Spyware Problem!

Lukerunner · 03.05.2008, 21:52

Hallo Forummitglieder,
ich hab ein rießen Problem. Bei mir werden andauernd ungewollt Werbeseiten geöffnet bzw. Seiten wo mir gesagt wird das mein Computer infiziert ist.
Da kommt dann in den Firefox Browser ein WindowsXP fenster wo der virtuel nach Spyware sucht und ca. 42 oder so findet. Meisten fordert er mich auch auf irgendetwas herunterzuladen.
Bitte helft mir diese Spyware loszuwerden. Sodass keine Werbefenster mehr geöffnet werden.
Hier meine Logfile Datei:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:13, on 03/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Spiele\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE
C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Anwendungen\Program Files (x86)\Xfire\xfire.exe
C:\Anwendungen\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Anwendungen\Program Files (x86)\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files (x86)\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-2SANG.exe" /REG
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\spiele\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [\\ARBEIT\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_SF5D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\\CK-FKK55XSWHDCY\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_SDA0E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SF0F9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\ARBEIT\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_SF5D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files (x86)\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Xfire.lnk = C:\Anwendungen\Program Files (x86)\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - h**p://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=h**p://pages.ebay.de (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.google.de
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - h**p://static.ak.schuelervz.net/photouploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - h**p://treff-mogelpower.spaces.live.com/PhotoUpload/VistaMsnPUpldde-de.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Fortsetzung folgt...

Lukerunner · 03.05.2008, 21:53

...Hier der restliche Teil!

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Anwendungen\Program Files (x86)\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 27085 bytes

mfg Luke

**Sunny** · 03.05.2008, 21:59

Hallo Lukerunner und

Dateien Online überprüfen lassen:

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

lass auch die versteckten Dateien anzeigen!

Code:

ATTFilter

C:\Windows\is-2SANG.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen.

Lukerunner · 03.05.2008, 22:24

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.3.0 2008.05.02 -
AntiVir 7.8.0.11 2008.05.02 -
Authentium 4.93.8 2008.05.02 -
Avast 4.8.1169.0 2008.05.03 -
AVG 7.5.0.516 2008.05.03 -
BitDefender 7.2 2008.05.03 -
CAT-QuickHeal 9.50 2008.05.03 -
ClamAV 0.92.1 2008.05.03 -
DrWeb 4.44.0.09170 2008.05.03 -
eSafe 7.0.15.0 2008.04.28 -
eTrust-Vet 31.3.5755 2008.05.03 -
Ewido 4.0 2008.05.03 -
F-Prot 4.4.2.54 2008.05.02 -
F-Secure 6.70.13260.0 2008.05.03 -
Fortinet 3.14.0.0 2008.05.03 -
Ikarus T3.1.1.26 2008.05.03 -
Kaspersky 7.0.0.125 2008.05.03 -
McAfee 5287 2008.05.02 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3072 2008.05.03 -
Norman 5.80.02 2008.05.02 -
Panda 9.0.0.4 2008.05.03 -
Prevx1 V2 2008.05.03 -
Rising 20.42.22.00 2008.04.30 -
Sophos 4.29.0 2008.05.03 -
Sunbelt 3.0.1097.0 2008.05.03 -
Symantec 10 2008.05.03 -
TheHacker 6.2.92.300 2008.05.03 -
VBA32 3.12.6.5 2008.05.03 -
VirusBuster 4.3.26:9 2008.05.03 -
Webwasher-Gateway 6.6.2 2008.05.03 -

weitere Informationen
File size: 27087 bytes
MD5...: 26de3115ecc395f059324f8005f1eafb
SHA1..: 1e1c31741b8bd2a2e67b85031ad2e6dc028edbfe
SHA256: 61ed26941288ed8c29c09ee0633059ccf05338c745a7b53b940fe20876fe8093
SHA512: 1e59068ffbe545e436f4467479946aa18b0cfae31ee0eba36c2d5b5083d35c1b<br>debc2e43590b0c24bde3728c3b3b7fa46db370634d8b8a265aa1a613ad44cdde
PEiD..: -
PEInfo: -

Lukerunner · 03.05.2008, 22:30

Es gibt ein Problem... ComboFix läuft nur unter Windows 2000 oder XP und ich hab Vista x64.

mfg Luke

**Sunny** · 03.05.2008, 22:33

Zitat:

Zitat von Lukerunner

Es gibt ein Problem... ComboFix läuft nur unter Windows 2000 oder XP und ich hab Vista x64.

Combofix läuft auch unter Vista. Du bist definitv nicht der Erste mit einem Vista-System...

Oder kommt diese Meldung direkt vom Programm Combofix?

Lukerunner · 03.05.2008, 22:56

Zitat:

Zitat von [GC]Sunny

Combofix läuft auch unter Vista. Du bist definitv nicht der Erste mit einem Vista-System...

Oder kommt diese Meldung direkt vom Programm Combofix?

Ja, wenn ich Combofix starte öffnet sich ein Fenster wo da steht: Nur für Windows XP und 2000

Edit:
Das wäre dann die Fehlermeldung:

**Sunny** · 03.05.2008, 23:03

Scheint ein Fehler im Programm zu sein, oder aber es wurde was an der Software Combofix erneuert...

dann halt so weiter:

Deckards System Scanner (DSS)

Hier gibt es das Tool -> dss.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als ['CODE]['/CODE]

Was Deckards System Scanner macht:

* Es Erstellt einen System Wiederherstellungspunkt
* es säubert die temporären Dateien, Downloaded Program Files, Internet
Cache Dateien und es leert den Mülleimer auf allen Lauferken.

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

Lukerunner · 03.05.2008, 23:30

Wie meinst das mit ['CODE]['/CODE]? Die Inhalte der main.txt ist zu groß sind über 65000Zeichen.

**Sunny** · 03.05.2008, 23:42

Zitat:

Zitat von Lukerunner

Wie meinst das mit ['CODE]['/CODE]? Die Inhalte der main.txt ist zu groß sind über 65000Zeichen.

Dann teile es auf zwei Beiträge auf, und mit den dem Code ist so gemeint:

x ist der Report von DSS und du schreibst sowohl davor als auch danach:

[code]
xxxxxxxxxxxxxxx
[+/code]

(das + Zeichen dann nicht mitschreiben!)

Lukerunner · 03.05.2008, 23:48

main.txt muss ich in 3threads aufteilen.

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Run by name on 2008-05-04 00:00:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
42: 2008-05-03 20:08:00 UTC - RP412 - Installed Ad-Aware 2007
41: 2008-05-03 11:30:05 UTC - RP411 - Entfernt Ulead PhotoImpact
40: 2008-05-02 19:55:50 UTC - RP410 - Windows Update
39: 2008-05-01 15:39:13 UTC - RP409 - Windows Update
38: 2008-04-27 08:22:49 UTC - RP408 - Installed Java(TM) 6 Update 5


-- First Restore Point -- 
1: 2008-03-28 13:23:06 UTC - RP371 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as name.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:30, on 04/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE
C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\name\Desktop\dss.exe
C:\ANWEND~1\PROGRA~1\HIJACK~1\name.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files (x86)\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\spiele\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [\\ARBEIT\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\name\AppData\Local\Temp\E_SF5D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\\CK-FKK55XSWHDCY\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\name\AppData\Local\Temp\E_SDA0E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SF0F9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\ARBEIT\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\name\AppData\Local\Temp\E_SF5D2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe
O4 - HKCU\..\Run: [gtdppe] c:\users\lukas\appdata\local\gtdppe.exe gtdppe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files (x86)\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Xfire.lnk = C:\Anwendungen\Program Files (x86)\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de  (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: h**p://www.google.de
O15 - Trusted Zone: h**p://download.windowsupdate.com
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - h**p://static.ak.schuelervz.net/photouploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://treff-mogelpower.spaces.live.com/PhotoUpload/VistaMsnPUpldde-de.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Lukerunner · 03.05.2008, 23:51

2.Teil:

Code:

ATTFilter

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Anwendungen\Program Files (x86)\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 26755 bytes

-- HijackThis Fixed Entries (C:\ANWEND~1\PROGRA~1\HIJACK~1\backups\) -----------

backup-20080501-234915-567 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
backup-20080501-235323-967 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI-Treiber) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE-Kanal) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Laufwerktreiber) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA-Klassentreiber) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI-Bus-Treiber) - c:\windows\system32\drivers\pci.sys (file missing)
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys (file missing)
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys (file missing)
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 uagp35 (Microsoft AGPv3.5-Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
R0 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
R0 volmgr (Treiber für Volume-Manager) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Speichervolumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (CD-ROM-Laufwerktreiber) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (Dfs Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 kbdclass (Tastaturklassentreiber) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Tastatur-HID-Treiber) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Mausklassentreiber) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS-Paketplaner) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Serial (Treiber für seriellen Anschluss) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Smb (Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 Tcpip (TCP/IP-Protokolltreiber) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 tdx (NetIO-Legacy-TDI-Supporttreiber) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal-Gerätetreiber) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
R2 avgntflt - c:\windows\system32\drivers\avgntflt.sys (file missing)
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AsyncMac (Asynchroner RAS -Medientreiber) - c:\windows\system32\drivers\asyncmac.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
R3 fdc (Diskettencontrollertreiber) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 FET5A64 (VIA Rhine-Familie-Fast-Ethernet-Adaptertreiberdienst) - c:\windows\system32\drivers\fet5a64.sys (file missing)
R3 flpydisk (Diskettenlaufwerktreiber) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 HDAudBus (Microsoft-UAA-Bustreiber für High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HidUsb (Microsoft HID Class-Treiber) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 intelppm (Intel-Prozessortreiber) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort-Treiber) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
R3 LVcKap64 (Logitech AEC Driver) - c:\windows\system32\drivers\lvckap64.sys (file missing)
R3 LVMVDrv (Logitech Machine Vision Engine Loader) - c:\windows\system32\drivers\lvmvdrv.sys (file missing)
R3 lvpopf64 (Logitech POP Suppression Filter) - c:\windows\system32\drivers\lvpopf64.sys (file missing)
R3 LVPr2M64 (Logitech LVPr2M64 Driver) - c:\windows\system32\drivers\lvpr2m64.sys (file missing)
R3 LVUSBS64 (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbs64.sys (file missing)
R3 LVUVC64 (Logitech QuickCam Pro 5000(UVC)) - c:\windows\system32\drivers\lvuvc64.sys (file missing)
R3 monitor (Microsoft Monitor-Klassenfunktionstreiber-Dienst) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Maus-HID-Treiber) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows-Firewallautorisierungstreiber) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft-Systemverwaltungs-BIOS-Treiber) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NdisTapi (RAS-NDIS-TAPI-Treiber) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (RAS-NDIS-WAN-Treiber) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 Parport (Treiber für parallelen Anschluss) - c:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN-Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN-Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remotezugriff-PPPOE-Treiber) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 rdpdr (Treiber für Terminalserver-Geräteumleitung) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 Serenum (Serenum-Filtertreiber) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software-Bus-Treiber) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Microsoft Tun-Miniportadaptertreiber) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft-IPv6-Tunnelminiport-Adaptertreiber) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus-Enumerator-Treiber) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbaudio (USB-Audiotreiber (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing)
R3 usbccgp (Microsoft Standard-USB-Haupttreiber) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2-aktivierter Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbuhci (Miniporttreiber für universellen Microsoft USB-Hostcontroller) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Microsoft Kernel-DRM-Audioentschlüsselung) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Proxy für Streaming Clock) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Proxy für Streaming Quality Manager) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 nmwcdcx64 (Nokia USB Generic) - c:\windows\system32\drivers\ccdcmbox64.sys (file missing)
S3 nmwcdnsucx64 (Nokia USB Flashing Generic) - c:\windows\system32\drivers\nmwcdnsucx64.sys (file missing)
S3 nmwcdnsux64 (Nokia USB Flashing Phone Parent) - c:\windows\system32\drivers\nmwcdnsux64.sys (file missing)
S3 nmwcdx64 (Nokia USB Phone Parent) - c:\windows\system32\drivers\ccdcmbx64.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 Ph3xIB64 (Philips 713x Inbox PCI TV Card) - c:\windows\system32\drivers\ph3xib64.sys (file missing)
S3 QWAVEdrv (QWAVE-Treiber) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 s115bus (Sony Ericsson Device 115 driver (WDM)) - c:\windows\system32\drivers\s115bus.sys (file missing)
S3 s115mdfl (Sony Ericsson Device 115 USB WMC Modem Filter) - c:\windows\system32\drivers\s115mdfl.sys (file missing)
S3 s115mdm (Sony Ericsson Device 115 USB WMC Modem Driver) - c:\windows\system32\drivers\s115mdm.sys (file missing)
S3 s115mgmt (Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\s115mgmt.sys (file missing)
S3 s115obex (Sony Ericsson Device 115 USB WMC OBEX Interface) - c:\windows\system32\drivers\s115obex.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 upperdev - c:\windows\system32\drivers\usbser_lowerfltx64.sys (file missing)
S3 usbser (Nokia USB Serial Port) - c:\windows\system32\drivers\usbser.sys (file missing)
S3 UsbserFilt - c:\windows\system32\drivers\usbser_lowerfltx64j.sys (file missing)
S3 USBSTOR (USB-Massenspeichertreiber) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)

Lukerunner · 03.05.2008, 23:52

3.Teil:

Code:

ATTFilter

S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 ohci1394 (NEC FireWarden OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
S4 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\anwendungen\program files (x86)\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 ProtexisLicensing - c:\windows\syswow64\psiservice.exe <Not Verified; ; PSIService>
R2 SamSs (Sicherheitskonto-Manager) - c:\windows\system32\lsass.exe (file missing)
R2 SBSDWSCService (SBSD Security Center Service) - c:\anwendungen\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 slsvc (Softwarelizenzierung) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Druckwarteschlange) - c:\windows\system32\spoolsv.exe (file missing)

S3 ALG (Gatewaydienst auf Anwendungsebene) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS-Replikation) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 KeyIso (CNG-Schlüsselisolation) - c:\windows\system32\lsass.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 NBService - c:\anwendungen\program files (x86)\nero 7\nero backitup\nbservice.exe
S3 Netlogon (Anmeldedienst) - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Geschützter Speicher) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (RPC-Locator) - c:\windows\system32\locator.exe (file missing)
S3 ServiceLayer - "c:\program files (x86)\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 SNMPTRAP (SNMP-Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice
S3 UI0Detect (Erkennung interaktiver Dienste) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtueller Datenträger) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Volumeschattenkopie) - c:\windows\system32\vssvc.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI-Leistungsadapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: 
Description: Videocontroller für Multimedia
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_34010070&REV_03\3&267A616A&0&58
Manufacturer: 
Name: Videocontroller für Multimedia
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_34010070&REV_03\3&267A616A&0&58
Service: 

Class GUID: 
Description: Multimediacontroller
Device ID: PCI\VEN_14F1&DEV_8811&SUBSYS_34010070&REV_03\3&267A616A&0&59
Manufacturer: 
Name: Multimediacontroller
PNP Device ID: PCI\VEN_14F1&DEV_8811&SUBSYS_34010070&REV_03\3&267A616A&0&59
Service: 

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-05-03 22:45:24       418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{537A681B-4268-44B2-B77A-F6CDEEC075F8}.job


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-03 22:08:47         0 d-------- C:\Program Files (x86)\Lavasoft
2008-05-03 22:08:46         0 d-------- C:\Users\All Users\Lavasoft
2008-05-03 17:30:22         0 d-------- C:\Program Files (x86)\SignSIS-GUI
2008-05-02 10:35:03         0 d-------- C:\Program Files (x86)\Zilla Popup Killer
2008-05-02 10:34:51    101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-01 23:50:48         0 d-------- C:\Users\All Users\SecTaskMan
2008-05-01 23:28:54         0 d-------- C:\Program Files (x86)\Enigma Software Group
2008-04-28 17:04:03         0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-27 10:16:32         0 d-------- C:\Program Files (x86)\DNA
2008-04-23 21:03:21         0 d-------- C:\Program Files (x86)\DivX
2008-04-22 15:42:31         0 d-------- C:\Users\All Users\Nokia
2008-04-22 15:31:52         0 d-------- C:\Program Files (x86)\Common Files\Nokia
2008-04-22 15:31:16         0 d-------- C:\Users\All Users\Installations
2008-04-22 15:07:19         0 d-------- C:\Users\All Users\PC Suite
2008-04-22 15:05:53         0 d-------- C:\Program Files (x86)\Common Files\PCSuite
2008-04-22 15:03:53         0 d-------- C:\Program Files (x86)\PC Connectivity Solution
2008-04-22 15:00:07         0 d-------- C:\Program Files (x86)\Nokia
2008-04-19 15:40:39         0 d-------- C:\Users\All Users\TrackMania
2008-04-17 18:26:47         0 d-------- C:\Program Files (x86)\Common Files\LightScribe
2008-04-17 18:15:00         0 d-------- C:\Users\All Users\Ahead
2008-04-17 18:11:06         0 d-------- C:\Users\All Users\Nero
2008-04-17 18:11:06         0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-04-17 14:23:04         0 d-------- C:\Program Files (x86)\Apple Software Update
2008-04-17 14:23:03         0 d-------- C:\Users\All Users\Apple
2008-04-15 18:09:20      3766 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-04-15 18:09:20        88 -r-hs---- C:\Windows\system32\2C6B885687.sys
2008-04-15 18:05:51         0 d-------- C:\Windows\system32\Spool
2008-04-15 18:04:58         0 d-------- C:\Program Files (x86)\Common Files\Corel
2008-04-06 11:39:44         0 d-------- C:\Windows\system32\en
2008-04-06 11:39:44         0 d-------- C:\Windows\system32\drivers\en-US
2008-04-06 11:39:44         0 d-------- C:\Windows\system32\0409
2008-04-04 14:00:52    413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-04 14:00:52    110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-04-04 14:00:52         0 d-------- C:\Program Files (x86)\OpenAL
2008-04-04 13:54:28         0 d-------- C:\Windows\system32\Futuremark
2008-04-04 13:54:28      3972 --a------ C:\Windows\system32\drivers\PciBus.sys


-- Find3M Report ---------------------------------------------------------------

2008-05-03 23:20:49         0 d-------- C:\Users\name\AppData\Roaming\Xfire
2008-05-03 22:48:57         0 d-------- C:\Users\name\AppData\Roaming\BitTorrent
2008-05-03 22:06:57         0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-05-03 22:01:58       425 --a------ C:\Users\name\AppData\Roaming\TheLastRipper.xml
2008-05-03 13:33:53         0 d-------- C:\Program Files (x86)\Ulead Systems
2008-05-03 13:31:34         0 d-------- C:\Users\name\AppData\Roaming\Ulead Systems
2008-05-03 13:31:25         0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-05-03 00:26:47         0 d-------- C:\Users\name\AppData\Roaming\Windows Live Writer
2008-05-02 10:39:38         0 d-------- C:\Program Files (x86)\Common Files\Steam
2008-05-01 22:03:58         0 d-------- C:\Program Files (x86)\ICQToolbar
2008-04-27 20:01:55         0 d-------- C:\Users\name\AppData\Roaming\DNA
2008-04-27 11:14:27         0 d-------- C:\Users\name\AppData\Roaming\Skype
2008-04-27 10:28:02         0 d-------- C:\Program Files (x86)\Java
2008-04-27 10:16:55         0 d-------- C:\Users\name\AppData\Roaming\skypePM
2008-04-27 10:16:12         0 d-------- C:\Users\name\AppData\Roaming\BitTorrent DNA
2008-04-26 15:42:08         0 d-------- C:\Users\name\AppData\Roaming\OpenOffice.org2
2008-04-26 15:25:55         0 d-------- C:\Users\name\AppData\Roaming\Ahead
2008-04-25 21:55:52         0 d-------- C:\Users\name\AppData\Roaming\Nokia Multimedia Player
2008-04-23 20:29:13         0 d-------- C:\Users\name\AppData\Roaming\Nokia
2008-04-23 19:34:06         0 d-------- C:\Users\name\AppData\Roaming\NSeries
2008-04-23 18:39:05         0 d-------- C:\Users\name\AppData\Roaming\SlySoft
2008-04-23 17:40:38         0 d-------- C:\Users\name\AppData\Roaming\PC Suite
2008-04-22 15:31:52         0 d-------- C:\Program Files (x86)\Common Files
2008-04-22 15:08:45         0 d-------- C:\Users\name\AppData\Roaming\Adobe
2008-04-17 14:41:04         0 d-------- C:\Users\name\AppData\Roaming\LimeWire
2008-04-17 14:24:36         0 d-------- C:\Program Files (x86)\Safari
2008-04-15 18:20:15         0 d-------- C:\Users\name\AppData\Roaming\Corel
2008-04-15 18:15:40         0 d-------- C:\Program Files (x86)\Common Files\PX Storage Engine
2008-04-15 18:11:28         0 d-------- C:\Program Files (x86)\Corel
2008-04-11 14:37:26         0 d-------- C:\Users\name\AppData\Roaming\Winamp
2008-04-10 16:55:52         0 d-------- C:\Program Files (x86)\Windows Mail
2008-04-06 11:39:44         0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-04-06 11:39:44         0 d-------- C:\Program Files (x86)\Windows Photo Gallery
2008-04-06 11:39:44         0 d-------- C:\Program Files (x86)\Windows Defender
2008-04-06 11:39:44         0 d-------- C:\Program Files (x86)\Windows Calendar
2008-04-01 21:53:00         0 d-------- C:\Program Files (x86)\Microsoft Works
2008-04-01 21:52:34         0 d-------- C:\Program Files (x86)\MSBuild
2008-04-01 21:50:10         0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-04-01 21:47:15         0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8
2008-03-31 23:25:48    823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:48    823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:46    802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 23:25:46    831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 23:25:46    682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-29 18:27:07         0 d-------- C:\Users\name\AppData\Roaming\Apple Computer
2008-03-21 22:30:08   3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 22:28:54    196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 22:28:54     81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 22:28:20     12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-03-18 18:46:49         0 d-------- C:\Program Files (x86)\Windows Live Favorites
2008-03-18 18:46:40         0 d-------- C:\Program Files (x86)\Windows Live Toolbar
2008-03-17 19:28:35         0 d-------- C:\Program Files (x86)\Sony Ericsson USB
2008-03-17 12:56:22         0 d-------- C:\Users\name\AppData\Roaming\Google
2008-03-17 12:55:00         0 d-------- C:\Program Files (x86)\Google
2008-03-15 00:46:24         0 d-------- C:\Users\name\AppData\Roaming\Unyte
2008-03-14 23:58:25         0 d-------- C:\Users\name\AppData\Roaming\teamspeak2
2008-03-14 23:18:51         0 d-------- C:\Program Files (x86)\Skype
2008-03-14 23:18:46         0 d-------- C:\Program Files (x86)\Common Files\Skype
2008-03-12 17:22:32         0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-03-11 17:40:12         0 d-------- C:\Users\name\AppData\Roaming\FileZilla
2008-03-06 21:51:33         0 d-------- C:\Users\name\AppData\Roaming\phonostar-Player


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-05-04 00:11:28 ------------

Lukerunner · 03.05.2008, 23:57

extra.txt

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate  (build 6000)
Architecture: X64; Language: German

CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 2046.69 MiB / 937.75 MiB
Pagefile Memory (total/avail): 4309.56 MiB / 2853.43 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3952.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.76 GiB total, 210.11 GiB free. 
D: is Fixed (NTFS) - 19.53 GiB total, 18.6 GiB free. 
E: is CDROM (No Media)
F: is Fixed (NTFS) - 19.53 GiB total, 13.02 GiB free. 
G: is Fixed (NTFS) - 58.59 GiB total, 58.51 GiB free. 
H: is Fixed (FAT32) - 31.84 GiB total, 30.28 GiB free. 

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ ATA Device - 465.76 GiB - 1 partition
  \PARTITION0 (bootable) - Installierbares Dateisystem - 465.76 GiB - C:

\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N ATA Device - 149.05 GiB - 5 partitions
  \PARTITION0 - Unknown - 19.53 GiB
  \PARTITION1 (bootable) - Installierbares Dateisystem - 19.53 GiB - D:
  \PARTITION2 - Erweitert mit Int 13 (erweitert) - 109.98 GiB - F: - G: - H:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)
AS: Avira AntiVir PersonalEdition v 7.0.3.158
 (Avira GmbH)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Anwendungen\\Program Files (x86)\\BitTorrent\\bittorrent.exe"="C:\\Anwendungen\\Program Files (x86)\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\name\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=NAME-PC
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\name
LANG=de
LOCALAPPDATA=C:\Users\name\AppData\Local
LOGONSERVER=\\NAME-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Common Files\Ulead Systems\DVD;C:\Anwendungen\Program Files (x86)\Common Files\GTK\2.0\bin;C:\Program Files (x86)\Common Files\Teleca Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Anwendungen\Program Files (x86)\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=EM64T Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\name\AppData\Local\Temp
TMP=C:\Users\name\AppData\Local\Temp
USERDOMAIN=NAME-PC
USERNAME=name
USERPROFILE=C:\Users\name
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Name (admin)
Name (new local, net ready)
Name (new local, guest, net ready)


-- Add/Remove Programs ---------------------------------------------------------

 -->  -c"C:\Anwendungen\Program Files (x86)\Ulead Systems\Ulead COOL 360\IS32Inst.dll"
 --> C:\Anwendungen\Program Files (x86)\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
 --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
 --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
 --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
 --> C:\Windows\UNNeroVision.exe /UNINSTALL
 --> C:\Windows\UNRecode.exe /UNINSTALL
[00]CSS PCA Mappack - Summerfeelings --> C:\Windows\[00]CSS PCA Mappack - Summerfeelings Uninstaller.exe
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
3DMark06 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9  -removeonly
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AGEIA PhysX v6.10.05 --> MsiExec.exe /X{582876EC-A178-44D4-9823-C10D6C62EAFF}
Alive Video Converter (version 3.1.9.2) --> "C:\Anwendungen\Program Files (x86)\AliveMedia\Video Converter\unins000.exe"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avira AntiVir Personal – Free Antivirus --> C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 2(TM) --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7  -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x7  -removeonly
BitTorrent --> "C:\Anwendungen\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Carom3D --> C:\Windows\NeoUninstall.exe "C:\Spiele\Program Files\Neoact\Carom3D\Uninstall.ini"
CloneDVDmobile --> "C:\Anwendungen\Program Files (x86)\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Anwendungen\Program Files (x86)\SlySoft\CloneDVDmobile"
DebugMode Wink --> "C:\Anwendungen\Program Files (x86)\DebugMode\Wink\uninst.exe"
DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DIE SIEDLER - Aufstieg eines Königreichs Demo --> "C:\Program Files (x86)\InstallShield Installation Information\{29EA790B-D222-4ABF-8DF4-3DA5EB11791B}\Setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Codec --> C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files (x86)\DNA\btdna.exe" /UNINSTALL
Duden Rechtschreibtrainer --> MsiExec.exe /X{90D1201F-2B53-45A5-B940-B7DE21B995FC}
Duden Tipptrainer 2.0 --> MsiExec.exe /I{7036A07A-FE2A-4920-A944-19B73D16F106}
eMusic - 50 Free MP3 offer --> "C:\Anwendungen\Program Files (x86)\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EPSON Scan --> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
FEAR --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x7  /zU -removeonly
FileZilla Client 3.0.7.1 --> C:\Anwendungen\Program Files (x86)\FileZilla Client\uninstall.exe
FlatOut2 --> "C:\Spiele\Program Files (x86)\Steam\steam.exe" steam://uninstall/2990
Free WMA to MP3 Converter 1.16 --> "C:\Anwendungen\Program Files (x86)\Free WMA to MP3 Converter\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files (x86)\google\googletoolbar1.dll"
Gothic III --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7  -removeonly
GTK+ 2.10.13 runtime environment --> "C:\Anwendungen\Program Files (x86)\Common Files\GTK\2.0\setup\unins000.exe"
Half-Life 2 Awakening 1.1 --> c:\Spiele\Program Files (x86)\Steam\steamapps\SourceMods\Uninstal.exe
Hauppauge WinTV-PVR 150 Drivers --> C:\PROGRA~2\WinTV\UNpvr48.EXE C:\PROGRA~2\WinTV\pvr26xxx.LOG
Hervorhebe-Funktion (Windows Live Toolbar) --> MsiExec.exe /X{00D0200F-3B4D-4A2F-869E-533ED835A943}
HijackThis 2.0.2 --> "C:\Anwendungen\Program Files (x86)\HiJackThis\HijackThis.exe" /uninstall
ICQ 5.1 --> C:\Program Files (x86)\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar --> regsvr32 /u /s "C:\PROGRA~2\ICQTOO~1\toolbaru.dll" 
Infernal --> "C:\Spiele\Program Files (x86)\Steam\steam.exe" steam://uninstall/7060
InfraRecorder --> C:\Anwendungen\Program Files (x86)\InfraRecorder\uninstall.exe
InternetGameBox --> C:\Anwendungen\Program Files (x86)\InternetGameBox\uninst.exe
IsoBuster 2.3 --> "C:\Anwendungen\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Anwendungen\Program Files (x86)\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x7 UNINSTALL -removeonly
Logitech SetPoint --> C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Logitech® Camera-Treiber --> "C:\Program Files (x86)\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Mozilla Firefox (2.0.0.14) --> C:\Anwendungen\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MP3 and WAV Solutions 1 --> C:\Windows\cadkasdeinst01.exe "C:\Anwendungen\Program Files (x86)\MP3 and WAV Solutions 1\"
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Essentials --> MsiExec.exe /X{1A6A6531-08FC-47AD-BAC4-C41497E71031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nvu 1.0 --> "C:\Anwendungen\Program Files (x86)\Nvu\unins000.exe"
Oblivion --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x7  -removeonly
OpenAL --> "C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 2.3 --> MsiExec.exe /I{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}
Painkiller Overdose Demo --> "C:\Spiele\Program Files (x86)\Steam\steam.exe" steam://uninstall/3280
PC Connectivity Solution --> MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
phonostar-Player Version 2.01.0 --> "C:\Anwendungen\Program Files (x86)\phonostar\unins000.exe"
Phonostar eBay-Icon 1.0.000 --> C:\Windows\uninstall\Phonostar eBay-Icon\setup.exe
Presentation To Video Converter --> "C:\Anwendungen\Program Files (x86)\GeoVid\Presentation To Video Converter\unins000.exe"
Privoxy 3.0.6 --> "C:\Anwendungen\Program Files (x86)\Vidalia Bundle\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
ShotOnline --> C:\Spiele\Program Files (x86)\ShotOnline\uninst.exe
SHOUTcast Source DSP 1.9.0 (remove only) --> C:\Anwendungen\Program Files (x86)\Winamp\uninst-dsp.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
Spybot - Search & Destroy --> "C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\ANWEND~1\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Team Fortress 2 --> "C:\Spiele\Program Files (x86)\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2 --> "C:\Anwendungen\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
Techno4ever Player --> C:\Anwendungen\Program Files (x86)\T4E\Player\T4E_Uninstaller.exe
Techno4ever Toolbar --> C:\PROGRA~2\TECHNO~1\UNWISE.EXE C:\PROGRA~2\TECHNO~1\INSTALL.LOG
The GIMP 2.2.17 --> "C:\Anwendungen\Program Files (x86)\GIMP-2.0\unins000.exe"
The Matrix - Path of Neo --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\SETUP.EXE" -l0x7  -removeonly
The Movies Demo --> "C:\Spiele\Program Files (x86)\Steam\steam.exe" steam://uninstall/7920
TheLastRipper 1.1.0 --> C:\Anwendungen\Program Files (x86)\TheLastRipper\uninst.exe
TMPGEnc 4.0 XPress Testversion --> MsiExec.exe /I{1BF4C621-8016-48B3-AF4A-107277FCBF83}
Tor 0.1.2.19 --> "C:\Anwendungen\Program Files (x86)\Vidalia Bundle\Uninstall.exe"
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Vidalia 0.0.16 --> "C:\Anwendungen\Program Files (x86)\Vidalia Bundle\Uninstall.exe"
VideoLAN VLC media player 0.8.6d --> C:\Anwendungen\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions --> C:\ANWEND~1\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\ANWEND~1\PROGRA~1\VIRTUA~1\INSTALL.LOG
Virtual Me Character Creator --> MsiExec.exe /X{EEC002BD-E0FB-46DF-B724-0521A5170E02}
WebDialogs Unyte --> C:\ProgramData\Skype\Plugins\Plugins\F09C3B9060684346A02C2F528049D062\uninstall.exe
Winamp --> "C:\Anwendungen\Program Files (x86)\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files (x86)\Winamp Remote\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files (x86)\Winamp Toolbar\uninstall.exe"
Windows Live Writer --> MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR --> C:\Program Files (x86)\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Anwendungen\Program Files (x86)\Xfire\uninst.exe"
Yahoo! Toolbar --> C:\PROGRA~2\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type25391 / Success
Event Submitted/Written: 05/03/2008 09:44:39 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type25386 / Success
Event Submitted/Written: 05/03/2008 09:43:59 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type25385 / Success
Event Submitted/Written: 05/03/2008 09:43:58 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type25379 / Success
Event Submitted/Written: 05/03/2008 09:43:51 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.

Event Record #/Type25368 / Warning
Event Submitted/Written: 05/03/2008 09:41:46 PM
Event ID/Source: 1530 / profsvc
Event Description:
1 user registry handles leaked from \Registry\User\S-1-5-21-3676559067-3133431721-2156353584-1000_Classes:
Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3676559067-3133431721-2156353584-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type98136 / Warning
Event Submitted/Written: 05/03/2008 09:45:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{A46B7FBA-532C-49E9-A35F-D05E3531DD73}Name-PCNameS-1-5-21-3676559067-3133431721-2156353584-1000Unknown%%832runonce:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.00000000010%%807

Event Record #/Type98085 / Warning
Event Submitted/Written: 05/03/2008 07:01:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{61A6A8B6-95B2-4604-BCDA-EFB8AEDAF7EF}Name-PCNameS-1-5-21-3676559067-3133431721-2156353584-1000Unknown%%832runonce:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.00000000010%%807

Event Record #/Type97960 / Warning
Event Submitted/Written: 05/03/2008 03:49:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{140F1128-6320-4CFF-A2E2-D166B97A8314}Name-PCNameS-1-5-21-3676559067-3133431721-2156353584-1000Unknown%%832runonce:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.00000000010%%807

Event Record #/Type97839 / Warning
Event Submitted/Written: 05/03/2008 01:37:40 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{AF220412-B04B-4A67-B104-2D2C56855025}Name-PCNameS-1-5-21-3676559067-3133431721-2156353584-1000Unknown%%832runonce:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.00000000010%%807

Event Record #/Type97711 / Warning
Event Submitted/Written: 05/03/2008 00:14:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.



-- End of Deckard's System Scanner: finished at 2008-05-04 00:11:28 ------------

Lukerunner · 04.05.2008, 00:07

Malwarebytes auswertung (bei Schnellsuche) Komplett mach ich später!

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.11
Datenbank Version: 712

Scan Art: Schnell Scan
Objekte gescannt: 32249
Scan Dauer: 6 minute(s), 26 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\ensfolr.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

Spyware Problem!

Log-Analyse und Auswertung: Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Spyware Problem!

Ähnliche Themen: Spyware Problem!

03.05.2008, 22:30	#5
Lukerunner	Spyware Problem! Es gibt ein Problem... ComboFix läuft nur unter Windows 2000 oder XP und ich hab Vista x64. mfg Luke

03.05.2008, 23:30	#9
Lukerunner	Spyware Problem! Wie meinst das mit ['CODE]['/CODE]? Die Inhalte der main.txt ist zu groß sind über 65000Zeichen.