Hallo,

ich hab ähnliche Probleme wie in folgenden Thread beschrieben:

HTML-Code:

[URL]http://www.trojaner-board.de/84198-mein-internet-explorer-startet-immer-von-allein-und-ich-hab-keine-ahnung-wieso.html[/URL]

ich verdächtige die datei hjibya.exe im Windows-Ordner, Virus Total ergab dazu:

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.29 -
AhnLab-V3 5.0.0.2 2010.03.29 Win-Trojan/Fakeav.165888.C
AntiVir 7.10.5.248 2010.03.29 -
Antiy-AVL 2.0.3.7 2010.03.29 -
Authentium 5.2.0.5 2010.03.29 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.03.29 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.03.29 Win32:Rootkit-gen
AVG 9.0.0.787 2010.03.29 Downloader.Agent2.USN
BitDefender 7.2 2010.03.29 -
CAT-QuickHeal 10.00 2010.03.29 Win32.Packed.Krap.as.5
ClamAV 0.96.0.0-git 2010.03.29 -
Comodo 4428 2010.03.29 -
DrWeb 5.0.2.03220 2010.03.29 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7394 2010.03.29 -
F-Prot 4.5.1.85 2010.03.29 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.29 -
Fortinet 4.0.14.0 2010.03.29 -
GData 19 2010.03.29 Win32:Rootkit-gen
Ikarus T3.1.1.80.0 2010.03.29 -
Jiangmin 13.0.900 2010.03.29 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.29 -
McAfee 5935 2010.03.29 Downloader-CEW
McAfee+Artemis 5935 2010.03.29 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.03.29 -
Microsoft 1.5605 2010.03.29 -
NOD32 4983 2010.03.29 a variant of Win32/Kryptik.DIR
Norman 6.04.10 2010.03.29 -
nProtect 2009.1.8.0 2010.03.29 -
Panda 10.0.2.2 2010.03.29 -
PCTools 7.0.3.5 2010.03.29 -
Prevx 3.0 2010.03.29 Medium Risk Malware
Rising 22.41.00.04 2010.03.29 Packer.Win32.UnkPacker.a
Sophos 4.52.0 2010.03.29 Mal/FakeAV-CX
Sunbelt 6113 2010.03.29 -
Symantec 20091.2.0.41 2010.03.29 Suspicious.Insight
TheHacker 6.5.2.0.247 2010.03.29 -
TrendMicro 9.120.0.1004 2010.03.29 TROJ_RENOS.SMD
VBA32 3.12.12.2 2010.03.29 -
ViRobot 2010.3.29.2250 2010.03.29 -
VirusBuster 5.0.27.0 2010.03.29 Trojan.Codecpack.Gen.4

hijackthis hat folgenden log ausgespuckt:

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:22, on 29.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Hjibya.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\PostDa\PostDa.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Lexar Media\LxrAutorun.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WheelMouse] C:\Programme\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PostDa] C:\Programme\PostDa\PostDa.exe
O4 - HKCU\..\Run: [LxrAutorun] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.hp.com
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOKUME~1\ADMINI~1\Desktop\INSTAL~1.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10310 bytes

ein quickscan mitm MAM hat ergeben:

Zitat:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

29.03.2010 21:43:31
mbam-log-2010-03-29 (21-43-27).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 118146
Laufzeit: 6 minute(s), 29 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

und OTL ergab einmal dies:

Zitat:

OTL logfile created on: 29.03.2010 21:47:46 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 379,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 4,41 Gb Free Space | 18,05% Space Free | Partition Type: NTFS
Drive D: | 68,75 Gb Total Space | 6,11 Gb Free Space | 8,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232,88 Gb Total Space | 9,10 Gb Free Space | 3,91% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIRK_LAPPY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\Hjibya.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Lexar Media\LxrAutorun.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Programme\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\WINDOWS\system32\LxrSII1s.exe ()
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Programme\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Programme\HPQ\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\WINDOWS\system32\LckFldService.exe ()
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\PostDa\PostDa.exe (Dirk Scheers Software (www.scheernet.de))


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\Amhooker.dll (A4Tech Co., Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (CiscoVpnInstallService) -- File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LxrSII1s) -- C:\WINDOWS\System32\LxrSII1s.exe ()
SRV - (LckFldService) -- C:\WINDOWS\system32\LckFldService.exe ()
SRV - (IDriverT) -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CM1083264) -- C:\WINDOWS\system32\drivers\CM108.sys (C-Media Inc)
DRV - (LxrSII1d) -- C:\WINDOWS\system32\drivers\LxrSII1d.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\Amusbprt.sys (A4Tech Co.,Ltd.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys (A4Tech Co.,Ltd.)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (Parclass) -- C:\WINDOWS\System32\Drivers\Parclass.sys (Microsoft Corporation)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.huddi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wh1shop.de/wh1shop/sale-of-the-day-c-2083.html"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.27 19:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.27 19:44:34 | 000,000,000 | ---D | M]

[2008.07.02 21:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.03.29 19:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions
[2010.02.06 04:44:10 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.08.10 22:48:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.24 17:37:43 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.01.30 11:04:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.02.20 20:34:43 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.02.20 20:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.10.05 10:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.02.17 23:50:23 | 000,001,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\searchplugins\winamp-search.xml
[2010.03.29 21:29:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.02.07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll
[2008.02.07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll
[2008.02.07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll
[2007.03.16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcm80.dll
[2007.03.16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcp80.dll
[2007.03.16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcr80.dll
[2008.02.07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll
[2008.02.07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll
[2010.03.12 00:20:21 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 00:20:21 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 00:20:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 00:20:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 00:20:22 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 10:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CM108Sound] File not found
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Programme\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)
O4 - HKCU..\Run: [LxrAutorun] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Lexar Media\LxrAutorun.exe ()
O4 - HKCU..\Run: [PostDa] C:\Programme\PostDa\PostDa.exe (Dirk Scheers Software (www.scheernet.de))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.70.2
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell00\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell01\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell02\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.15 22:52:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.11 08:29:10 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009.03.19 13:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2007.12.04 19:17:04 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2007.12.04 19:17:04 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2007.12.04 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.12.04 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.29 21:47:05 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.03.29 21:28:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.29 21:27:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.29 21:27:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.29 21:25:34 | 030,146,560 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat
[2010.03.29 21:25:11 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.03.29 19:59:37 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.03.28 21:20:44 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.03.28 19:39:14 | 000,000,018 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010.03.28 19:39:12 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010.03.28 19:12:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010.03.28 19:02:43 | 000,165,888 | ---- | M] () -- C:\WINDOWS\Hjibya.exe
[2010.03.28 19:02:35 | 000,192,000 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010.03.19 19:56:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.28 19:59:04 | 000,165,888 | ---- | C] () -- C:\WINDOWS\Hjibya.exe
[2010.03.28 19:26:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010.03.28 19:12:50 | 000,000,018 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010.03.28 19:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010.03.28 19:02:44 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.03.28 19:02:35 | 000,192,000 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll
[2009.08.14 19:31:22 | 000,599,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.08.09 15:09:21 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.07.15 00:07:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009.07.15 00:07:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009.07.15 00:07:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.07.03 09:13:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.07.03 09:13:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.02.05 22:36:38 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2008.12.11 12:27:25 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.12.11 12:27:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.12.11 12:27:20 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.12.11 12:27:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.12.11 12:27:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.12.11 12:27:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.11 12:27:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.07.02 09:21:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.06.14 02:53:57 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CM108rm.dll
[2008.04.15 18:42:32 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008.02.22 09:28:25 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\PPMON.DLL
[2008.01.23 00:52:35 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.01.23 00:52:35 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys
[2008.01.23 00:51:50 | 000,000,270 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.01.10 02:02:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Mlkf.dll
[2007.12.04 19:25:15 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.11.25 23:26:30 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.11.21 23:04:08 | 000,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.11.13 22:32:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.10.26 14:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.09.18 11:09:40 | 000,000,052 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.18 11:04:38 | 000,000,834 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.09.11 20:19:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.29 11:24:06 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\TheMatrix.ini
[2007.08.18 01:04:52 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2007.08.05 12:02:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007.07.18 23:18:16 | 000,001,054 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007.07.10 20:00:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2007.06.28 19:37:55 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVSDVDPlayer.m3u
[2007.06.15 19:51:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\gfssql.ini
[2007.06.04 22:53:21 | 000,000,566 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AutoGK.ini
[2007.06.04 01:42:56 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.06.04 01:42:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.02.22 13:21:37 | 000,000,182 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007.02.12 23:31:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.04 23:59:37 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007.02.03 19:10:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.02.01 17:20:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2007.02.01 16:55:25 | 000,150,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.01 16:17:44 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.02.01 16:00:25 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007.01.31 17:02:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.10.10 02:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\QSwitch.txt
[2006.10.10 02:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DSwitch.txt
[2006.10.10 02:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AtStart.txt
[2006.10.10 02:17:51 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.10.10 02:16:31 | 000,030,064 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.10.10 02:04:26 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.02.15 17:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.08.07 08:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 08:02:10 | 000,000,931 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2004.01.13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
< End of report >

und dies:

Zitat:

OTL Extras logfile created on: 29.03.2010 21:47:46 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 379,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 4,41 Gb Free Space | 18,05% Space Free | Partition Type: NTFS
Drive D: | 68,75 Gb Total Space | 6,11 Gb Free Space | 8,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232,88 Gb Total Space | 9,10 Gb Free Space | 3,91% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIRK_LAPPY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\onlineTV 3\onlineTV.exe" = C:\Programme\onlineTV 3\onlineTV.exe:*:EnablednlineTV -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\counter-strike\hl.exe" = D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"D:\Spiele\Worms World Party\wwp.exe" = D:\Spiele\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- (Team17 Software Ltd)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\day of defeat\hl.exe" = D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\day of defeat\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\half-life\hl.exe" = D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Spiele\Steam\steam.exe" = D:\Spiele\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled: -- ()
"D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\dedicated server\hlds.exe" = D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\dedicated server\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Spiele\valve\hlds.exe" = D:\Spiele\valve\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\half-life\hlds.exe" = D:\Spiele\Steam\steamapps\birk.brockmann@gmx.de\half-life\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"K:\Programme\Matlab2007b\bin\win32\MATLAB.exe" = K:\Programme\Matlab2007b\bin\win32\MATLAB.exe:*isabled:MATLAB -- File not found
"D:\Spiele\CIV4 Gold\Civilization4.exe" = D:\Spiele\CIV4 Gold\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"D:\Spiele\CIV4 Gold\Warlords\Civ4Warlords.exe" = D:\Spiele\CIV4 Gold\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"D:\Spiele\CIV4 Gold\Warlords\Civ4Warlords_PitBoss.exe" = D:\Spiele\CIV4 Gold\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"D:\Spiele\CIV4 Gold\Beyond the Sword\Civ4BeyondSword.exe" = D:\Spiele\CIV4 Gold\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\Spiele\CIV4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\Spiele\CIV4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"D:\Spiele\Steam\steamapps\common\mount and blade\runme.exe" = D:\Spiele\Steam\steamapps\common\mount and blade\runme.exe:*:Enabled:Mount and Blade -- ()
"D:\Spiele\Quake 3 Arena\quake3.exe" = D:\Spiele\Quake 3 Arena\quake3.exe:*isabled:quake3 -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Spiele\Steam\steamapps\orc4_dedicated\counter-strike\hl.exe" = D:\Spiele\Steam\steamapps\orc4_dedicated\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Spiele\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = D:\Spiele\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"D:\Spiele\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = D:\Spiele\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Programme\SmartCam\SmartCam.exe" = C:\Programme\SmartCam\SmartCam.exe:*:Enabled:SmartCam -- ()
"D:\Spiele\Steam\steamapps\common\ghost recon\GhostRecon.exe" = D:\Spiele\Steam\steamapps\common\ghost recon\GhostRecon.exe:*:Enabled:Ghost Recon -- ()
"D:\Spiele\Steam\steamapps\common\jedi academy\GameData\jasp.exe" = D:\Spiele\Steam\steamapps\common\jedi academy\GameData\jasp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
"D:\Spiele\Steam\steamapps\common\jedi academy\GameData\jamp.exe" = D:\Spiele\Steam\steamapps\common\jedi academy\GameData\jamp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{19E08ED2-9936-4740-BAA7-366AB306D3E8}" = ATI Catalyst Control Center
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F89F212-2052-414A-8B7E-D8604C431BDF}" = HP User Guides 0013
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2298055A-F5E6-4332-9A15-C5D99870E72F}" = HP Embedded Security for ProtectTools
"{253C3A51-A249-470F-A787-5645B289A118}" = Civilization III v1.21f
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{28F451B0-44E5-48C0-8706-84114249F5B4}" = LightScribe 1.4.109.1
"{2B8BEBBF-73A0-497D-9900-8474D022AB3F}" = Nokia PC Suite
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 H1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{52537172-CBB0-44C4-BBB4-CC992BAF81F4}" = Playchess
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{901F0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Proofing Tools
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.1 - Deutsch
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{BBDE8B7B-829A-405A-8357-6F9240050D44}" = Winamp 2009
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Nur Web
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F71E13C9-D783-4185-84DA-0515EC3D8EC1}" = Gamepad Pro USB
"{FE5D756F-71E1-47C4-972A-D6775344B40B}" = Nokia Software Updater
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows-Treiberpaket - Nokia Modem (08/03/2007 6.84.0.2)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FreePDF_XP" = FreePDF (Remove only)
"Generic USB 108 Sound" = SteelSeries USB Soundcard
"getPlus(R)_dll" = getPlus(R)_dll
"GoldWave v5.20" = GoldWave v5.20
"GOM Player" = GOM Player
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.41 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007b" = MATLAB R2007b
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.13
"MKVtoolnix" = MKVtoolnix 2.1.0
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PartyPoker" = PartyPoker
"PokerStars.net" = PokerStars.net
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SmartCam" = SmartCam -- Smart Phone Camera
"Steam" = Steam
"Steam App 11020" = TrackMania Nations Forever
"Steam App 15300" = Ghost Recon
"Steam App 22100" = Mount and Blade
"Steam App 30" = Day of Defeat
"Steam App 5" = Dedicated Server
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.5
"VP Bank e-banking" = VP Bank e-banking
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WheelMouse" = Smart-X7 7.72
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.14
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Zattoo" = Zattoo 3.3.4 Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.02.2010 14:40:53 | Computer Name = BIRK_LAPPY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.8.6.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00037740.

Error - 23.02.2010 14:40:58 | Computer Name = BIRK_LAPPY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.8.6.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00037740.

Error - 23.02.2010 14:41:03 | Computer Name = BIRK_LAPPY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.8.6.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00037740.

Error - 11.03.2010 17:02:15 | Computer Name = BIRK_LAPPY | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 18.03.2010 14:08:54 | Computer Name = BIRK_LAPPY | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 20.03.2010 03:14:23 | Computer Name = BIRK_LAPPY | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 20.03.2010 15:29:32 | Computer Name = BIRK_LAPPY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gtgolf.exe, Version 1.0.0.1, fehlgeschlagenes
Modul g16bit.dll, Version 0.0.0.0, Fehleradresse 0x000141c8.

Error - 21.03.2010 12:25:12 | Computer Name = BIRK_LAPPY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gtgolf.exe, Version 1.0.0.1, fehlgeschlagenes
Modul g16bit.dll, Version 0.0.0.0, Fehleradresse 0x00012fff.

Error - 25.03.2010 15:47:28 | Computer Name = BIRK_LAPPY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc6491.exe, Version 6.4.9.1, fehlgeschlagenes
Modul avisplitter.ax, Version 1.0.0.9, Fehleradresse 0x00023048.

Error - 25.03.2010 16:28:18 | Computer Name = BIRK_LAPPY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3667, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ Credential Manager Events ]
Error - 01.02.2007 07:11:05 | Computer Name = BIRK_LAPPY | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Administrator@Credential Manager Client-GUID: {Password} Fehler: 0xC516020B Clienthost:
localhost Clientadresse: 127.0.0.1 Autorität: HP Serverhost: localhost Protokoll: HTTP

Error - 01.06.2007 16:17:09 | Computer Name = BIRK_LAPPY | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Administrator@Credential Manager Client-GUID: {Password} Fehler: 0xC516020B Clienthost:
localhost Clientadresse: 127.0.0.1 Autorität: HP Serverhost: localhost Protokoll: HTTP

Error - 01.06.2007 16:17:16 | Computer Name = BIRK_LAPPY | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Administrator@Credential Manager Client-GUID: {Password} Fehler: 0xC516020B Clienthost:
localhost Clientadresse: 127.0.0.1 Autorität: HP Serverhost: localhost Protokoll: HTTP

Error - 01.06.2007 16:17:19 | Computer Name = BIRK_LAPPY | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Administrator@Credential Manager Client-GUID: {Password} Fehler: 0xC516020B Clienthost:
localhost Clientadresse: 127.0.0.1 Autorität: HP Serverhost: localhost Protokoll: HTTP

[ System Events ]
Error - 28.03.2010 04:52:27 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 28.03.2010 13:04:23 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cisco Systems, Inc. Installer service" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2

Error - 28.03.2010 13:04:23 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GfSDev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 28.03.2010 13:04:23 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 29.03.2010 13:37:09 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cisco Systems, Inc. Installer service" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2

Error - 29.03.2010 13:37:09 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GfSDev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 29.03.2010 13:37:09 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 29.03.2010 15:27:44 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cisco Systems, Inc. Installer service" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2

Error - 29.03.2010 15:27:44 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GfSDev" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error - 29.03.2010 15:27:44 | Computer Name = BIRK_LAPPY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3


< End of report >

wie gehe ich an der stelle weiter vor?

**PUSH**
bräuchte echt Hilfe!

1. Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:

:OTL
PRC - C:\WINDOWS\Hjibya.exe ()
SRV - (LckFldService) -- C:\WINDOWS\system32\LckFldService.exe ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2010.03.29 21:47:05 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.03.28 19:02:43 | 000,165,888 | ---- | M] () -- C:\WINDOWS\Hjibya.exe
[2010.03.28 19:02:35 | 000,192,000 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010.03.28 19:39:14 | 000,000,018 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010.03.28 19:39:12 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010.03.28 19:12:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat

:Commands
[emptytemp]

Klicke auf Run Fix.
Neustart zulassen, wenn gefragt.
Poste das Fix-Log. Den findet man unter c:\_OTL

2. Lass erneut Malwarebytes laufen und entferne die Funde diesmal auch.

3.
http://www.trojaner-board.de/74908-a...t-scanner.html

Hallo,

ich war in der zwischenzeit ein wenig ungeduldig und habe die Datei per Hand gelöscht. Kann das ein Problem sein? Ich denke daher wurde die Datei beim OTL nicht gedfunden.
Hier der OTL LOG:

Zitat:

All processes killed
========== OTL ==========
No active process named Hjibya.exe was found!
Service LckFldService stopped successfully!
Service LckFldService deleted successfully!
C:\WINDOWS\system32\LckFldService.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File C:\WINDOWS\Hjibya.exe not found.
C:\WINDOWS\system32\sshnas21.dll moved successfully.
C:\WINDOWS\popcinfot.dat moved successfully.
C:\WINDOWS\popcinfo.dat moved successfully.
C:\WINDOWS\popcreg.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 57220480 bytes
->Temporary Internet Files folder emptied: 15970064 bytes
->Java cache emptied: 130272523 bytes
->FireFox cache emptied: 35131172 bytes
->Flash cache emptied: 74682 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 232190 bytes

User: Spielerkonto
->Temp folder emptied: 223 bytes
->Temporary Internet Files folder emptied: 317789 bytes
->FireFox cache emptied: 1881910 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1362823 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15152509 bytes
RecycleBin emptied: 3947786 bytes

Total Files Cleaned = 250,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03302010_190854

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hier der MAMlog:

Zitat:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30.03.2010 19:24:15
mbam-log-2010-03-30 (19-24-15).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 117757
Laufzeit: 7 minute(s), 32 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und hier das Ergebnis von GMER:

Zitat:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-03-31 18:17:52
Windows 5.1.2600 Service Pack 3
Running: kedngqqy.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pwdiyfoc.sys


---- System - GMER 1.0.15 ----

SSDT EE23D566 ZwCreateKey
SSDT EE23D55C ZwCreateThread
SSDT EE23D56B ZwDeleteKey
SSDT EE23D575 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF7336FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF7337340]
SSDT EE23D57A ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF73310B0]
SSDT EE23D548 ZwOpenProcess
SSDT EE23D54D ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF7337418]
SSDT sptd.sys ZwQueryValueKey [0xF7337298]
SSDT EE23D584 ZwReplaceKey
SSDT EE23D57F ZwRestoreKey
SSDT EE23D570 ZwSetValueKey
SSDT EE23D557 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload F5A428AC 5 Bytes JMP 8647F770
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF5A26EBF]
? System32\Drivers\ac1b1ccu.SYS Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[3336] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7331AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7331C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7331B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7332748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F733261E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F734729A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F641E8
Device \Driver\USBSTOR \Device\000000da 862421E8
Device \Driver\USBSTOR \Device\000000da sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\usbuhci \Device\USBPDO-0 8649E790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F681E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F681E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F681E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F681E8
Device \Driver\usbuhci \Device\USBPDO-1 8649E790
Device \Driver\NetBT \Device\NetBT_Tcpip_{A5A098F3-E282-448B-89BD-B5F13AAF9C49} 862E71E8
Device \Driver\usbuhci \Device\USBPDO-2 8649E790
Device \Driver\usbuhci \Device\USBPDO-3 8649E790
Device \Driver\usbehci \Device\USBPDO-4 8646E790
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F691E8
Device \Driver\Cdrom \Device\CdRom0 864645F8
Device \Driver\Cdrom \Device\CdRom1 864645F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F691E8
Device \Driver\iaStor \Device\Ide\iaStor0 86F661E8
Device \Driver\iaStor \Device\Ide\iaStor0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7266B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F7266B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 86F661E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 86F691E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C5ACA68A-672B-43EE-AB7E-FF086B7A8B87} 862E71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 862E71E8
Device \Driver\NetBT \Device\NetbiosSmb 862E71E8
Device \Driver\USBSTOR \Device\000000d6 862421E8
Device \Driver\USBSTOR \Device\000000d6 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-0 8649E790
Device \Driver\USBSTOR \Device\000000d7 862421E8
Device \Driver\USBSTOR \Device\000000d7 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-1 8649E790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86271590
Device \Driver\usbuhci \Device\USBFDO-2 8649E790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86271590
Device \Driver\usbuhci \Device\USBFDO-3 8649E790
Device \Driver\usbehci \Device\USBFDO-4 8646E790
Device \Driver\Ftdisk \Device\FtControl 86F691E8
Device \Driver\PCI_NTPNP0926 \Device\0000007e sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{FFAD851B-71D7-445F-AA01-37F6B875FB7C} 862E71E8
Device \Driver\ac1b1ccu \Device\Scsi\ac1b1ccu1 863A91E8
Device \Driver\ac1b1ccu \Device\Scsi\ac1b1ccu1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ac1b1ccu \Device\Scsi\ac1b1ccu1Port2Path0Target0Lun0 863A91E8
Device \Driver\ac1b1ccu \Device\Scsi\ac1b1ccu1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\000000cc 862421E8
Device \Driver\USBSTOR \Device\000000cc sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 85C5C790
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB8 0x88 0x6C 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0x31 0xF6 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x77 0x05 0x7E 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB8 0x88 0x6C 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0x31 0xF6 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x01 0x5C 0x82 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB8 0x88 0x6C 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0x31 0xF6 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x77 0x05 0x7E 0x26 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6703CE2-E252-A7D8-56FF-73DBB7338DD8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6703CE2-E252-A7D8-56FF-73DBB7338DD8}@iabehacaciohappnbb 0x6A 0x61 0x66 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6703CE2-E252-A7D8-56FF-73DBB7338DD8}@hahchbcjggaejhgf 0x6A 0x61 0x66 0x70 ...

---- EOF - GMER 1.0.15 ----

GRUß

Nein, kein Problem in diesem Fall.

Zitat:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510

1. Lasse Malwarebytes updaten und mache diesmal einen Vollscan. So viel Geduld muss schon sein.

2.Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
Scheduler.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt

3. Gmer Log ist etwas merkwürdig. Zur Absicherung:

Hol dir RootRepeal .
Starte RootRepeal.
Beende alle anderen Programme, schalte AV-Wächter ab.
Gehe auf Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Poste das Log.

Hi,
danke erstmal.

Hier der MBAM LOG:

Zitat:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05.04.2010 12:36:59
mbam-log-2010-04-05 (12-36-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 462561
Laufzeit: 2 Stunde(n), 41 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\CryptLoad_1.0.4\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Programme\CryptLoad_1.0.4\ocr\rapidshare.com\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.

und hier der OTL-Log:

Zitat:

OTL logfile created on: 05.04.2010 12:44:13 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 564,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 4,58 Gb Free Space | 18,77% Space Free | Partition Type: NTFS
Drive D: | 68,75 Gb Total Space | 5,82 Gb Free Space | 8,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232,88 Gb Total Space | 9,10 Gb Free Space | 3,91% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIRK_LAPPY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Lexar Media\LxrAutorun.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Programme\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\WINDOWS\system32\LxrSII1s.exe ()
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Programme\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Programme\HPQ\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\PostDa\PostDa.exe (Dirk Scheers Software (www.scheernet.de))


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\Amhooker.dll (A4Tech Co., Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (CiscoVpnInstallService) -- File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LxrSII1s) -- C:\WINDOWS\System32\LxrSII1s.exe ()
SRV - (IDriverT) -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.huddi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wh1shop.de/wh1shop/sale-of-the-day-c-2083.html"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.27 19:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.27 19:44:34 | 000,000,000 | ---D | M]

[2008.07.02 21:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.04.05 10:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions
[2010.02.06 04:44:10 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.08.10 22:48:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.24 17:37:43 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.01.30 11:04:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.31 18:11:07 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.02.20 20:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.10.05 10:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.02.17 23:50:23 | 000,001,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2ngnngjv.default\searchplugins\winamp-search.xml
[2010.04.05 12:41:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.02.07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll
[2008.02.07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll
[2008.02.07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll
[2007.03.16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcm80.dll
[2007.03.16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcp80.dll
[2007.03.16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcr80.dll
[2008.02.07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll
[2008.02.07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll
[2010.03.12 00:20:21 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 00:20:21 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 00:20:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 00:20:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 00:20:22 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 10:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CM108Sound] File not found
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Programme\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)
O4 - HKCU..\Run: [LxrAutorun] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Lexar Media\LxrAutorun.exe ()
O4 - HKCU..\Run: [PostDa] C:\Programme\PostDa\PostDa.exe (Dirk Scheers Software (www.scheernet.de))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.70.2
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell00\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell01\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell02\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.02.01 17:42:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010.03.30 19:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.03.30 19:08:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2009.03.19 13:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2007.12.04 19:17:04 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2007.12.04 19:17:04 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2007.12.04 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.12.04 19:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft

========== Files - Modified Within 14 Days ==========

[2010.04.05 12:40:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.05 12:39:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.05 12:39:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.05 12:37:54 | 030,146,560 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat
[2010.04.05 09:25:27 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.29 22:50:32 | 001,100,822 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.29 22:50:32 | 000,471,824 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.29 22:50:32 | 000,451,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.29 22:50:32 | 000,087,898 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.29 22:50:32 | 000,074,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.29 19:59:37 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.03.28 21:20:44 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db

========== Files Created - No Company Name ==========

[2009.08.14 19:31:22 | 000,599,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.08.09 15:09:21 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.07.15 00:07:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009.07.15 00:07:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009.07.15 00:07:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.07.03 09:13:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.07.03 09:13:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.02.05 22:36:38 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2008.12.11 12:27:25 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.12.11 12:27:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.12.11 12:27:20 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.12.11 12:27:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.12.11 12:27:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.12.11 12:27:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.11 12:27:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.07.02 09:21:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.06.14 02:53:57 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CM108rm.dll
[2008.04.15 18:42:32 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008.02.22 09:28:25 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\PPMON.DLL
[2008.01.23 00:52:35 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.01.23 00:52:35 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys
[2008.01.23 00:51:50 | 000,000,270 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.01.10 02:02:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Mlkf.dll
[2007.12.04 19:25:15 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.11.25 23:26:30 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.11.21 23:04:08 | 000,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.11.13 22:32:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.10.26 14:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.09.18 11:09:40 | 000,000,052 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.18 11:04:38 | 000,000,834 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.09.11 20:19:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.29 11:24:06 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\TheMatrix.ini
[2007.08.18 01:04:52 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2007.08.05 12:02:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007.07.18 23:18:16 | 000,001,054 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007.07.10 20:00:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2007.06.28 19:37:55 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AVSDVDPlayer.m3u
[2007.06.15 19:51:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\gfssql.ini
[2007.06.04 22:53:21 | 000,000,566 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AutoGK.ini
[2007.06.04 01:42:56 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.06.04 01:42:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.02.22 13:21:37 | 000,000,182 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007.02.12 23:31:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.02.04 23:59:37 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007.02.03 19:10:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.02.01 17:20:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2007.02.01 16:55:25 | 000,150,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.01 16:17:44 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.02.01 16:00:25 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007.01.31 17:02:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.10.10 02:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\QSwitch.txt
[2006.10.10 02:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DSwitch.txt
[2006.10.10 02:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AtStart.txt
[2006.10.10 02:17:51 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.10.10 02:16:31 | 000,030,064 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.10.10 02:04:26 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.02.15 17:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.08.07 08:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 08:02:10 | 000,000,931 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2004.01.13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2009.06.30 11:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2008.02.26 23:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
[2009.07.16 02:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BoneTown
[2009.07.15 23:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BoneTown Demo
[2008.04.02 16:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ChessBase
[2007.02.12 23:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\concept design
[2009.02.05 22:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DonationCoder
[2009.03.02 18:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FreeTV
[2010.03.30 19:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2008.05.27 09:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICAClient
[2010.04.05 12:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2007.02.01 16:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQLite
[2007.02.01 08:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Infineon
[2007.02.01 18:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo
[2008.03.06 13:17:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IrfanView
[2007.08.05 19:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2009.07.07 20:49:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Miranda
[2009.01.26 13:42:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mount&Blade
[2008.03.18 14:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.02.21 00:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2010.01.19 20:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PacificPoker
[2009.07.22 16:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2007.02.01 17:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2008.05.21 11:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TrueCrypt
[2007.02.01 15:39:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2007.12.04 19:17:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avg7
[2009.08.09 15:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2007.02.01 08:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Infineon
[2008.09.23 18:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008.06.13 19:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2007.06.15 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments
[2007.07.09 20:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2007.04.05 10:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.12.08 14:01:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2007.02.01 16:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.03.19 19:56:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004.08.04 10:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 10:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Programme\MATLAB\R2009a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
[2004.08.04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 10:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SCHEDULER.EXE >
[2006.02.15 17:43:16 | 000,892,928 | ---- | M] () MD5=8C453D114162391EE5E6C132A499C647 -- C:\WINDOWS\SMINST\Scheduler.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.11.25 23:26:31 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004.08.07 09:42:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.08.07 09:42:24 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.08.07 09:42:24 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

Ok, fehlt noch RootRepeal.

Hier you are... :-)

Zitat:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/05 13:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ao4i5lnp.SYS
Image Path: C:\WINDOWS\System32\Drivers\ao4i5lnp.SYS
Address: 0xF5A47000 Size: 421888 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA404D000 Size: 876544 File Visible: No Signed: -
Status: -

Name: otpafe.sys
Image Path: otpafe.sys
Address: 0xF751B000 Size: 54016 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP4878
Image Path: \Driver\PCI_NTPNP4878
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9D6F4000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7b7cd86

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b7cd7c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7b7cd8b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7b7cd95

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf7336fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf7337340

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7b7cd9a

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf73310b0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b7cd68

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b7cd6d

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf7337418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf7337298

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7b7cda4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7b7cd9f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7b7cd90

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7b7cd77

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f5b1e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8643c790 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86f5d1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86394790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86475790 Size: 121

Object: Hidden Code [Driver: ao4i5lnpЅ
瑎摆Ёః䵃, IRP_MJ_CREATE]
Process: System Address: 0x86342248 Size: 121

Object: Hidden Code [Driver: ao4i5lnpЅ
瑎摆Ёః䵃, IRP_MJ_CLOSE]
Process: System Address: 0x86342248 Size: 121

Object: Hidden Code [Driver: ao4i5lnpЅ
瑎摆Ёః䵃, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86342248 Size: 121

Object: Hidden Code [Driver: ao4i5lnpЅ
瑎摆Ёః䵃, IRP_MJ_POWER]
Process: System Address: 0x86342248 Size: 121

Object: Hidden Code [Driver: ao4i5lnpЅ
瑎摆Ёః䵃, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86342248 Size: 121

Object: Hidden Code [Driver: ao4i5lnpЅ
瑎摆Ёః䵃, IRP_MJ_PNP]
Process: System Address: 0x86342248 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x86f5c1e8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x86f5c1e8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5c1e8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x86f5c1e8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5c1e8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x86f5c1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fcf1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85ddf790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85ddf790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85ddf790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85ddf790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85ddf790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85ddf790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x864995a0 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x85da6790 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_CREATE]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_CLOSE]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_READ]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_CLEANUP]
Process: System Address: 0x85d115f8 Size: 121

Object: Hidden Code [Driver: 0000, IRP_MJ_PNP]
Process: System Address: 0x85d115f8 Size: 121

==EOF==

hatte was länger gedauert...

Daemon-Müll versaut jedes Log...

1. Starte OTL.
Kopiere unten in das Skript-Feld rein:

Zitat:

:OTL
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (CiscoVpnInstallService) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell00\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell01\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\Shell\Shell02\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\Shell\AutoRun - "" = Auto&Play

:Commands
[clearallrestorepoints]

Klicke auf Run Fix.
Neustart zulassen, wenn gefragt.
Poste das Fix Log, zu finden unter c:\_OTL

2. Hol dir AVZ
Entpacke und starte AVZ.
Führe einen Update durch (Button auf der rechten Seite unten ("Database Update") - dann auf Start).
Nach dem Update:
Setze oben links ein Häkchen beim Laufwerk C:
Wechsle zu "File Types" und wähle All Files.
Wechsle zu "Search Parameters", setze zusätzlich ein Häkchen bei
Block User-Mode Rootkits und
Block Kernel-Mode Rootkits

Schließe alle anderen Programme.
Klicke auf Start, der Scan wird eine Weile in Anspruch nehmen.
Speichere nach dem Scan das Log mit dem Button unten rechts "Save Log" und poste es.

HI,
hier schonmal OTL:

Zitat:

========== OTL ==========
Error: No service named RichVideo) Cyberlink RichVideo Service(CRVS was found to stop!
Service\Driver key RichVideo) Cyberlink RichVideo Service(CRVS not found.
File File not found not found.
Service CiscoVpnInstallService stopped successfully!
Service CiscoVpnInstallService deleted successfully!
File File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
C:\Programme\PartyGaming\PartyPoker\RunApp.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Programme\PartyGaming\PartyPoker\RunApp.exe not found.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {32564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmv8dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637bcf83-0b0a-11dd-8951-001641f52db6}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdc2976-b0bd-11dd-8a0a-001641f52db6}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdc297a-b0bd-11dd-8a0a-001641f52db6}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c074d622-b1c0-11db-8d3a-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c074d622-b1c0-11db-8d3a-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c074d622-b1c0-11db-8d3a-806d6172696f}\ not found.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.1.37.3 log created on 04052010_144115

und nun noch der rest, also avzlog:

Zitat:

AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 05.04.2010 22:00:25
Database loaded: signatures - 269598, NN profile(s) - 2, malware removal microprograms - 56, signature database released 04.04.2010 22:25
Heuristic microprograms loaded: 382
PVS microprograms loaded: 9
Digital signatures of system files loaded: 192562
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=085700)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055C700
KiST = 8050446C (284)
Function NtCreateKey (29) intercepted (806237B6->A83F2A36), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (35) intercepted (805D0FE2->A83F2A2C), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteKey (3F) intercepted (80623C46->A83F2A3B), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteValueKey (41) intercepted (80623E16->A83F2A45), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateKey (47) intercepted (80623FF6->F7336FB2), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateValueKey (49) intercepted (80624260->F7337340), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey (62) intercepted (806259B2->A83F2A4A), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenKey (77) intercepted (80624B88->F73310B0), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (7A) intercepted (805CB40A->A83F2A18), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenThread (80) intercepted (805CB696->A83F2A1D), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryKey (A0) intercepted (80624EAE->F7337418), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (806219EE->F7337298), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (C1) intercepted (80625862->A83F2A54), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (CC) intercepted (8062516E->A83F2A4F), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (80621D3C->A83F2A40), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (101) intercepted (805D29AC->A83F2A27), hook not defined
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 284, intercepted: 16, restored: 16
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 86F641E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 86F641E8 -> hook not defined
Checking - complete
2. Scanning RAM
Number of processes found: 60
Number of modules loaded: 599
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Media Player\CurrentDatabase_360.wmdb
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Perflib_Perfdata_48c.dat
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Perflib_Perfdata_8dc.dat
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\~DF5034.tmp
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf\History.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\All Users\DRM\drmstore.hds
Direct reading: C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Cookies\index.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\History\History.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
Direct reading: C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat
Direct reading: C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Direct reading: C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Verlauf\History.IE5\index.dat
Direct reading: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
Direct reading: C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG
Direct reading: C:\System Volume Information\tracking.log
Direct reading: C:\System Volume Information\_restore{B32AEE6A-215A-4A68-95FC-9CABBF245D43}\RP686\change.log
Direct reading: C:\WINDOWS\Internet Logs\tvDebug.log
Direct reading: C:\WINDOWS\SchedLgU.Txt
Direct reading: C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Direct reading: C:\WINDOWS\system32\CatRoot2\edb.log
Direct reading: C:\WINDOWS\system32\CatRoot2\tmp.edb
Direct reading: C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Direct reading: C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Direct reading: C:\WINDOWS\system32\config\ACEEvent.evt
Direct reading: C:\WINDOWS\system32\config\AppEvent.Evt
Direct reading: C:\WINDOWS\system32\config\Credenti.evt
Direct reading: C:\WINDOWS\system32\config\default
Direct reading: C:\WINDOWS\system32\config\Internet.evt
Direct reading: C:\WINDOWS\system32\config\SAM
Direct reading: C:\WINDOWS\system32\config\SecEvent.Evt
Direct reading: C:\WINDOWS\system32\config\SECURITY
Direct reading: C:\WINDOWS\system32\config\SysEvent.Evt
Direct reading: C:\WINDOWS\system32\config\system
Direct reading: C:\WINDOWS\system32\drivers\sptd.sys
Direct reading: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Direct reading: C:\WINDOWS\system32\MsDtc\MSDTC.LOG
Direct reading: C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log
Direct reading: C:\WINDOWS\system32\msmq\storage\QMLog
Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Direct reading: C:\WINDOWS\Temp\Perflib_Perfdata_8b0.dat
Direct reading: C:\WINDOWS\WindowsUpdate.log
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Programme\HPQ\IAM\bin\1031\SFSShell.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\HPQ\IAM\bin\1031\SFSShell.dll>>> Behaviour analysis
Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Process termination timeout is out of admissible values
>> Service termination timeout is out of admissible values
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 223237, extracted from archives: 142984, malicious software found 0, suspicions - 0
Scanning finished at 05.04.2010 22:44:10
!!! Attention !!! Restored 16 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 00:43:47
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address hxxp://virusinfo.info conference

Ok, eine Menge Hooks, hängt wohl mit diesem Cognizance zusammen.
Macht der Rechner noch Probleme?

nein, die popups sind weg...

was bedeutet das eine menge hooks??

Hooks sind salopp gesagt Umleitungen von Kernelfunktionen. Können von Rootkits stammen aber auch von legitimen Programmen (z. B. Securityprogrammen). In diesem Fall sieht's nicht nach einem Rootkit aus.

Sicherheitshalber noch etwas Fleißarbeit:

1. http://www.trojaner-board.de/51871-a...tispyware.html

2. http://www.trojaner-board.de/59299-a...eb-cureit.html