.30 15:03:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.07.30 15:03:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.07.29 16:12:50 | 003,746,860 | R--- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Eigene Dateien\ComboFix.exe

[2010.07.28 18:55:53 | 074,082,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\rescue_system-common-en.iso

[2010.07.28 18:54:17 | 202,678,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop\kav_rescue_10.iso

[2010.07.19 19:58:51 | 000,001,679 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk

[2008.03.07 18:42:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\csmash.ini

[2008.02.14 09:10:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008.01.17 01:53:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007.03.24 19:14:28 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007.01.04 20:09:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll

[2006.09.09 14:28:05 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\remon.sys

[2006.08.11 22:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006.08.11 22:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006.08.11 22:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006.08.11 22:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006.08.11 22:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006.06.03 20:42:27 | 000,000,390 | ---- | C] () -- C:\WINDOWS\patience.ini

[2006.04.26 17:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2006.04.15 14:29:16 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2006.02.25 20:24:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006.01.18 20:53:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini

[2005.12.17 22:09:09 | 000,000,469 | ---- | C] () -- C:\WINDOWS\canasta.ini

[2005.12.17 22:07:09 | 000,002,212 | ---- | C] () -- C:\WINDOWS\dokopf.ini

[2005.12.17 22:05:50 | 000,000,432 | ---- | C] () -- C:\WINDOWS\skat.ini

[2005.08.19 00:41:10 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll

[2005.08.19 00:41:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\animation2.dll

[2005.08.19 00:40:58 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll

[2005.08.19 00:40:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll

[2005.08.19 00:40:55 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll

[2005.08.19 00:40:55 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

[2005.08.14 22:34:48 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini

[2005.07.26 14:20:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\screen01-eu.ini

[2005.04.28 16:43:08 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2005.04.28 16:43:08 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2005.04.27 23:13:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\ALBUM.INI

[2005.04.27 22:24:29 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys

[2005.04.27 22:24:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll

[2005.03.31 14:54:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005.03.31 14:41:34 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2005.03.30 16:20:31 | 000,000,091 | ---- | C] () -- C:\WINDOWS\lister.ini

[2005.01.30 21:58:00 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005.01.28 14:57:13 | 000,000,033 | ---- | C] () -- C:\WINDOWS\CMSurround.ini

[2005.01.28 14:51:50 | 000,000,217 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2005.01.28 14:51:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2005.01.28 14:50:27 | 000,032,768 | R--- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2005.01.06 06:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004.12.02 15:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2004.08.04 02:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2002.09.19 09:10:03 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2002.09.19 09:10:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2002.07.03 03:09:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2002.07.01 02:35:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2002.07.01 00:25:07 | 000,000,096 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI

[2002.06.27 07:16:18 | 000,001,735 | ---- | C] () -- C:\WINDOWS\roulette.ini

[2002.06.27 07:14:14 | 000,000,614 | ---- | C] () -- C:\WINDOWS\frogjump.ini

[2002.06.27 07:10:28 | 000,000,442 | ---- | C] () -- C:\WINDOWS\romme.ini

[2002.06.27 07:02:59 | 000,000,524 | ---- | C] () -- C:\WINDOWS\buy.ini

[2001.08.18 14:00:00 | 000,000,320 | ---- | C] () -- C:\WINDOWS\System32\83ghh.ini

[2000.07.05 18:53:06 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll

< End of report >

--- --- ---

Log 2 :
OTL Logfile:

Code:

OTL Extras logfile created on: 5.8.2010 19:16:34 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Chris.PETER-R1ZVKF9T6\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 38,34 Gb Total Space | 10,55 Gb Free Space | 27,51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 594,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive F: | 976,97 Mb Total Space | 931,14 Mb Free Space | 95,31% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PETER-R1ZVKF9T6

Current User Name: Chris

NOT logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirstRunDisabled" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12

"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes

"{93C676F9-9F00-431B-B344-6E84A7D1AF38}" = Enclave

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager

"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup

"{C9B59DAD-86AC-456C-80A7-B665E77AA325}" = SigmaTel MSCN Audio Player

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression

"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools

"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless USB 2.0 Adapter HW.14

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 

"{F5BDF2BB-C990-4351-A05B-B2243D4037D4}" = BlackBerry Desktop Software 5.0.1

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BlackBerry_{F5BDF2BB-C990-4351-A05B-B2243D4037D4}" = BlackBerry Desktop Software 5.0.1

"CCleaner" = CCleaner

"Free Studio_is1" = Free Studio version 4.1

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless USB 2.0 Adapter HW.14

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"NVIDIA Drivers" = NVIDIA Drivers

"POD-Bot 2.5" = POD-Bot 2.5

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"TomTom HOME" = TomTom HOME 2.7.3.1894

"TRUST 120 SPACEC@M" = TRUST 120 SPACEC@M

"Uninstall_is1" = Uninstall 1.0.0.1

"VistaMizer" = VistaMizer 1.1.5

"Visual Task Tips" = Visual Task Tips 2.1

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR Archivierer

"ZoneAlarm" = ZoneAlarm

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

"ZonerPhotoStudio10_GER_is1" = Zoner Photo Studio 10

 
 ========== Last 10 Event Log Errors ==========

 

Error: Unable to start EventLog service!

 

< End of report >

--- --- ---