Hallo

Habe seit einige Tage laut AntiVir den TR/Vundo.Gen und werde ihn einfach nicht los.
Habe zu dem Thema gegoogelt und unterschiedlichste Infos gelesen. Habe auch bereits VundoFix laufen erfolglos lassen. Habe ehrlich gesagt nicht viel Ahnung vom PC, brauche aber dringend Hilfe.
Unten hab ich nen aktuellen Hijack This Logfile angehängt. Das hat mich eigentlich schon fast überfordert. Naja. Ich hoffe ich hab bis jetzt hier alles richtig gemacht und erzürne bei niemandem Unmut. Bitte helft mir.

Dank und Gruß

dickbachus





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09:26, on 29.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programme\22M WLAN\WLANMON.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\FRITZ!DSL\StCenter.EXE
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {3A859791-8C58-42B0-ACA5-BF3C15F1A140} - C:\WINDOWS\system32\fxmexnle.dll (file missing)
O2 - BHO: (no name) - {504A5824-301E-4144-8741-F874CC29B1DD} - C:\WINDOWS\system32\urqPHbBt.dll (file missing)
O2 - BHO: (no name) - {6990E377-4CC1-46EE-A732-266C1292B9D0} - C:\WINDOWS\system32\jkkJdExX.dll (file missing)
O2 - BHO: (no name) - {6C350DFC-885F-4296-82E3-6428DD982099} - C:\WINDOWS\system32\tuvSijIA.dll
O2 - BHO: (no name) - {ADED5A04-3508-4CC3-97AD-D79974676DBD} - C:\WINDOWS\system32\ssqQGVnk.dll (file missing)
O2 - BHO: (no name) - {B7D7A923-8D0A-43CF-B3E9-2F95F7A4C058} - C:\WINDOWS\system32\urqQhfdB.dll
O2 - BHO: (no name) - {DC5A672A-4DB9-4C44-BE5D-AD0ACBEAAE52} - C:\WINDOWS\system32\ddcAsrOF.dll (file missing)
O2 - BHO: {03ebf515-6674-2f88-be94-96fda247efcf} - {fcfe742a-df69-49eb-88f2-4766515fbe30} - C:\WINDOWS\system32\boikio.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "d:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE2] "D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Programme\XP_AntiSpyware\XP_AntiSpyware.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75F344F-97E1-4080-98B0-02C9016E8A63}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: boikio.dll
O20 - Winlogon Notify: tuvSijIA - C:\WINDOWS\SYSTEM32\tuvSijIA.dll
O21 - SSODL: WinInfo - {3F17C9F7-AF42-CFA9-E65E-012D444D2324} - C:\Programme\srhmoxc\WinInfo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe

Hallo erneut.

Habe nun, ich hoffe ordnungsgemäß, Anti-Malware scannen lassen und folgendes Log erhalten.

Dank und Gruß






Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1335
Windows 5.1.2600 Service Pack 3

29.10.2008 12:21:30
mbam-log-2008-10-29 (12-21-29).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 176990
Laufzeit: 2 hour(s), 23 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 56
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 9
Infizierte Dateien: 94

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\urqQhfdB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvSijIA.dll (Trojan.Vundo) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvsijia (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7d7a923-8d0a-43cf-b3e9-2f95f7a4c058} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b7d7a923-8d0a-43cf-b3e9-2f95f7a4c058} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcfe742a-df69-49eb-88f2-4766515fbe30} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcfe742a-df69-49eb-88f2-4766515fbe30} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3F17C9F7-AF42-CFA9-E65E-012D444D2324} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d7a923-8d0a-43cf-b3e9-2f95f7a4c058} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ed983c3-faac-400c-bbd4-f519d74ff188} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{21f022c8-c045-4555-8a90-651e6a3dc6c6} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Accoona (Adware.Accoona) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wininfo (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqhfdb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqhfdb -> Delete on reboot.

Infizierte Verzeichnisse:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP\LOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\DAP\NTLOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\tuvSijIA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqQhfdB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\BdfhQqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BdfhQqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boikio.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Programme\srhmoxc\WinInfo.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP359\A0036574.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP371\A0037260.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0037842.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP377\A0038013.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP377\A0038035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0038079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0038080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0038081.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0038082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0038083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0038084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ssqQGVnk.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGaxuuV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\cygcrypt-0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\Copy (10) of tt.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\Copy (2) of 2.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\cygwin1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\New Text Document (5).txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\servicelogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\servicesmgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\svchostlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\DRIVER\winlogon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Cookies\bexy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Hallo.

Hier nun ein aktuelle Hijack Log nachdem Anti-Maleware alles Gefundene nach einem Neustart wohl gelöscht hat. Hoffentlich. War es dann denn jetzt schon? Kann mir jemand helfen? Ne Rückmeldung wäre echt schön. Befürchte nämlich hier den grössten Schei.. zu machen.

dickbauchus




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:45, on 29.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programme\22M WLAN\WLANMON.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {3A859791-8C58-42B0-ACA5-BF3C15F1A140} - C:\WINDOWS\system32\fxmexnle.dll (file missing)
O2 - BHO: (no name) - {504A5824-301E-4144-8741-F874CC29B1DD} - C:\WINDOWS\system32\urqPHbBt.dll (file missing)
O2 - BHO: (no name) - {6990E377-4CC1-46EE-A732-266C1292B9D0} - C:\WINDOWS\system32\jkkJdExX.dll (file missing)
O2 - BHO: (no name) - {ADED5A04-3508-4CC3-97AD-D79974676DBD} - C:\WINDOWS\system32\ssqQGVnk.dll (file missing)
O2 - BHO: (no name) - {DC5A672A-4DB9-4C44-BE5D-AD0ACBEAAE52} - C:\WINDOWS\system32\ddcAsrOF.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "d:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE2] "D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75F344F-97E1-4080-98B0-02C9016E8A63}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: boikio.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

--
End of file - 11263 bytes

Hi,


Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code: Alles auswählenAufklappen

ATTFilter

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {3A859791-8C58-42B0-ACA5-BF3C15F1A140} - C:\WINDOWS\system32\fxmexnle.dll (file missing)
O2 - BHO: (no name) - {504A5824-301E-4144-8741-F874CC29B1DD} - C:\WINDOWS\system32\urqPHbBt.dll (file missing)
O2 - BHO: (no name) - {6990E377-4CC1-46EE-A732-266C1292B9D0} - C:\WINDOWS\system32\jkkJdExX.dll (file missing)
O2 - BHO: (no name) - {ADED5A04-3508-4CC3-97AD-D79974676DBD} - C:\WINDOWS\system32\ssqQGVnk.dll (file missing)
O2 - BHO: (no name) - {DC5A672A-4DB9-4C44-BE5D-AD0ACBEAAE52} - C:\WINDOWS\system32\ddcAsrOF.dll (file missing)
O20 - AppInit_DLLs: boikio.dll
         

Scanne mit Prevx und Avirantirootkit:
http://www.prevx.com/freescan.asp
Poste Funde ...

Avira-Antirootkit
Downloade Avira Antirootkit und Scanne dein system, poste das logfile.
http://dl.antivir.de/down/windows/antivir_rootkit.zip

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Aktualisiere Antivir, stelle dein Antivir ein, wie hier beschrieben:
http://www.trojaner-board.de/54192-a...tellungen.html
Danach Fullscan, alles beseitigen lassen, Log posten!

chris

Prevx CSI meldet:

1 infection has been identified in your system:

Staus: BAD Name: C:\windows\KochRun.exe Malicious Software

License required to clean.




Avira Rootkit Tool meldeT:

No hidden objects detected.

Hi

Ist mir zwar peinlich, aber ich weiß nicht wie ich was von den beiden files minimieren soll. Brauche dafür Hilfe

Hi,

äh was meinst Du mit minimieren?

Lasse die Datei C:\windows\KochRun.exe online prüfen:


Dateien Online überprüfen lassen:

• Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

• Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code: Alles auswählenAufklappen

ATTFilter

C:\windows\KochRun.exe
         

• Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

• Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

• Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Wenn Du mit minimieren die Logs meinst, nur immer stückweise kopieren und in neuen Posts posten (blöder Satz)....

chris

Du hast vorhin angegeben:

Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Da weiss ich einfach nicht wie ich was minimieren soll.

So. ich hoffe das hier ist richtig. Ich habe nämlich eigentlich wieder nicht verstanden was ich alles machen soll.
weitere Informationen

Dank schon mal im Voraus

Hier das Resultat:

Datei KochRun.exe empfangen 2008.05.15 13:45:23 (CET)
Status: Beendet
Ergebnis: 1/33 (3.03%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Malicious Software
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
weitere Informationen
MD5: aee1d618a0dbdcf0504de6c4a8483879
SHA1: aec0cee410a45203241f4b8eb55d3e564ca0a061
SHA256: b22cb0b05c2c92cf0ff98361169ef7206018491ae83292f3e72b39500e6d0516
SHA512: 1265c43e1ce47c9da0e7fcd3e574c3ac69caff87683dfa0e09752e23ed74036db20eb656ba876125d819bf6910d2a7eb9ba3a872b0d4453c337ec42a01430f37

Habs jetz verstanden. Stückweise die Logs. Los Gehts:

Teil1:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tim at 2008-10-29 17:01:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (32%) free of 80 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:35, on 29.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\22M WLAN\WLANMON.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\PrevxCSI\prevxcsi.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\PrevxCSI\prevxcsi.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\HiJackThis\Tim.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "d:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE2] "D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75F344F-97E1-4080-98B0-02C9016E8A63}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CSIScanner - Prevx - C:\Programme\PrevxCSI\prevxcsi.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

--
End of file - 10806 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"=sstray.exe /r []
"VOBID"=C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe [2003-03-31 147968]
"IW ControlCenter"=C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2003-03-12 836096]
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe [2003-05-05 393728]
"Microsoft Works Update Detection"=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-24 28672]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"CloneCDTray"=d:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2004-12-09 57344]
"OpwareSE2"=D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-06-23 4734976]
"nwiz"=nwiz.exe /install []
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-06-23 49152]
"NWEReboot"= []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-06-02 28160]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Programme\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"H/PC Connection Agent"=D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE [2003-04-23 417871]
"PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2007-06-08 23233576]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
22M WLAN-Adapter-Utility.lnk - C:\Programme\22M WLAN\WLANMON.exe
Adobe Reader - Schnellstart.lnk - D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BTTray.lnk - D:\Programme\DLink\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - D:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - D:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Startmenü\Programme\Autostart
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\Microsoft ActiveSync\WCESMGR.EXE"="D:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"="D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"D:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="D:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"D:\Programme\FRITZ!DSL\FBOXUPD.EXE"="D:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"D:\Programme\eMule\emule.exe"="D:\Programme\eMule\emule.exe:*:Enabled:eMule"
"D:\Programme\eDonkey2000\edonkey2000.exe"="D:\Programme\eDonkey2000\edonkey2000.exe:*:Enabled:eDonkey2000 Application"
"C:\Dokumente und Einstellungen\Tim\Desktop\emule.exe"="C:\Dokumente und Einstellungen\Tim\Desktop\emule.exe:*:Enabled:eMule"
"L:\EMULE\EMULE\emule.exe"="L:\EMULE\EMULE\emule.exe:*:Enabled:eMule"
"C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\IMApp.exe"="C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\emule0.47a-Xtreme5.1.1\emule.exe"="C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\emule0.47a-Xtreme5.1.1\emule.exe:*:Enabled:eMule"
"L:\emule\emule.exe"="L:\emule\emule.exe:*:Enabled:eMule"
"C:\Programme\IncrediMail\bin\IncrediMail_Install.exe"="C:\Programme\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe"="C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe"
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*isabled:MSI starter"
"C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\Rar$EX00.703\Nero Burning ROM 7.2.3.2b Crack Patch Serial Keygen.exe"="C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\Rar$EX00.703\Nero Burning ROM 7.2.3.2b Crack Patch Serial Keygen.exe:*:Enabled:Nero Burning ROM 7.2.3.2b Crack Patch Serial Keygen"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"M:\emule\emule.exe"="M:\emule\emule.exe:*:Enabled:eMule"
"D:\Programme\Nutz\Navigon 3110\aktuelle Navigon Karten 11.07\Europa 2008 mit RV\CryptLoad_1.0.4\RouterClient.exe"="D:\Programme\Nutz\Navigon 3110\aktuelle Navigon Karten 11.07\Europa 2008 mit RV\CryptLoad_1.0.4\RouterClient.exe:*:Enabled:RouterClient"
"C:\Programme\Motorola\RSD Lite\SDL.exe"="C:\Programme\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost"
"C:\Programme\Shareaza\Shareaza.exe"="C:\Programme\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b207b0a-69a2-11db-9b64-000f3d0d6d27}]
shell\AutoRun\command - M:\preinst.exe

Teil 2:


======List of files/folders created in the last 1 months======

2008-10-29 13:43:55 ----D---- C:\rsit
2008-10-29 13:35:40 ----D---- C:\Programme\Avira GmbH
2008-10-29 13:25:25 ----D---- C:\Programme\PrevxCSI
2008-10-29 13:25:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI
2008-10-29 09:54:57 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Malwarebytes
2008-10-29 09:54:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-10-29 09:54:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-10-28 15:23:59 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe
2008-10-28 14:20:00 ----D---- C:\VundoFix Backups
2008-10-28 14:20:00 ----A---- C:\VundoFix.txt
2008-10-27 13:56:14 ----D---- C:\Programme\ANTS
2008-10-26 12:01:23 ----ASH---- C:\WINDOWS\system32\knVGQqss.ini2
2008-10-26 12:01:23 ----ASH---- C:\WINDOWS\system32\knVGQqss.ini
2008-10-25 14:28:18 ----SH---- C:\WINDOWS\system32\cwotepri.ini
2008-10-25 14:18:44 ----ASH---- C:\WINDOWS\system32\FOrsAcdd.ini2
2008-10-25 14:18:44 ----ASH---- C:\WINDOWS\system32\FOrsAcdd.ini
2008-10-23 07:37:01 ----SH---- C:\WINDOWS\system32\rfrhjmsw.ini
2008-10-23 07:30:50 ----ASH---- C:\WINDOWS\system32\XxEdJkkj.ini2
2008-10-23 07:30:50 ----ASH---- C:\WINDOWS\system32\XxEdJkkj.ini
2008-10-22 19:55:42 ----SH---- C:\WINDOWS\system32\quaockfa.ini
2008-10-21 19:51:12 ----SH---- C:\WINDOWS\system32\oegdjdod.ini
2008-10-21 13:45:42 ----SH---- C:\WINDOWS\system32\xvgbukxq.ini
2008-10-21 13:45:10 ----A---- C:\WINDOWS\system32\6b44f76a-.txt
2008-10-21 13:44:32 ----ASH---- C:\WINDOWS\system32\tBbHPqru.ini2
2008-10-21 13:44:32 ----ASH---- C:\WINDOWS\system32\tBbHPqru.ini
2008-10-21 13:37:43 ----D---- C:\Programme\DVD Audio Extractor
2008-10-21 12:15:52 ----D---- C:\Programme\Free DVD MP3 Ripper
2008-10-17 15:13:14 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\GamesCafe
2008-10-15 19:51:42 ----D---- C:\Programme\ProjectX_0.90.4.00
2008-10-15 19:29:03 ----D---- C:\Programme\DVD2MP3
2008-10-15 11:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 11:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 11:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 11:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 11:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 11:00:48 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-15 10:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-15 10:57:31 ----A---- C:\WINDOWS\nilazolej.dll
2008-10-15 10:57:31 ----A---- C:\WINDOWS\ekurudupe.vbs
2008-10-15 10:57:31 ----A---- C:\WINDOWS\ahekucezum.exe
2008-10-15 10:57:31 ----A---- C:\Programme\Gemeinsame Dateien\duzyse.vbs
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\vuvydoxol.bat
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ikylaro.com
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dugigowi.vbs
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\atuvyn.bat
2008-10-15 10:52:57 ----A---- C:\WINDOWS\fatif.exe
2008-10-15 10:52:56 ----A---- C:\WINDOWS\system32\hyxoxitif.bat
2008-10-15 10:52:56 ----A---- C:\WINDOWS\system32\hajeburad.com
2008-10-15 10:52:56 ----A---- C:\Programme\Gemeinsame Dateien\ycumura.dll
2008-10-15 10:49:37 ----D---- C:\Programme\srhmoxc
2008-10-15 10:49:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zedqtchi
2008-10-13 13:11:41 ----D---- C:\Programme\PixiePack Codec Pack
2008-10-13 13:06:04 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Tunebite
2008-10-13 13:06:04 ----A---- C:\Log.txt
2008-10-13 13:05:13 ----D---- C:\Programme\RapidSolution
2008-10-13 13:05:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution

======List of files/folders modified in the last 1 months======

2008-10-29 16:52:46 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Skype
2008-10-29 16:27:44 ----D---- C:\Programme\Mozilla Firefox
2008-10-29 16:25:35 ----D---- C:\WINDOWS\Temp
2008-10-29 16:23:15 ----A---- C:\WINDOWS\SCARDSRV.INI
2008-10-29 16:22:40 ----D---- C:\WINDOWS
2008-10-29 16:21:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 16:21:11 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\FRITZ!
2008-10-29 15:54:49 ----D---- C:\WINDOWS\Prefetch
2008-10-29 13:35:40 ----RD---- C:\Programme
2008-10-29 13:35:40 ----HD---- C:\Programme\InstallShield Installation Information
2008-10-29 13:25:26 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 13:23:51 ----D---- C:\Programme\Mozilla Thunderbird
2008-10-29 12:28:49 ----D---- C:\WINDOWS\system32
2008-10-29 12:21:29 ----D---- C:\WINDOWS\system
2008-10-29 11:45:27 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2008-10-29 11:45:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-10-29 09:07:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 23:31:25 ----D---- C:\FAUXVIRUS
2008-10-28 21:21:18 ----HD---- C:\WINDOWS\inf
2008-10-27 13:42:40 ----D---- C:\Dokumente und Einstellungen
2008-10-26 09:00:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 15:21:53 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-23 18:56:35 ----D---- C:\Programme\Shareaza
2008-10-21 20:23:07 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2008-10-21 15:53:12 ----D---- C:\WINDOWS\twain_32
2008-10-21 15:52:19 ----SHD---- C:\WINDOWS\Installer
2008-10-21 13:34:25 ----D---- C:\Temp
2008-10-18 10:16:11 ----D---- C:\Programme\BFG
2008-10-17 15:12:47 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Zylom
2008-10-17 15:12:34 ----D---- C:\Programme\Zylom Games
2008-10-15 11:02:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 11:02:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 11:02:07 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 10:57:32 ----D---- C:\Programme\Gemeinsame Dateien
2008-10-13 11:17:26 ----A---- C:\error.txt
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-17 75072]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 NETDSL;AVM PPP over Ethernet; C:\WINDOWS\system32\DRIVERS\netdsl.sys [2005-03-04 11264]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-04-16 21248]
R1 vobcom;vobcom; C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 9728]
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2003-04-10 187392]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-02 12032]
R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-23 278984]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-11-25 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-11-25 12032]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-04-17 18048]
R2 TwkPCSC;CHIPDRIVE PC/SC Drivers; C:\WINDOWS\system32\drivers\TwkPCSC.sys [2000-10-20 11612]
R2 U3sHlpDr;U3sHlpDr; \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys []
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2002-04-17 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys [2003-08-14 21861]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-08-14 146812]
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2002-12-13 64000]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-06-02 25856]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-06-02 68864]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2002-04-21 210128]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-04-09 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-02 5888]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-04-21 521872]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2002-04-21 39348]
R3 Tetris;Tetris driver; C:\WINDOWS\System32\Drivers\Tetris.sys [2005-11-27 48928]
R3 TIACXLN;22M WLAN Adapter; C:\WINDOWS\System32\DRIVERS\tiacxln.sys [2003-06-06 155648]
R3 TWKPNP;CHIPDRIVE Plug and Play driver; C:\WINDOWS\System32\DRIVERS\TWKPNP.SYS [2000-10-20 5550]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\amdtools.sys []
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 AMDPCI;AMDPCI; \??\C:\DOKUME~1\Tim\LOKALE~1\Temp\AMDPCI.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AVMUNET;AVM FRITZ!Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-02-22 15104]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-08-14 30235]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-08-14 51848]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cdiskdun;cdiskdun; \??\C:\DOKUME~1\Tim\LOKALE~1\Temp\cdiskdun.sys []
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-06-02 13440]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-06-02 55040]
S3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys []
S3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 17792]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-04-21 1295336]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETFWDSL;AVM FRITZ!web DSL PPP; C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [2005-03-04 361472]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2002-04-21 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2002-04-21 85520]
S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-05-17 22768]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 utizmzmx;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utizmzmx.sys []
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-09-19 223128]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-02-23 31273]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 AVM IGD CTRL Service;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-03-04 118784]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe [2003-08-14 135168]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 CSIScanner;CSIScanner; C:\Programme\PrevxCSI\prevxcsi.exe [2008-10-29 880696]
R2 LVCOMSer;LVCOMSer; C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NMSAccess;NMSAccess; D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe [2003-05-14 45056]
R2 TWKSCARDSRV;CHIPDRIVE SCARD Service; C:\WINDOWS\SCARDS32.EXE [2000-10-20 265216]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-06-23 73728]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2002-04-21 45056]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-03-04 315392]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-07-25 208896]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

-----------------EOF-----------------

Avira AntVir läuft gerade im aggressiven Modus. Sobald es fertig ist schicke ich Dir das entsprechende Log.

Tausend Dank schon mal für die sensationelle Hilfe

Hier nun das Avira Antivir Log aus dem Expertenmodus:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 29. Oktober 2008 17:10

Es wird nach 996425 Virenstämmen gesucht.

Lizenznehmer: Avira AntiVir PersonalEdition Classic
Seriennummer: 0000149996-ADJIE-0001
Plattform: Windows XP
Windowsversion: (Service Pack 3) [5.1.2600]
Boot Modus: Normal gebootet
Benutzername: Tim
Computername: NAME-KX1TEP98LF

Versionsinformationen:
BUILD.DAT : 8.2.0.334 16933 Bytes 16.10.2008 14:53:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 17.07.2008 14:10:32
AVSCAN.DLL : 8.1.4.0 48897 Bytes 17.07.2008 14:10:32
LUKE.DLL : 8.1.4.5 164097 Bytes 17.07.2008 14:10:32
LUKERES.DLL : 8.1.4.0 12545 Bytes 17.07.2008 14:10:32
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 22:36:43
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 27.10.2008 22:36:44
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 27.10.2008 22:36:44
ANTIVIR3.VDF : 7.1.0.8 60928 Bytes 28.10.2008 22:36:45
Engineversion : 8.2.0.10
AEVDF.DLL : 8.1.0.6 102772 Bytes 16.10.2008 09:45:45
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 17.10.2008 09:54:47
AESCN.DLL : 8.1.1.3 123252 Bytes 16.10.2008 09:45:43
AERDL.DLL : 8.1.1.2 438644 Bytes 21.09.2008 16:04:41
AEPACK.DLL : 8.1.2.4 369014 Bytes 16.10.2008 09:45:43
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 24.10.2008 09:22:52
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 24.10.2008 09:22:51
AEHELP.DLL : 8.1.1.2 115062 Bytes 16.10.2008 09:45:41
AEGEN.DLL : 8.1.0.42 319861 Bytes 25.10.2008 09:45:39
AEEMU.DLL : 8.1.0.9 393588 Bytes 16.10.2008 09:45:39
AECORE.DLL : 8.1.2.9 172407 Bytes 28.10.2008 22:36:46
AEBB.DLL : 8.1.0.3 53618 Bytes 16.10.2008 09:45:37
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17.07.2008 14:10:32
AVPREF.DLL : 8.0.2.0 38657 Bytes 17.07.2008 14:10:32
AVREP.DLL : 8.0.0.2 98344 Bytes 08.08.2008 19:13:30
AVREG.DLL : 8.0.0.1 33537 Bytes 17.07.2008 14:10:32
AVARKT.DLL : 1.0.0.23 307457 Bytes 16.04.2008 10:10:35
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17.07.2008 14:10:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 16.04.2008 10:10:35
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17.07.2008 14:10:32
NETNT.DLL : 8.0.0.1 7937 Bytes 16.04.2008 10:10:35
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17.07.2008 14:10:28
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17.07.2008 14:10:28

Konfiguration für den aktuellen Suchlauf:
Job Name.........................: Lokale Festplatten
Konfigurationsdatei..............: c:\programme\antivir personaledition classic\alldiscs.avp
Protokollierung..................: niedrig
Primäre Aktion...................: interaktiv
Sekundäre Aktion.................: ignorieren
Durchsuche Masterbootsektoren....: aus
Durchsuche Bootsektoren..........: ein
Bootsektoren.....................: C:, D:,
Durchsuche aktive Programme......: ein
Durchsuche Registrierung.........: ein
Suche nach Rootkits..............: aus
Datei Suchmodus..................: Alle Dateien
Durchsuche Archive...............: ein
Rekursionstiefe einschränken.....: 20
Archiv Smart Extensions..........: ein
Makrovirenheuristik..............: ein
Dateiheuristik...................: hoch
Abweichende Gefahrenkategorien...: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Mittwoch, 29. Oktober 2008 17:10

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclUSBSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'skypePM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MPAPI3s.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsPMSPSv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCARDS32.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccess.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrcSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'prevxcsi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'prevxcsi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTSVCCDA.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IGDCTRL.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StCenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FwebProt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANMON.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PcSync2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCESCOMM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msmsgs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Quickcam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Communications_Helper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'opwareSE2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WkUFind.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iwctrl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sstray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '62' Prozesse mit '62' Modulen durchsucht

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen.
Die Registry wurde durchsucht ( '84' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <boot>
C:\hiberfil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\ComboFix.exe
[0] Archivtyp: RAR SFX (self extracting)
--> 32788R22FWJFW\hidec.exe
[FUND] Enthält Erkennungsmuster des SPR/Tool.Hide.A-Programmes
--> 32788R22FWJFW\NirCmd.cfexe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/NirCmd.E.2.B
--> 32788R22FWJFW\nircmd.com
[FUND] Enthält Erkennungsmuster der Anwendung APPL/NirCmd.E.2.B
--> 32788R22FWJFW\NirCmdC.cfexe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/NirCmd.E.1.B
--> 32788R22FWJFW\psexec.cfexe
[1] Archivtyp: RSRC
--> Object
[FUND] Enthält Erkennungsmuster der Anwendung APPL/PsExec.E
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49758d74.qua' verschoben!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\WINDOWS\system32\drivers\sptd3229.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <Daten>


Ende des Suchlaufs: Mittwoch, 29. Oktober 2008 18:22
Benötigte Zeit: 1:11:50 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

10908 Verzeichnisse wurden überprüft
432383 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
4 Dateien konnten nicht durchsucht werden
432374 Dateien ohne Befall
8323 Archive wurden durchsucht
4 Warnungen
1 Hinweise

Rsit log.txt Teil 1:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Tim at 2008-10-29 17:01:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (32%) free of 80 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:35, on 29.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\22M WLAN\WLANMON.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\PrevxCSI\prevxcsi.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\PrevxCSI\prevxcsi.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Desktop\HiJackThis\Tim.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "d:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE2] "D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75F344F-97E1-4080-98B0-02C9016E8A63}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CSIScanner - Prevx - C:\Programme\PrevxCSI\prevxcsi.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

--
End of file - 10806 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"=sstray.exe /r []
"VOBID"=C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe [2003-03-31 147968]
"IW ControlCenter"=C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2003-03-12 836096]
"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe [2003-05-05 393728]
"Microsoft Works Update Detection"=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-24 28672]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"CloneCDTray"=d:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2004-12-09 57344]
"OpwareSE2"=D:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-06-23 4734976]
"nwiz"=nwiz.exe /install []
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-06-23 49152]
"NWEReboot"= []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-06-02 28160]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Programme\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"H/PC Connection Agent"=D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE [2003-04-23 417871]
"PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2007-06-08 23233576]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
22M WLAN-Adapter-Utility.lnk - C:\Programme\22M WLAN\WLANMON.exe
Adobe Reader - Schnellstart.lnk - D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BTTray.lnk - D:\Programme\DLink\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - D:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - D:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Startmenü\Programme\Autostart
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\Microsoft ActiveSync\WCESMGR.EXE"="D:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"="D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"D:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="D:\Programme\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"D:\Programme\FRITZ!DSL\FBOXUPD.EXE"="D:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"D:\Programme\eMule\emule.exe"="D:\Programme\eMule\emule.exe:*:Enabled:eMule"
"D:\Programme\eDonkey2000\edonkey2000.exe"="D:\Programme\eDonkey2000\edonkey2000.exe:*:Enabled:eDonkey2000 Application"
"C:\Dokumente und Einstellungen\Tim\Desktop\emule.exe"="C:\Dokumente und Einstellungen\Tim\Desktop\emule.exe:*:Enabled:eMule"
"L:\EMULE\EMULE\emule.exe"="L:\EMULE\EMULE\emule.exe:*:Enabled:eMule"
"C:\Programme\IncrediMail\bin\IncMail.exe"="C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\IMApp.exe"="C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Programme\IncrediMail\bin\ImpCnt.exe"="C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\emule0.47a-Xtreme5.1.1\emule.exe"="C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\emule0.47a-Xtreme5.1.1\emule.exe:*:Enabled:eMule"
"L:\emule\emule.exe"="L:\emule\emule.exe:*:Enabled:eMule"
"C:\Programme\IncrediMail\bin\IncrediMail_Install.exe"="C:\Programme\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe"="C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe"
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe"="C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*isabled:MSI starter"
"C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\Rar$EX00.703\Nero Burning ROM 7.2.3.2b Crack Patch Serial Keygen.exe"="C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Lokale Einstellungen\Temp\Rar$EX00.703\Nero Burning ROM 7.2.3.2b Crack Patch Serial Keygen.exe:*:Enabled:Nero Burning ROM 7.2.3.2b Crack Patch Serial Keygen"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"M:\emule\emule.exe"="M:\emule\emule.exe:*:Enabled:eMule"
"D:\Programme\Nutz\Navigon 3110\aktuelle Navigon Karten 11.07\Europa 2008 mit RV\CryptLoad_1.0.4\RouterClient.exe"="D:\Programme\Nutz\Navigon 3110\aktuelle Navigon Karten 11.07\Europa 2008 mit RV\CryptLoad_1.0.4\RouterClient.exe:*:Enabled:RouterClient"
"C:\Programme\Motorola\RSD Lite\SDL.exe"="C:\Programme\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost"
"C:\Programme\Shareaza\Shareaza.exe"="C:\Programme\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b207b0a-69a2-11db-9b64-000f3d0d6d27}]
shell\AutoRun\command - M:\preinst.exe

Rsit Log.txt Teil 2:




======List of files/folders created in the last 1 months======

2008-10-29 13:43:55 ----D---- C:\rsit
2008-10-29 13:35:40 ----D---- C:\Programme\Avira GmbH
2008-10-29 13:25:25 ----D---- C:\Programme\PrevxCSI
2008-10-29 13:25:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI
2008-10-29 09:54:57 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Malwarebytes
2008-10-29 09:54:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-10-29 09:54:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-10-28 15:23:59 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe
2008-10-28 14:20:00 ----D---- C:\VundoFix Backups
2008-10-28 14:20:00 ----A---- C:\VundoFix.txt
2008-10-27 13:56:14 ----D---- C:\Programme\ANTS
2008-10-26 12:01:23 ----ASH---- C:\WINDOWS\system32\knVGQqss.ini2
2008-10-26 12:01:23 ----ASH---- C:\WINDOWS\system32\knVGQqss.ini
2008-10-25 14:28:18 ----SH---- C:\WINDOWS\system32\cwotepri.ini
2008-10-25 14:18:44 ----ASH---- C:\WINDOWS\system32\FOrsAcdd.ini2
2008-10-25 14:18:44 ----ASH---- C:\WINDOWS\system32\FOrsAcdd.ini
2008-10-23 07:37:01 ----SH---- C:\WINDOWS\system32\rfrhjmsw.ini
2008-10-23 07:30:50 ----ASH---- C:\WINDOWS\system32\XxEdJkkj.ini2
2008-10-23 07:30:50 ----ASH---- C:\WINDOWS\system32\XxEdJkkj.ini
2008-10-22 19:55:42 ----SH---- C:\WINDOWS\system32\quaockfa.ini
2008-10-21 19:51:12 ----SH---- C:\WINDOWS\system32\oegdjdod.ini
2008-10-21 13:45:42 ----SH---- C:\WINDOWS\system32\xvgbukxq.ini
2008-10-21 13:45:10 ----A---- C:\WINDOWS\system32\6b44f76a-.txt
2008-10-21 13:44:32 ----ASH---- C:\WINDOWS\system32\tBbHPqru.ini2
2008-10-21 13:44:32 ----ASH---- C:\WINDOWS\system32\tBbHPqru.ini
2008-10-21 13:37:43 ----D---- C:\Programme\DVD Audio Extractor
2008-10-21 12:15:52 ----D---- C:\Programme\Free DVD MP3 Ripper
2008-10-17 15:13:14 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\GamesCafe
2008-10-15 19:51:42 ----D---- C:\Programme\ProjectX_0.90.4.00
2008-10-15 19:29:03 ----D---- C:\Programme\DVD2MP3
2008-10-15 11:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 11:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 11:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 11:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 11:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 11:00:48 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-15 10:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-15 10:57:31 ----A---- C:\WINDOWS\nilazolej.dll
2008-10-15 10:57:31 ----A---- C:\WINDOWS\ekurudupe.vbs
2008-10-15 10:57:31 ----A---- C:\WINDOWS\ahekucezum.exe
2008-10-15 10:57:31 ----A---- C:\Programme\Gemeinsame Dateien\duzyse.vbs
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\vuvydoxol.bat
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ikylaro.com
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dugigowi.vbs
2008-10-15 10:57:31 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\atuvyn.bat
2008-10-15 10:52:57 ----A---- C:\WINDOWS\fatif.exe
2008-10-15 10:52:56 ----A---- C:\WINDOWS\system32\hyxoxitif.bat
2008-10-15 10:52:56 ----A---- C:\WINDOWS\system32\hajeburad.com
2008-10-15 10:52:56 ----A---- C:\Programme\Gemeinsame Dateien\ycumura.dll
2008-10-15 10:49:37 ----D---- C:\Programme\srhmoxc
2008-10-15 10:49:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zedqtchi
2008-10-13 13:11:41 ----D---- C:\Programme\PixiePack Codec Pack
2008-10-13 13:06:04 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Tunebite
2008-10-13 13:06:04 ----A---- C:\Log.txt
2008-10-13 13:05:13 ----D---- C:\Programme\RapidSolution
2008-10-13 13:05:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution

======List of files/folders modified in the last 1 months======

2008-10-29 16:52:46 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Skype
2008-10-29 16:27:44 ----D---- C:\Programme\Mozilla Firefox
2008-10-29 16:25:35 ----D---- C:\WINDOWS\Temp
2008-10-29 16:23:15 ----A---- C:\WINDOWS\SCARDSRV.INI
2008-10-29 16:22:40 ----D---- C:\WINDOWS
2008-10-29 16:21:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 16:21:11 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\FRITZ!
2008-10-29 15:54:49 ----D---- C:\WINDOWS\Prefetch
2008-10-29 13:35:40 ----RD---- C:\Programme
2008-10-29 13:35:40 ----HD---- C:\Programme\InstallShield Installation Information
2008-10-29 13:25:26 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 13:23:51 ----D---- C:\Programme\Mozilla Thunderbird
2008-10-29 12:28:49 ----D---- C:\WINDOWS\system32
2008-10-29 12:21:29 ----D---- C:\WINDOWS\system
2008-10-29 11:45:27 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2008-10-29 11:45:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-10-29 09:07:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 23:31:25 ----D---- C:\FAUXVIRUS
2008-10-28 21:21:18 ----HD---- C:\WINDOWS\inf
2008-10-27 13:42:40 ----D---- C:\Dokumente und Einstellungen
2008-10-26 09:00:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 15:21:53 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-23 18:56:35 ----D---- C:\Programme\Shareaza
2008-10-21 20:23:07 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2008-10-21 15:53:12 ----D---- C:\WINDOWS\twain_32
2008-10-21 15:52:19 ----SHD---- C:\WINDOWS\Installer
2008-10-21 13:34:25 ----D---- C:\Temp
2008-10-18 10:16:11 ----D---- C:\Programme\BFG
2008-10-17 15:12:47 ----D---- C:\Dokumente und Einstellungen\Tim.NAME-KX1TEP98LF\Anwendungsdaten\Zylom
2008-10-17 15:12:34 ----D---- C:\Programme\Zylom Games
2008-10-15 11:02:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 11:02:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 11:02:07 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 10:57:32 ----D---- C:\Programme\Gemeinsame Dateien
2008-10-13 11:17:26 ----A---- C:\error.txt
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-17 75072]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 NETDSL;AVM PPP over Ethernet; C:\WINDOWS\system32\DRIVERS\netdsl.sys [2005-03-04 11264]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-04-16 21248]
R1 vobcom;vobcom; C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 9728]
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2003-04-10 187392]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-02 12032]
R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-23 278984]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-11-25 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-11-25 12032]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-04-17 18048]
R2 TwkPCSC;CHIPDRIVE PC/SC Drivers; C:\WINDOWS\system32\drivers\TwkPCSC.sys [2000-10-20 11612]
R2 U3sHlpDr;U3sHlpDr; \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys []
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2002-04-17 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys [2003-08-14 21861]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-08-14 146812]
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2002-12-13 64000]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-06-02 25856]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-06-02 68864]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2002-04-21 210128]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-04-09 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-02 5888]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-04-21 521872]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2002-04-21 39348]
R3 Tetris;Tetris driver; C:\WINDOWS\System32\Drivers\Tetris.sys [2005-11-27 48928]
R3 TIACXLN;22M WLAN Adapter; C:\WINDOWS\System32\DRIVERS\tiacxln.sys [2003-06-06 155648]
R3 TWKPNP;CHIPDRIVE Plug and Play driver; C:\WINDOWS\System32\DRIVERS\TWKPNP.SYS [2000-10-20 5550]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\amdtools.sys []
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 AMDPCI;AMDPCI; \??\C:\DOKUME~1\Tim\LOKALE~1\Temp\AMDPCI.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AVMUNET;AVM FRITZ!Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-02-22 15104]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-08-14 30235]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-08-14 51848]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cdiskdun;cdiskdun; \??\C:\DOKUME~1\Tim\LOKALE~1\Temp\cdiskdun.sys []
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-06-02 13440]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-06-02 55040]
S3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys []
S3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 17792]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-04-21 1295336]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETFWDSL;AVM FRITZ!web DSL PPP; C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [2005-03-04 361472]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2002-04-21 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2002-04-21 85520]
S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-05-17 22768]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 utizmzmx;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utizmzmx.sys []
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-09-19 223128]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-02-23 31273]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 AVM IGD CTRL Service;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-03-04 118784]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe [2003-08-14 135168]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 CSIScanner;CSIScanner; C:\Programme\PrevxCSI\prevxcsi.exe [2008-10-29 880696]
R2 LVCOMSer;LVCOMSer; C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NMSAccess;NMSAccess; D:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe [2003-05-14 45056]
R2 TWKSCARDSRV;CHIPDRIVE SCARD Service; C:\WINDOWS\SCARDS32.EXE [2000-10-20 265216]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-06-23 73728]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2002-04-21 45056]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-03-04 315392]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-07-25 208896]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

-----------------EOF-----------------