|
Plagegeister aller Art und deren Bekämpfung: durch maleware defense/security altert nur noch PC-probsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.01.2010, 12:00 | #1 |
| durch maleware defense/security altert nur noch PC-probs hallo zusammen vor einigen tagen habe ich mir auch diesen security altert / maleware defense eingefangen und ich bin hier echt nur noch am verzweifeln! erstmal hat sich mein avira verabschiedet, internet explorer ist auch weg und meinen brenner erkennt er auch nicht mehr. dann konnte ich noch nicht mal malewarebytes anti-maleware installieren und drüber laufen lassen. ständig alle paar sekunden pop-up's bis zum abwinken... nach langem hin und her und vielem googlen hab ich nun gestern abend einfach eine systemwiederherstellung gemacht und nun ist dieser mist endlich weg aus meiner taskleiste. es lies sich endlich löschen, aber weder avira, noch avg, lassen sich öffnen! einfach gar nichts funzt... grrrrrr ich habe dann auch gleich den CCleaner drüberlaufen lassen, malewarebytes installiert und scannen lassen. es wurden auch gleich 17 dateien/verzeichnisse gefunden: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3523 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 09.01.2010 08:52:29 mbam-log-2010-01-09 (08-52-29).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 174046 Laufzeit: 54 minute(s), 19 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 15 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Programme\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Temp\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\ST\Lokale Einstellungen\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Programme\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Programme\Malware Defense\mdext.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTktetirpiem.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTwcyrjcqovy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTxdpimthoss.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\H8SRTxxrlxbfpyl.sys (Malware.Packer) -> Quarantined and deleted successfully. C:\Programme\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Programme\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTrsbspucbxu.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\H8SRT6215.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. danach dann RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by ST at 2010-01-09 11:10:52 Microsoft Windows XP Home Edition Service Pack 1 System drive C: has 52 GB (68%) free of 76 GB Total RAM: 446 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:03, on 09.01.2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lexmark 3400 Series\lxcymon.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\lxcycoms.exe C:\Dokumente und Einstellungen\ST\Eigene Dateien\downloads\RSIT.exe C:\Programme\trend micro\sunshine.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.icq.com/people/about_me.php?uin=277035168 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [lxcymon.exe] "C:\Programme\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ladestiny08.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Unknown owner - C:\Programme\Avira\AntiVir Desktop\sched.exe (file missing) O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Programme\Avira\AntiVir Desktop\avguard.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Messenger USN Journal Reader-Service für freigegebene Ordner (usnjsvc) - Unknown owner - C:\Programme\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing) -- End of file - 6571 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}] SWEETIE Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 845852] {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - [] {EF99BD32-C1FB-11D2-892F-0090271D4F88} {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "lxcymon.exe"=C:\Programme\Lexmark 3400 Series\lxcymon.exe [2006-03-06 286720] "LXCYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 [] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-10 20480] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-03-10 270336] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe /min [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-01-09 11:10:54 ----D---- C:\Programme\trend micro 2010-01-09 11:10:52 ----D---- C:\rsit 2010-01-09 01:30:59 ----D---- C:\Dokumente und Einstellungen\sunshine\Anwendungsdaten\Malwarebytes 2010-01-09 01:14:51 ----D---- C:\Programme\Spybot - Search & Destroy 2010-01-09 01:14:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-01-09 00:51:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion 2010-01-09 00:51:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2010-01-09 00:50:53 ----D---- C:\Config.Msi 2010-01-09 00:50:51 ----D---- C:\Programme\Avira 2010-01-09 00:50:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-01-08 21:04:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-04 18:05:58 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-04 17:31:34 ----D---- C:\Programme\CCleaner ======List of files/folders modified in the last 1 months====== 2010-01-09 11:10:54 ----RD---- C:\Programme 2010-01-09 11:08:37 ----D---- C:\Programme\Mozilla Thunderbird 2010-01-09 11:07:35 ----D---- C:\Dokumente und Einstellungen\ST\Anwendungsdaten\.purple 2010-01-09 09:56:24 ----D---- C:\Programme\Mozilla Firefox 2010-01-09 09:54:33 ----D---- C:\WINDOWS 2010-01-09 09:54:30 ----D---- C:\WINDOWS\Temp 2010-01-09 09:54:26 ----D---- C:\WINDOWS\Debug 2010-01-09 09:53:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-09 09:52:22 ----D---- C:\WINDOWS\WinSxS 2010-01-09 09:52:18 ----SHD---- C:\WINDOWS\Installer 2010-01-09 09:32:01 ----SD---- C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft 2010-01-09 09:32:00 ----D---- C:\WINDOWS\System32\drivers 2010-01-09 09:32:00 ----D---- C:\WINDOWS\system32 2010-01-09 09:14:08 ----D---- C:\WINDOWS\Prefetch 2010-01-09 00:54:14 ----D---- C:\Programme\lx_cats 2010-01-09 00:52:16 ----D---- C:\WINDOWS\System32\config 2010-01-09 00:52:04 ----D---- C:\WINDOWS\System32\wbem 2010-01-09 00:52:04 ----D---- C:\WINDOWS\Registration 2010-01-09 00:51:03 ----D---- C:\Programme\QuickTime 2010-01-09 00:50:31 ----D---- C:\WINDOWS\System32\Restore 2010-01-08 23:47:27 ----RSD---- C:\WINDOWS\Fonts 2010-01-08 23:43:21 ----D---- C:\WINDOWS\Minidump 2010-01-08 21:09:45 ----A---- C:\WINDOWS\Iedit_.INI 2010-01-07 11:19:08 ----D---- C:\WINDOWS\System32\CatRoot2 2010-01-07 10:59:34 ----D---- C:\Programme\Yahoo! 2010-01-07 10:51:03 ----D---- C:\Programme\dm-DIGI-Foto 2010-01-07 10:50:38 ----D---- C:\Programme\Tivola 2010-01-07 10:49:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! 2010-01-07 10:47:32 ----D---- C:\Programme\Soulseek 2010-01-04 10:38:14 ----HD---- C:\WINDOWS\inf 2010-01-04 10:38:14 ----D---- C:\WINDOWS\PCHealth 2010-01-04 10:38:14 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-01-03 18:34:27 ----D---- C:\Programme\Trillian 2010-01-03 12:19:22 ----D---- C:\Dokumente und Einstellungen\ST\Anwendungsdaten\gtk-2.0 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-08-18 14080] R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys [] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 S3GIGP;S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [2006-05-22 808448] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] S1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [] S1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [] S3 lgmcbus;LGE Mobile driver (WDM); C:\WINDOWS\System32\DRIVERS\lgmcbus.sys [] S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys [] S3 lgmcmdm;LGE Mobile USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys [] S3 lgmcobex;LGE Mobile USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\lgmcobex.sys [] S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM); C:\WINDOWS\System32\DRIVERS\lgmcunic.sys [] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\System32\DRIVERS\motmodem.sys [2007-02-27 21504] S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112] S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys [] S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [] S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2007-03-26 10252544] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192] S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys [2007-12-27 25600] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 Wdf01000;Wdf01000; C:\WINDOWS\System32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] R3 lxcy_device;lxcy_device; C:\WINDOWS\System32\lxcycoms.exe [2006-02-20 495616] S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [] S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [] S2 YahooAUService;Yahoo! Updater; C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe [] S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-09-07 118272] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [] S4 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [] -----------------EOF----------------- und: info.txt logfile of random's system information tool 1.06 2010-01-09 11:11:05 ======Uninstall list====== -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Reader 8.1.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003} Adobe Shockwave Player 11-->C:\WINDOWS\System32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log AquaSoft DiaShow 6 for YouTube-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{FC77E89A-74BE-42E9-8D68-73BDC1051C89}\Setup.exe" REMOVE=TRUE MODIFY=FALSE AquaSoft DiaShow 6 for YouTube-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{FC77E89A-74BE-42E9-8D68-73BDC1051C89}\Setup.exe Ask Toolbar-->"C:\Programme\AskBarDis\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner-->"C:\Programme\CCleaner\uninst.exe" FireTune-->C:\WINDOWS\iun6002.exe "C:\Programme\FireTune\irunin.ini" Flatcast 5.0-->C:\WINDOWS\unins000.exe GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Imikimi Plugin-->"C:\Programme\Imikimi\uninstall.exe" InstallRTC-->MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Lexmark 3400 Series-->C:\Programme\Lexmark 3400 Series\Install\x86\Uninst.exe Lexmark Fax-Lösungen-->C:\Programme\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Text To Speech Engine-->MsiExec.exe /X{647B6F8B-645C-4992-99D8-49202C689C05} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.0.15)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.23)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031} Nero Reloaded PlugIn Pack 2.0.4 by GEAR-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F3D7915D-6B42-49FA-9FC8-5020479A6A57}\setup.exe" -l0x7 -removeonly neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585} Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76} PhotoFiltre-->"C:\Programme\PhotoFiltre\Uninst.exe" Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe" Pidgin-->C:\Programme\Pidgin\pidgin-uninst.exe QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver-->RtlUpd.exe -r -m SweetIM For Internet Explorer 3.0b-->MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481} Trillian-->C:\Programme\Trillian\Trillian.exe /uninstall Trust Webcam 15082-02-->C:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926} Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x9 Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" VIA Platform Device Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA/S3G Display Driver 6.14.10.0054-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C} Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll xp-AntiSpy 3.96-2-->C:\Programme\xp-AntiSpy\Uninstall.exe Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Mail-->C:\WINDOWS\System32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll ZipGenius 6 (6.0.3.1130)-->"C:\Programme\ZipGenius 6\unins000.exe" ======System event log====== Computer Name: ST Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Netzwerkverbindungen" gesendet. Record Number: 5 Source Name: Service Control Manager Time Written: 20100109004233.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: ST Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet. Record Number: 4 Source Name: Service Control Manager Time Written: 20100109004233.000000+060 Event Type: Informationen User: MAFFY\sunshine Computer Name: ST Event Code: 7036 Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt". Record Number: 3 Source Name: Service Control Manager Time Written: 20100109004233.000000+060 Event Type: Informationen User: Computer Name: ST Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 2 Source Name: EventLog Time Written: 20100109004046.000000+060 Event Type: Informationen User: Computer Name: ST Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 1 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20100109004046.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: ST Event Code: 1015 Message: Das Zeitlimit für die Zusammenstellung der Leistungsdaten "PerfProc" in der Bibliothek "C:\WINDOWS\system32\perfproc.dll" ist abgelaufen. Möglicherweise ist mit dem erweiterbaren Leistungsindikator oder dem Dienst, mit dem die Daten zusammengestellt werden, ein Problem aufgetreten. Record Number: 4548 Source Name: Perflib Time Written: 20090813075021.000000+120 Event Type: Fehler User: Computer Name: ST Event Code: 4096 Message: Record Number: 4547 Source Name: Avira AntiVir Time Written: 20090813075010.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: MAFFY Event Code: 0 Message: Record Number: 4546 Source Name: YahooAUService Time Written: 20090813074959.000000+120 Event Type: Informationen User: Computer Name: ST Event Code: 0 Message: Record Number: 4545 Source Name: ICQ Service Time Written: 20090813074956.000000+120 Event Type: Informationen User: Computer Name: ST Event Code: 1015 Message: Das Zeitlimit für die Zusammenstellung der Leistungsdaten "PerfProc" in der Bibliothek "C:\WINDOWS\System32\perfproc.dll" ist abgelaufen. Möglicherweise ist mit dem erweiterbaren Leistungsindikator oder dem Dienst, mit dem die Daten zusammengestellt werden, ein Problem aufgetreten. Record Number: 4544 Source Name: Perflib Time Written: 20090812215705.000000+120 Event Type: Fehler User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ZipGenius 6\;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip -----------------EOF----------------- wie gesagt kein virenprogramm lässt sich öffnen und ich kann mir auch nicht vorstellen dass allein durch systemwiederherstellung und in quarantäne verschieben von den versuchten sachen damit alles getan ist wäre nett, wenn mir jemand weiterhelfen könnte! LG, SiltenTears |
09.01.2010, 16:25 | #3 |
| durch maleware defense/security altert nur noch PC-probs würd ich ja gerne alles machen... nur komm ich bei punkt 4 nicht weiter, wo die logdatei gespeichert werden sollte geht ein fesnter auf mit dem hinweis, dass in laufwerk D kein datenträger drinne sei.... ?!
__________________ |
09.01.2010, 16:56 | #4 | |
/// AVZ-Toolkit Guru | durch maleware defense/security altert nur noch PC-probsZitat:
AVZ speichert die log Datei automatisch nachdem du das Skript ausgeführt hast. Da musst du nichts manuell speichern.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
09.01.2010, 18:03 | #5 |
| durch maleware defense/security altert nur noch PC-probs urgs sorry war mein fehler, malewarebytes war noch im hintergrund also hat nun alles geklappt. hier sind die logs : virusinfo_syscure: <?xml version="1.0" encoding="windows-1251" ?> - <!-- AVZ XML Report --> - <AVZ Version="4.32" LogDate="09.01.2010 17:13:37" WinDir="C:\WINDOWS\" ProfileDir="C:\Dokumente und Einstellungen\sunshine" IsWow64="False" CompHash="CD29D62FE35C76AF2B2EE35877472BDB"> - <PROCESS> <ITEM PID="1708" File="c:\windows\fixcamera.exe" CheckResult="-1" Descr="CameraFixer MFC Application" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\FixCamera.exe@quot;" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" /> <ITEM PID="1412" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="0" CmdLine="C:\WINDOWS\system32\spoolsv.exe" Size="51200" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="9B627E6DA0EA47A3A664F69D954831D7" /> <ITEM PID="1724" File="c:\windows\tsnpstd3.exe" CheckResult="-1" Descr="tsnp2std Microsoft" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\tsnpstd3.exe@quot;" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" /> <ITEM PID="624" File="c:\windows\system32\winlogon.exe" CheckResult="-1" Descr="Windows NT-Anmeldung" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Hidden="0" CmdLine="winlogon.exe" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" /> </PROCESS> - <DLL> <ITEM File="C:\WINDOWS\system32\LXPRMON.DLL" CheckResult="-1" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" /> <ITEM File="C:\Programme\Lexmark Fax Solutions\FxCtrStr.dll" CheckResult="-1" Descr="Lexmark Fax Solutions Software" LegalCopyright="Copyright (C) 2004" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:24:56" MD5="D0085928913EDB25FA306523A14F9A16" /> <ITEM File="C:\Programme\Lexmark Fax Solutions\ipcmt.dll" CheckResult="-1" Descr="IPC Core Dll" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="32768" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:10:20" MD5="547817BB4455FB4FB293369728B500F4" /> <ITEM File="C:\WINDOWS\system32\LXPMONRC.DLL" CheckResult="-1" Descr="Lexmark Druckmonitorressourcen-DLL" LegalCopyright="Copyright (c) 2003" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:15" ChageDate="02.02.2006 09:27:08" MD5="8DA2E02490E23F6D2FE58B3A1FB96008" /> </DLL> - <KERNELOBJ> <ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F4788000" MemSize="016000" Descr="" LegalCopyright="" /> <ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7A7B000" MemSize="002000" Descr="" LegalCopyright="" /> </KERNELOBJ> - <Service> <ITEM File="C:\Programme\Avira\AntiVir Desktop\sched.exe" Name="AntiVirSchedulerService" CheckResult="-1" Type="272" State="1" /> <ITEM File="C:\Programme\Avira\AntiVir Desktop\avguard.exe" Name="AntiVirService" CheckResult="-1" Type="272" State="1" /> <ITEM File="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" Name="NMIndexingService" CheckResult="-1" Type="16" State="1" /> <ITEM File="C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe" Name="TUWinStylerThemeSvc" CheckResult="-1" Type="16" State="1" Size="118272" Attr="rsAh" CreateDate="07.09.2005 23:39:02" ChageDate="07.09.2005 23:39:02" MD5="BBFAC182BB522D83857CDDEF7ACF80F6" /> <ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" Name="usnjsvc" CheckResult="-1" Type="16" State="1" /> </Service> - <Drivers> <ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" /> <ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" /> <ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" /> <ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" /> <ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" Name="avgntdd" CheckResult="-1" Type="2" State="1" /> <ITEM File="C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys" Name="avgntmgr" CheckResult="-1" Type="2" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\avipbb.sys" Name="avipbb" CheckResult="-1" Type="1" State="1" /> <ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" /> <ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" /> <ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" /> <ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\INSTALL\GMSIPCI.SYS" Name="GMSIPCI" CheckResult="-1" Type="1" State="1" /> <ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\drivers\InCDFs.sys" Name="InCDFs" CheckResult="-1" Type="2" State="1" /> <ITEM File="C:\WINDOWS\System32\drivers\InCDPass.sys" Name="InCDPass" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\drivers\InCDRm.sys" Name="InCDRm" CheckResult="-1" Type="1" State="1" /> <ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" /> <ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\Drivers\KMWDFilter.SYS" Name="KMWDFilter" CheckResult="-1" Type="1" State="1" Size="17024" Attr="rsAh" CreateDate="16.06.2009 09:43:42" ChageDate="22.03.2008 10:31:58" MD5="72C55C745D804D62162144EBFD6390B8" /> <ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcbus.sys" Name="lgmcbus" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys" Name="lgmcmdfl" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys" Name="lgmcmdm" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcobex.sys" Name="lgmcobex" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcunic.sys" Name="lgmcunic" CheckResult="-1" Type="1" State="1" /> <ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\install4\MSICPL.sys" Name="MSICPL" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\NTACCESS.sys" Name="NTACCESS" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\PAC7302.SYS" Name="PAC7302" CheckResult="-1" Type="1" State="1" /> <ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" /> <ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\NTGLM7X.sys" Name="SetupNTGLM7X" CheckResult="-1" Type="1" State="1" /> <ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" /> <ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\ssmdrv.sys" Name="ssmdrv" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" /> <ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" /> </Drivers> - <AUTORUN> <ITEM File="C:\PROGRA~1\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir PersonalEdition Classic Konfiguration" /> <ITEM File="C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir Personal - Free Antivirus" /> <ITEM File="C:\Programme\AntiVir PersonalEdition Classic\guardevt.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir" X3="EventMessageFile" /> <ITEM File="C:\Programme\Avira\AntiVir Desktop\avevtrc.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir" X3="EventMessageFile" /> <ITEM File="C:\Programme\Lexmark 3400 Series\ezprint.exe" CheckResult="-1" Enabled="0" Type="REG" Size="98304" Attr="rsAh" CreateDate="05.05.2007 11:50:54" ChageDate="07.02.2006 06:10:34" MD5="E9E3F46F206051ABA1B62D2411B11074" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="EzPrint" /> <ITEM File="C:\Programme\Lexmark 3400 Series\lxcymon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="286720" Attr="rsAh" CreateDate="05.05.2007 11:50:50" ChageDate="06.03.2006 18:48:46" MD5="9C31E3254F24AD2F67A10998D1AACB7D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="lxcymon.exe" /> <ITEM File="C:\Programme\Lexmark Fax Solutions\fm3032.exe" CheckResult="-1" Enabled="0" Type="REG" Size="290816" Attr="rsAh" CreateDate="05.05.2007 11:51:08" ChageDate="02.02.2006 09:11:28" MD5="FDB5E5F9A11BC40816CAB7C3ED184BBE" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="FaxCenterServer" /> <ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\usnjsvc" X3="EventMessageFile" /> <ITEM File="C:\Programme\Real\RealPlayer\realplay.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="204845" Attr="rsAh" CreateDate="30.01.2007 23:00:30" ChageDate="30.01.2007 23:00:30" MD5="10D18B67EA4700497C39B8A87CAA170F" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk" X3="" /> <ITEM File="C:\Programme\ZipGenius 6\cutter\cutter.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="657408" Attr="rsAh" CreateDate="03.03.2007 17:37:02" ChageDate="02.03.2005 18:05:36" MD5="15F6EE7E0F7E9A54AE13BF541AC7833A" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Cutter 4.lnk" X3="" /> <ITEM File="C:\Programme\ZipGenius 6\zipgenius.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="5910528" Attr="rsAh" CreateDate="03.03.2007 17:36:56" ChageDate="19.10.2006 16:18:50" MD5="90F3781CE4AF20F868F88D60FC185827" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk" X3="" /> <ITEM File="C:\WINDOWS\FixCamera.exe" CheckResult="-1" Enabled="1" Type="REG" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="FixCamera" /> <ITEM File="C:\WINDOWS\Installer\{5B09BD67-4C99-46A1-8161-B7208CE18121}\QTPlayer.ico" CheckResult="-1" Enabled="1" Type="LNK" Size="22486" Attr="RsAh" CreateDate="10.01.2008 18:12:20" ChageDate="10.01.2008 18:12:20" MD5="BE32B7F123578321A616C42C2BF2432D" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk" X3="" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntdd" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" /> <ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\appmgr.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ntbackup.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\asr_fmt.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR format utility for volumes" /> <ITEM File="C:\WINDOWS\system32\asr_ldm.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR utility for Logical Disk Manager" /> <ITEM File="C:\WINDOWS\system32\asr_pfu.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR protected file utility" /> <ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" /> <ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\tsnpstd3.exe" CheckResult="-1" Enabled="1" Type="REG" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="tsnpstd3" /> <ITEM File="SDEvents.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search @amp; Destroy 2" X3="EventMessageFile" /> <ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" /> <ITEM File="kbd101.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver JPN" /> <ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-19\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_CURRENT_USER" X2="Control Panel\IOProcs" X3="MVB" /> <ITEM File="sirenacm.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X3="msacm.siren" /> <ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" /> <ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" /> <ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" /> </AUTORUN> - <BHO> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}" Descr="" LegalCopyright="" /> <ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{201f27d4-3704-41d6-89c1-aa35e39143ed}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7E853D72-626A-48EC-A868-BA8D5E23E045}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" /> <ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{3041d03e-fd4b-44e0-b742-2d9b88305f98}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" /> <ITEM File="C:\Programme\ICQLite\ICQLite.exe" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{B863453A-26C3-4e1f-A54D-A2CD196348E9}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" /> </BHO> - <ExplorerExt> <ITEM File="deskpan.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="CPL-Erweiterung fьr Anzeigeverschiebung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shellerweiterungen fьr die Dateikomprimierung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Kontextmenь fьr die Verschlьsselung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Taskleiste und Startmenь" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Benutzerkonten" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shell Extension for Malware scanning" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ICQ Lite Shell Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{73B24247-042E-4EF5-ADC2-42F62E6FD654}" Descr="" LegalCopyright="" /> <ITEM File="C:\PROGRA~1\ZIPGEN~1\zgtips.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Zip InfoTip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" Descr="Infotips shell extension for ZipGenius" LegalCopyright="Copyright ©1998-2004 M.Dev Software" Size="936960" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:05:50" MD5="F38EA1C2082C0FB030F60DF1C792D146" /> <ITEM File="C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Drop handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{310A0C95-EA11-42AE-A8E4-53E69E650310}" Descr="ZG Drop Handler" LegalCopyright="" Size="543744" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:03:50" MD5="29E36098B937C75AFAD62D800C3F6D39" /> <ITEM File="C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius DnD Extract handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FE8D01BF-610A-4261-9C6E-32D65A42C907}" Descr="Drag and drop dll" LegalCopyright="©1998, 2003 M.Dev Software" Size="700416" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:04:38" MD5="A0CC122D3690FA7912B46D7FFE3FE94F" /> <ITEM File="@quot;C:\Programme\TuneUp Utilities 2006\sdshelex.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="TuneUp Shredder Shell Context Menu Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="AlcoholShellEx" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{32020A01-506E-484D-A2A8-BE3CF17601C3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Messenger Sharing Folders" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Yahoo! Mail" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5464D816-CF16-4784-B9F3-75C0DB52B499}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Column Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Infotip Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Property Sheet Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{63542C48-9552-494A-84F7-73AA6A7C99C1}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Thumbnail Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3B092F0C-7696-40E3-A80F-68D74DA84210}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" /> </ExplorerExt> - <PrintEXT> <ITEM File="C:\WINDOWS\System32\LXPRMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" /> </PrintEXT> - <TaskScheduler> <ITEM File="C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe" CheckResult="-1" Enabled="29518112" Descr="TuneUp System Optimizer" LegalCopyright="© 1996-2004 TuneUp Software GmbH" Size="388608" Attr="rsAh" CreateDate="07.09.2005 23:38:58" ChageDate="07.09.2005 23:38:58" MD5="6CE0E19803480A2B6318C65B5A172BA0" /> </TaskScheduler> - <SPI> <ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="TCP/IP" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="14848" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="81696D115F602EDDD8B950D5F1DA9FE4" /> <ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="NLA-Namespace" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" /> <ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] SEQPACKET 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] DATAGRAM 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> </SPI> - <DPF> <ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="DirectAnimation Java Classes" CodeBase="file://C:\WINDOWS\Java\classes\dajava.cab" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="Microsoft XML Parser for Java" CodeBase="file://C:\WINDOWS\Java\classes\xmldso.cab" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{33564D57-0000-0010-8000-00AA00389B71}" CodeBase="http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB" Descr="" LegalCopyright="" /> <ITEM File="C:\PROGRA~1\Imikimi\IMIKIM~1.1\IMIKIM~1.OCX" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{D71F9A27-723E-4B8B-B428-B725E47CBA3E}" CodeBase="http://imikimi.com/download/imikimi_plugin_0.5.1.cab" Descr="Imikimi Plugin" LegalCopyright="Copyright (C) 2007" Size="73728" Attr="rsAh" CreateDate="16.01.2008 18:10:38" ChageDate="16.01.2008 18:10:38" MD5="EB624C70CE18C267F016ED0208789571" /> </DPF> <CPL /> <ActiveSetup /> - <HOSTS> <ITEM Line="127.0.0.1 localhost" /> </HOSTS> <SuspFiles /> - <RK_KM> <ITEM File="" FNaim="" FIndx="339" HookPtr="8060F675" HookType="3" /> <ITEM File="" FNaim="" FIndx="366" HookPtr="8060F675" HookType="3" /> <ITEM File="" FNaim="" FIndx="373" HookPtr="8060F675" HookType="3" /> <ITEM File="" FNaim="" FIndx="538" HookPtr="8060F675" HookType="3" /> </RK_KM> - <WIZARD-TSW> <ITEM ID="19" Level="2" Fixed="0" /> <ITEM ID="51" Level="2" Fixed="0" /> <ITEM ID="58" Level="3" Fixed="0" /> <ITEM ID="59" Level="3" Fixed="0" /> <ITEM ID="61" Level="2" Fixed="0" /> </WIZARD-TSW> </AVZ> |
09.01.2010, 18:03 | #6 |
| durch maleware defense/security altert nur noch PC-probs und infovirus_syscheck: <?xml version="1.0" encoding="windows-1251" ?> - <!-- AVZ XML Report --> - <AVZ Version="4.32" LogDate="09.01.2010 17:13:37" WinDir="C:\WINDOWS\" ProfileDir="C:\Dokumente und Einstellungen\sunshine" IsWow64="False" CompHash="CD29D62FE35C76AF2B2EE35877472BDB"> - <PROCESS> <ITEM PID="1708" File="c:\windows\fixcamera.exe" CheckResult="-1" Descr="CameraFixer MFC Application" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\FixCamera.exe@quot;" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" /> <ITEM PID="1412" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="0" CmdLine="C:\WINDOWS\system32\spoolsv.exe" Size="51200" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="9B627E6DA0EA47A3A664F69D954831D7" /> <ITEM PID="1724" File="c:\windows\tsnpstd3.exe" CheckResult="-1" Descr="tsnp2std Microsoft" LegalCopyright="Copyright (C) 2005" Hidden="0" CmdLine="@quot;C:\WINDOWS\tsnpstd3.exe@quot;" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" /> <ITEM PID="624" File="c:\windows\system32\winlogon.exe" CheckResult="-1" Descr="Windows NT-Anmeldung" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Hidden="0" CmdLine="winlogon.exe" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" /> </PROCESS> - <DLL> <ITEM File="C:\WINDOWS\system32\LXPRMON.DLL" CheckResult="-1" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" /> <ITEM File="C:\Programme\Lexmark Fax Solutions\FxCtrStr.dll" CheckResult="-1" Descr="Lexmark Fax Solutions Software" LegalCopyright="Copyright (C) 2004" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:24:56" MD5="D0085928913EDB25FA306523A14F9A16" /> <ITEM File="C:\Programme\Lexmark Fax Solutions\ipcmt.dll" CheckResult="-1" Descr="IPC Core Dll" LegalCopyright="Copyright (C) 2003" UsedBy="1412" Hidden="0" Size="32768" Attr="rsAh" CreateDate="05.05.2007 11:51:07" ChageDate="02.02.2006 09:10:20" MD5="547817BB4455FB4FB293369728B500F4" /> <ITEM File="C:\WINDOWS\system32\LXPMONRC.DLL" CheckResult="-1" Descr="Lexmark Druckmonitorressourcen-DLL" LegalCopyright="Copyright (c) 2003" UsedBy="1412" Hidden="0" Size="12288" Attr="rsAh" CreateDate="05.05.2007 11:51:15" ChageDate="02.02.2006 09:27:08" MD5="8DA2E02490E23F6D2FE58B3A1FB96008" /> </DLL> - <KERNELOBJ> <ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F4788000" MemSize="016000" Descr="" LegalCopyright="" /> <ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7A7B000" MemSize="002000" Descr="" LegalCopyright="" /> </KERNELOBJ> - <Service> <ITEM File="C:\Programme\Avira\AntiVir Desktop\sched.exe" Name="AntiVirSchedulerService" CheckResult="-1" Type="272" State="1" /> <ITEM File="C:\Programme\Avira\AntiVir Desktop\avguard.exe" Name="AntiVirService" CheckResult="-1" Type="272" State="1" /> <ITEM File="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" Name="NMIndexingService" CheckResult="-1" Type="16" State="1" /> <ITEM File="C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe" Name="TUWinStylerThemeSvc" CheckResult="-1" Type="16" State="1" Size="118272" Attr="rsAh" CreateDate="07.09.2005 23:39:02" ChageDate="07.09.2005 23:39:02" MD5="BBFAC182BB522D83857CDDEF7ACF80F6" /> <ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" Name="usnjsvc" CheckResult="-1" Type="16" State="1" /> </Service> - <Drivers> <ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" /> <ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" /> <ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" /> <ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" /> <ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" Name="avgntdd" CheckResult="-1" Type="2" State="1" /> <ITEM File="C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys" Name="avgntmgr" CheckResult="-1" Type="2" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\avipbb.sys" Name="avipbb" CheckResult="-1" Type="1" State="1" /> <ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" /> <ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" /> <ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" /> <ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\INSTALL\GMSIPCI.SYS" Name="GMSIPCI" CheckResult="-1" Type="1" State="1" /> <ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\drivers\InCDFs.sys" Name="InCDFs" CheckResult="-1" Type="2" State="1" /> <ITEM File="C:\WINDOWS\System32\drivers\InCDPass.sys" Name="InCDPass" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\drivers\InCDRm.sys" Name="InCDRm" CheckResult="-1" Type="1" State="1" /> <ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" /> <ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\Drivers\KMWDFilter.SYS" Name="KMWDFilter" CheckResult="-1" Type="1" State="1" Size="17024" Attr="rsAh" CreateDate="16.06.2009 09:43:42" ChageDate="22.03.2008 10:31:58" MD5="72C55C745D804D62162144EBFD6390B8" /> <ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcbus.sys" Name="lgmcbus" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys" Name="lgmcmdfl" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys" Name="lgmcmdm" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcobex.sys" Name="lgmcobex" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\lgmcunic.sys" Name="lgmcunic" CheckResult="-1" Type="1" State="1" /> <ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\install4\MSICPL.sys" Name="MSICPL" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\NTACCESS.sys" Name="NTACCESS" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\PAC7302.SYS" Name="PAC7302" CheckResult="-1" Type="1" State="1" /> <ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" /> <ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" /> <ITEM File="D:\NTGLM7X.sys" Name="SetupNTGLM7X" CheckResult="-1" Type="1" State="1" /> <ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" /> <ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\ssmdrv.sys" Name="ssmdrv" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" /> <ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" /> </Drivers> - <AUTORUN> <ITEM File="C:\PROGRA~1\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir PersonalEdition Classic Konfiguration" /> <ITEM File="C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls" X3="Avira AntiVir Personal - Free Antivirus" /> <ITEM File="C:\Programme\AntiVir PersonalEdition Classic\guardevt.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir" X3="EventMessageFile" /> <ITEM File="C:\Programme\Avira\AntiVir Desktop\avevtrc.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir" X3="EventMessageFile" /> <ITEM File="C:\Programme\Lexmark 3400 Series\ezprint.exe" CheckResult="-1" Enabled="0" Type="REG" Size="98304" Attr="rsAh" CreateDate="05.05.2007 11:50:54" ChageDate="07.02.2006 06:10:34" MD5="E9E3F46F206051ABA1B62D2411B11074" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="EzPrint" /> <ITEM File="C:\Programme\Lexmark 3400 Series\lxcymon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="286720" Attr="rsAh" CreateDate="05.05.2007 11:50:50" ChageDate="06.03.2006 18:48:46" MD5="9C31E3254F24AD2F67A10998D1AACB7D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="lxcymon.exe" /> <ITEM File="C:\Programme\Lexmark Fax Solutions\fm3032.exe" CheckResult="-1" Enabled="0" Type="REG" Size="290816" Attr="rsAh" CreateDate="05.05.2007 11:51:08" ChageDate="02.02.2006 09:11:28" MD5="FDB5E5F9A11BC40816CAB7C3ED184BBE" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run-" X3="FaxCenterServer" /> <ITEM File="C:\Programme\MSN Messenger\usnsvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\usnjsvc" X3="EventMessageFile" /> <ITEM File="C:\Programme\Real\RealPlayer\realplay.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="204845" Attr="rsAh" CreateDate="30.01.2007 23:00:30" ChageDate="30.01.2007 23:00:30" MD5="10D18B67EA4700497C39B8A87CAA170F" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk" X3="" /> <ITEM File="C:\Programme\ZipGenius 6\cutter\cutter.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="657408" Attr="rsAh" CreateDate="03.03.2007 17:37:02" ChageDate="02.03.2005 18:05:36" MD5="15F6EE7E0F7E9A54AE13BF541AC7833A" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Cutter 4.lnk" X3="" /> <ITEM File="C:\Programme\ZipGenius 6\zipgenius.exe" CheckResult="-1" Enabled="1" Type="LNK" Size="5910528" Attr="rsAh" CreateDate="03.03.2007 17:36:56" ChageDate="19.10.2006 16:18:50" MD5="90F3781CE4AF20F868F88D60FC185827" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk" X3="" /> <ITEM File="C:\WINDOWS\FixCamera.exe" CheckResult="-1" Enabled="1" Type="REG" Size="20480" Attr="rsAh" CreateDate="24.09.2009 18:20:21" ChageDate="10.02.2007 14:40:46" MD5="6F9455F97D5D91FDEEC0F344E70A2D0E" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="FixCamera" /> <ITEM File="C:\WINDOWS\Installer\{5B09BD67-4C99-46A1-8161-B7208CE18121}\QTPlayer.ico" CheckResult="-1" Enabled="1" Type="LNK" Size="22486" Attr="RsAh" CreateDate="10.01.2008 18:12:20" ChageDate="10.01.2008 18:12:20" MD5="BE32B7F123578321A616C42C2BF2432D" X1="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Dokumente und Einstellungen\ST\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk" X3="" /> <ITEM File="C:\WINDOWS\System32\DRIVERS\avgntdd.sys" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntdd" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" /> <ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\appmgr.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ntbackup.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\winlogon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="521728" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="448600E7D03D30D1B736FFBA48C11ACC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\asr_fmt.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR format utility for volumes" /> <ITEM File="C:\WINDOWS\system32\asr_ldm.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR utility for Logical Disk Manager" /> <ITEM File="C:\WINDOWS\system32\asr_pfu.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR protected file utility" /> <ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" /> <ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\tsnpstd3.exe" CheckResult="-1" Enabled="1" Type="REG" Size="270336" Attr="rsAh" CreateDate="24.09.2009 18:20:16" ChageDate="10.03.2007 13:43:52" MD5="6CD72592F71F43E596FD3FEC6D0C2066" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="tsnpstd3" /> <ITEM File="SDEvents.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search @amp; Destroy 2" X3="EventMessageFile" /> <ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" /> <ITEM File="kbd101.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver JPN" /> <ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-19\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_CURRENT_USER" X2="Control Panel\IOProcs" X3="MVB" /> <ITEM File="sirenacm.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X3="msacm.siren" /> <ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" /> <ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" /> <ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" /> </AUTORUN> - <BHO> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}" Descr="" LegalCopyright="" /> <ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{201f27d4-3704-41d6-89c1-aa35e39143ed}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7E853D72-626A-48EC-A868-BA8D5E23E045}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" /> <ITEM File="C:\Programme\AskBarDis\bar\bin\askBar.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{3041d03e-fd4b-44e0-b742-2d9b88305f98}" Descr="Ask.com Toolbar" LegalCopyright="Copyright © 2008 Ask.com" Size="279944" Attr="rsAh" CreateDate="30.07.2009 13:54:25" ChageDate="26.08.2008 09:32:12" MD5="8BBEFC3894F15050CE2D0BF470F2FF57" /> <ITEM File="C:\Programme\ICQLite\ICQLite.exe" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{B863453A-26C3-4e1f-A54D-A2CD196348E9}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" BHOType="4" RegKey="HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks" CLSID="{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" Descr="" LegalCopyright="" /> </BHO> - <ExplorerExt> <ITEM File="deskpan.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="CPL-Erweiterung fьr Anzeigeverschiebung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shellerweiterungen fьr die Dateikomprimierung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Kontextmenь fьr die Verschlьsselung" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Taskleiste und Startmenь" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Benutzerkonten" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shell Extension for Malware scanning" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ICQ Lite Shell Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{73B24247-042E-4EF5-ADC2-42F62E6FD654}" Descr="" LegalCopyright="" /> <ITEM File="C:\PROGRA~1\ZIPGEN~1\zgtips.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Zip InfoTip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" Descr="Infotips shell extension for ZipGenius" LegalCopyright="Copyright ©1998-2004 M.Dev Software" Size="936960" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:05:50" MD5="F38EA1C2082C0FB030F60DF1C792D146" /> <ITEM File="C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius Drop handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{310A0C95-EA11-42AE-A8E4-53E69E650310}" Descr="ZG Drop Handler" LegalCopyright="" Size="543744" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:03:50" MD5="29E36098B937C75AFAD62D800C3F6D39" /> <ITEM File="C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ZipGenius DnD Extract handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FE8D01BF-610A-4261-9C6E-32D65A42C907}" Descr="Drag and drop dll" LegalCopyright="©1998, 2003 M.Dev Software" Size="700416" Attr="rsAh" CreateDate="03.03.2007 17:36:58" ChageDate="01.11.2005 11:04:38" MD5="A0CC122D3690FA7912B46D7FFE3FE94F" /> <ITEM File="@quot;C:\Programme\TuneUp Utilities 2006\sdshelex.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="TuneUp Shredder Shell Context Menu Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="AlcoholShellEx" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{32020A01-506E-484D-A2A8-BE3CF17601C3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Messenger Sharing Folders" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Yahoo! Mail" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5464D816-CF16-4784-B9F3-75C0DB52B499}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Column Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Infotip Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Property Sheet Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{63542C48-9552-494A-84F7-73AA6A7C99C1}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="1" ExtName="OpenOffice.org Thumbnail Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3B092F0C-7696-40E3-A80F-68D74DA84210}" Descr="" LegalCopyright="" /> <ITEM File="@quot;C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll@quot;" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" Descr="" LegalCopyright="" /> </ExplorerExt> - <PrintEXT> <ITEM File="C:\WINDOWS\System32\LXPRMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="Print Monitor (Win2k/WinXP)" LegalCopyright="Copyright (C) 2003" Size="40960" Attr="rsAh" CreateDate="05.05.2007 11:51:35" ChageDate="02.02.2006 09:12:22" MD5="FF93F3730EEF696A7F87B09DCF0E7C27" /> </PrintEXT> - <TaskScheduler> <ITEM File="C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe" CheckResult="-1" Enabled="29518112" Descr="TuneUp System Optimizer" LegalCopyright="© 1996-2004 TuneUp Software GmbH" Size="388608" Attr="rsAh" CreateDate="07.09.2005 23:38:58" ChageDate="07.09.2005 23:38:58" MD5="6CE0E19803480A2B6318C65B5A172BA0" /> </TaskScheduler> - <SPI> <ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="TCP/IP" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="14848" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="81696D115F602EDDD8B950D5F1DA9FE4" /> <ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="NLA-Namespace" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" /> <ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="90112" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="FE8B5E44A89D2141D26402F5B1C28E2B" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] SEQPACKET 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9A2EB6-C1F4-4455-ABD6-67DBC600BCA7}] DATAGRAM 3" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{2CF0ACE8-EF48-4972-AAF6-976D30EEB6F1}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{78F8E5A4-447F-4B02-AE80-E0189816E86C}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B971C963-F03B-45DC-B5A6-36EA10AB10B1}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0-Dienstanbieter" LegalCopyright="© Microsoft Corporation. Alle Rechte vorbehalten." Size="230400" Attr="rsAh" CreateDate="29.08.2002 13:00:00" ChageDate="29.08.2002 13:00:00" MD5="6F9DD8E7D5CABFAA9AC908E4DFB89A9C" /> </SPI> - <DPF> <ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="DirectAnimation Java Classes" CodeBase="file://C:\WINDOWS\Java\classes\dajava.cab" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="Microsoft XML Parser for Java" CodeBase="file://C:\WINDOWS\Java\classes\xmldso.cab" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{33564D57-0000-0010-8000-00AA00389B71}" CodeBase="http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB" Descr="" LegalCopyright="" /> <ITEM File="C:\PROGRA~1\Imikimi\IMIKIM~1.1\IMIKIM~1.OCX" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{D71F9A27-723E-4B8B-B428-B725E47CBA3E}" CodeBase="http://imikimi.com/download/imikimi_plugin_0.5.1.cab" Descr="Imikimi Plugin" LegalCopyright="Copyright (C) 2007" Size="73728" Attr="rsAh" CreateDate="16.01.2008 18:10:38" ChageDate="16.01.2008 18:10:38" MD5="EB624C70CE18C267F016ED0208789571" /> </DPF> <CPL /> <ActiveSetup /> - <HOSTS> <ITEM Line="127.0.0.1 localhost" /> </HOSTS> <SuspFiles /> - <RK_KM> <ITEM File="" FNaim="" FIndx="339" HookPtr="8060F675" HookType="3" /> <ITEM File="" FNaim="" FIndx="366" HookPtr="8060F675" HookType="3" /> <ITEM File="" FNaim="" FIndx="373" HookPtr="8060F675" HookType="3" /> <ITEM File="" FNaim="" FIndx="538" HookPtr="8060F675" HookType="3" /> </RK_KM> - <WIZARD-TSW> <ITEM ID="19" Level="2" Fixed="0" /> <ITEM ID="51" Level="2" Fixed="0" /> <ITEM ID="58" Level="3" Fixed="0" /> <ITEM ID="59" Level="3" Fixed="0" /> <ITEM ID="61" Level="2" Fixed="0" /> </WIZARD-TSW> </AVZ> |
09.01.2010, 20:24 | #7 |
/// AVZ-Toolkit Guru | durch maleware defense/security altert nur noch PC-probs =) Lies dir bitte den Punkt den mit den logfiles anhängen noch mal ganz genau durch! Es entstehen zwei .zip Dateien wenn du die Skripte ausführst (syssecure.zip und syscheck.zip). Diese beiden Dateien hängst du bitte an deinen nächsten Post an. Anhängen! Nicht posten.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
09.01.2010, 20:46 | #8 |
| durch maleware defense/security altert nur noch PC-probs lol ok ok ... das ganze stresst mich ganz schön =) |
09.01.2010, 22:20 | #9 |
/// AVZ-Toolkit Guru | durch maleware defense/security altert nur noch PC-probs das glaube ich. Entspann dich! Wir flicken den Rechner in aller Ruhe wieder zusammen und danach ist alles wieder in Butter! Grade bei verseuchten oder kaputten PCs gilt: In der Ruhe liegt die Kraft! Das muss ich mir aber auch andauernd sagen.. ^^ Mit den logs stimmt was nicht. Dafür kannst du aber nichts! Ich glaube da versucht uns der Schädling einen Strich durch die Rechnung zu machen. Lösche bitte den kompletten AVZ Ordner. Räume mit dem CCleaner auf und starte den Rechner neu. Poste ein GMER log. Starte den Rechner danach neu. Danach lädst du dir AVZ nocheinmal herunter. Diesmal allerdings anders als es in der Anleitung steht: Download: 1. Lege dir einen eigenen Ordner für AVZ unter folgendem Pfad an: C:\AVZ 2. Klicke mit einem rechts Klick auf diesen Link: Toolkit und wähle speichern unter:
3. Das Programm muss nicht installiert werden sondern ist direkt betriebsbereit. Gehe danach wieder so vor wie beim letzten mal um die AVZ logs zu erstellen und hänge beide an deinen nächsten Post an.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
10.01.2010, 09:51 | #10 |
| durch maleware defense/security altert nur noch PC-probs guten morgen =) na das hoff ich doch, dass der bald wieder so funzt wie er soll... also hier dann mal die logs: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-10 08:40:56 Windows 5.1.2600 Service Pack 1 Running: tm42spnw.exe; Driver: C:\DOKUME~1\ST\LOKALE~1\Temp\fxtdypob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06] .text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xF766F280, 0x7B04, 0xE8000020] ---- EOF - GMER 1.0.15 ---- |
10.01.2010, 10:23 | #11 | |
/// AVZ-Toolkit Guru | durch maleware defense/security altert nur noch PC-probs Guten Morgen. Die oreans32.sys verarscht uns bzw. AVZ. Aber nicht mehr lange.. Öffne bitte gmer. Oben links findest du einen Reiter der etwa so aussieht: Klicke den an und es werden weitere Reiter erscheinen. Wähle den Reiter cmd aus. Dann kopiere bitte in das schwarze obere Feld folgendes rein: Zitat:
Der Rechner startet neu. Räume mit dem CCleaner auf und poste ein frisches GMER log Starte den Rechner abermals neu und poste zwei frische AVZ logs.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
10.01.2010, 10:52 | #12 |
| durch maleware defense/security altert nur noch PC-probs hmmmm funzt nicht! wenn ichs reinkopiere und run anklicke, erscheint erst "deletekey - falsches parameter" und dann "error 0x00000002 occured during the delicion of file C:\windows.....\oreans.sys - system kann die angegegbene datei nicht finden |
10.01.2010, 11:37 | #13 | |
/// AVZ-Toolkit Guru | durch maleware defense/security altert nur noch PC-probs Dann ist die Datei scheinbar nicht vorhanden aber probiere es bitte nochmal mit folgendem Skript: Zitat:
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
10.01.2010, 11:51 | #14 |
| durch maleware defense/security altert nur noch PC-probs klappt auch nicht, erscheint dann das gleiche |
10.01.2010, 11:56 | #15 |
/// AVZ-Toolkit Guru | durch maleware defense/security altert nur noch PC-probs Du hast das alles in das schwarze cmd Fenster eingeben, ja? O.K. Dann versuchen wir es anders: Lass' mal bitte SUPERAntiSpyware laufen und poste das log. Poste auch ein frisches Malwarebytes log.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
Themen zu durch maleware defense/security altert nur noch PC-probs |
adware.egdaccess, antivir, antivir guard, ask toolbar, askbar, avgnt, avgnt.exe, avira, bho, browser, converter, desktop, entfernen, excel, google, gservice, hijack, hijackthis, hkus\s-1-5-18, home, iexplore.exe, install.exe, kompatibilität, launch, maleware, malewarebytes anti-maleware, malware.packer, mozilla, msiexec.exe, plug-in, pop-up, problem, realtek, registrierungsschlüssel, registry, scan, security, sekunden, software, starten, systemwiederherstellung gemacht, trojan.tdss, windows xp, windows\temp |