Virus, den ich nicht finde.

crippcid · 19.11.2009, 18:48

Ja.. ich hab heut, seitdem ich den PC anhab, i-wie schon fast im 20Mins.-Tackt einen Virus. Ich hab einfach mal ein Bildchen davon gemacht:

Wie bekomm ich den weg? Ich klick mich dann immer durch den Defender, aber das Ding erscheint immer wieder.

Danke im voraus

crippcid · 19.11.2009, 18:56

aso.. Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:03, on 19.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\PingChanGeR\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo793] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S65EF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\PingChanGeR\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c1fd32f2323559bc3&browserVersion=7.0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7076 bytes

Angel21 · 19.11.2009, 19:32

Hallo, na alles klar?

Ich nehme mich dir an, da wir ja schonmal die Gesellschaft miteinander hatten

So.....letz fetz the trojan

1. Starte Malwarebytes, inem du das Setup mit Rechtsklick -> Ziel speichern untr....-> Setup zu blubb.com umbenennst spoeicherst. Danach öffne das Setup, installiere dir Malwarebytes und lass es einen Vollständigen Systemscan durchziehen.

2. Starte die GMER Rootkit Suche. Folge dem blau unterlegten Link und starte GMER so, wie es in der Anleitung hierzu steht.

3. Starte einen Vollständigen Systemscan mit Avira in diesen folgenden Einstellungen: http://www.trojaner-board.de/54192-a...tellungen.html und lass es durchscannen.

Nundenn:
1. Malwarebytes Log
2. Gmer Log
3. Avira Log

Alles gefunde entfernen.....

crippcid · 19.11.2009, 19:39

ah hey Angel

Dann mach ich das mal eben

crippcid · 19.11.2009, 21:25

So.. bei mir is alles klar^^ Wie geht es denn dir?
Hier deine Logs:

Malware:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6002 Service Pack 2

19.11.2009 20:38:56
mbam-log-2009-11-19 (20-38-56).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 244182
Laufzeit: 54 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden

GMER:
GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-19 21:18:57
Windows 6.0.6002 Service Pack 2
Running: d9rj7u4b.exe; Driver: C:\Users\PINGCH~1\AppData\Local\Temp\fxlyiaob.sys

---- System - GMER 1.0.15 ----

SSDT 97A4147C ZwCreateThread
SSDT 97A41468 ZwOpenProcess
SSDT 97A4146D ZwOpenThread
SSDT 97A41477 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 81CAC964 4 Bytes [7C, 14, A4, 97] {JL 0x16; MOVSB ; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3F1 81CACB34 4 Bytes [68, 14, A4, 97]
.text ntkrnlpa.exe!KeSetEvent + 40D 81CACB50 4 Bytes [6D, 14, A4, 97] {INSD ; ADC AL, 0xa4; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 621 81CACD64 4 Bytes [77, 14, A4, 97] {JA 0x16; MOVSB ; XCHG EDI, EAX}

---- Devices - GMER 1.0.15 ----

Device \Driver\ViPrt \Device\Ide\ViaIdePort0 [805BC80C] \SystemRoot\system32\DRIVERS\ViPrt.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\ViPrt \Device\Ide\ViaIdePort1 [805BC80C] \SystemRoot\system32\DRIVERS\ViPrt.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\ViPrt.sys suspicious modification

---- EOF - GMER 1.0.15 ----

AntiVir:
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 309507
Anzahl Verzeichnisse: 20774
Anzahl Malware: 0
Anzahl Fehler: 2

Angel21 · 20.11.2009, 14:22

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread

crippcid · 20.11.2009, 16:45

OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 20.11.2009 16:28:55 - Run 1
OTL by OldTimer - Version 3.1.6.0     Folder = C:\Users\PingChanGeR\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,07% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 103,94 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 106,36 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PINGCHANGER-PC
Current User Name: PingChanGeR
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2009.11.20 16:27:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\PingChanGeR\Downloads\OTL.exe
PRC - [2009.11.06 21:38:32 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\PingChanGeR\Program Files\DNA\btdna.exe
PRC - [2009.11.06 05:33:05 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.30 14:33:46 | 00,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 14:31:24 | 01,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.08.24 15:51:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.10 22:27:40 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009.04.10 22:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 12:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.08.01 05:45:28 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008.08.01 05:45:28 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008.01.18 22:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.18 22:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.18 22:33:16 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007.09.07 14:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007.07.17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007.07.17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007.05.07 14:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007.03.01 05:01:00 | 00,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2006.12.08 09:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006.11.02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2009.11.20 16:27:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\PingChanGeR\Downloads\OTL.exe
MOD - [2009.04.10 22:21:40 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.11.04 16:59:18 | 00,435,016 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.02 22:12:28 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.10.30 14:31:24 | 01,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 14:27:34 | 00,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.24 15:51:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.29 20:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 10:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009.02.18 10:38:44 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009.02.18 10:38:44 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.08.01 05:45:28 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008.01.18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007.02.26 18:16:22 | 00,267,824 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006.12.14 16:00:00 | 00,544,768 | ---- | M] (Magix AG) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.12.08 09:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.11.02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005.11.17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: seetooaddon@seetoo.com:1.2
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.17 12:51:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.06 05:33:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.06 05:33:07 | 00,000,000 | ---D | M]
 
[2009.09.15 18:38:16 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Extensions
[2009.09.15 18:38:16 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.19 17:28:45 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions
[2009.09.21 14:39:11 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.17 16:54:51 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2009.11.04 18:09:15 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.25 15:42:49 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\anycolor.pavlos256@gmail.com
[2009.09.17 15:05:21 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\seetooaddon@seetoo.com
[2009.09.21 14:39:17 | 00,001,201 | ---- | M] () -- C:\Users\PingChanGeR\AppData\Roaming\Mozilla\FireFox\Profiles\gsd41ghb.default\searchplugins\winamp-search.xml
[2009.11.09 18:12:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.04 18:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.11.06 05:33:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.15 19:16:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.09.30 13:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.09 18:12:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.11.06 05:33:05 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.11.06 05:33:05 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.13 22:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007.04.10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.10.11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.13 22:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009.05.27 03:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.11.06 05:33:05 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009.05.13 22:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cm106Sound]  File not found
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [recinfo793] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\PingChanGeR\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c1fd32f2323559bc3&browserVersion=7.0 (SeeTooControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.09.16 13:25:43 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
OTL cannot create restorepoints on Vista OSs!

Virus, den ich nicht finde.

Plagegeister aller Art und deren Bekämpfung: Virus, den ich nicht finde.