Microsoft-Update-Seite "kann nicht angezeigt werden"

Meeluh · 12.04.2010, 21:18

Hallo,

hatte die letzte Zeit Probleme mit Umleitungen von Google-Suchergebnissen zu diversen Werbe- und Poker/Casino-Webseiten.
Ausserdem klappt das manuelle Windows-Update über die Systemsteuerung/Sicherheitscenter nicht.
Bekomme im Internet Explorer immer angezeigt: "Webseite kann nichtangezeigt werden."
Meine Versuche es mit Avira 10, Spyboot, Hijack oder Bitdefender Quickscan zu beseitigen haben nix gebracht.

Habe dann mal nach den Vorgaben hier
- CCleaner
- Malwarbytes
- RSIT
drüber laufen lassen.

Die Umleitung von Google zu unerwünschten Webseiten ist (seit vorhin) weg, aber das Windows-Update klappt noch immer nicht.
Ausserdem klappt auch die Installation eines bereits heruntergeladenen Updates beim ausschalten des PC nicht. Anzeige: Update konnte nicht installiert werden.

Ich vermute mal schwer, das sich da noch irgendwas Böses in den Tiefen der Festplatte verbirgt...

Verwende den Firefox, Antivir 10, Spyboot, Hijack und CCleaner.

hier die Logs:

Zitat:

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 3980

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.04.2010 21:50:14
mbam-log-2010-04-12 (21-50-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 738
Laufzeit: 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

info.txt logfile of random's system information tool 1.06 2010-04-12 18:24:32

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agere Systems HDA Modem-->agrsmdel
Album Art Downloader XUI 0.34.1-->C:\Programme\AlbumArtDownloader\uninst.exe
Any Video Converter 2.7.6-->"C:\Programme\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCrypt USB-Protect Version 1.0.3.3328-->"C:\Programme\ArchiCrypt\ArchiCrypt USB-Protect 1\unins000.exe"
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Avi2Dvd 0.4.5 beta-->C:\Programme\Avi2Dvd\uninst.exe
AviSynth 2.5-->"C:\Programme\AviSynth 2.5\Uninstall.exe"
BrowserTweaks.com - IE Screenshot Pro toolbar button for IE-->"C:\Programme\BrowserTweaks\IEScreenshotPro\unins000.exe"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
CD-Labelscan 2.02-->"C:\Programme\CD-Labelscan\unins000.exe"
Citrix Presentation Server Client - Nur Web-->MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
ConvertHelper 2.2-->"C:\Programme\ConvertHelper\unins000.exe"
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
CPUID CPU-Z 1.53.1-->"C:\Programme\CPUID\CPU-Z\unins000.exe"
Driver Genius Professional Edition-->"C:\Programme\Driver-Soft\DriverGenius\unins000.exe"
DSL Connection Manager-->C:\Programme\InstallShield Installation Information\{6BD56B1C-71E3-411E-8B45-8A73EE81C42F}\setup.exe -runfromtemp -l0x0007 -removeonly
Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\unwise.exe
Foxit PDF Editor-->C:\Programme\Foxit Software\PDF Editor\uninstall.exe
Foxit PDF IFilter-->MsiExec.exe /I{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Free Audio Converter version 1.3-->"C:\Programme\DVDVideoSoft\Free Audio Converter\unins000.exe"
Free Studio version 4.4-->"C:\Programme\DVDVideoSoft\Free Studio\unins000.exe"
G-Force-->C:\Programme\SoundSpectrum\G-Force\Uninstall.exe
Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HWiNFO32 Version 3.35-->"C:\Programme\HWiNFO32\unins000.exe"
ImgBurn-->"C:\Programme\ImgBurn\uninstall.exe"
Java 2 Runtime Environment, SE v1.4.2_19-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142190}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Launch Manager V1.2.4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x7 -uninst
Lightscreen-->"C:\Programme\Lightscreen\uninstall.exe"
MAGIX Filme auf DVD TerraTec Edition 7.0.3.6 (D)-->C:\Programme\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\unwise.exe
MAGIX Online Druck Service 3.4.3.0 (D)-->C:\Programme\MAGIX\Online_Druck_Service\unwise.exe
MAGIX Screenshare 4.3.6.1987 (D)-->C:\Programme\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.2-->"C:\Programme\MediaMonkey\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{16D2E10E-DE43-4F6C-AC76-3AA4FCD9D50C}
OmniPass-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x7
PC Connectivity Solution-->MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
ratDVD 0.78.1444-->C:\Programme\ratDVD\uninst.exe
RocketDock 1.3.5-->"C:\Programme\RocketDock\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Spb Phone Suite-->C:\Programme\Microsoft ActiveSync\Spb Phone Suite\Uninstall.exe Spb Phone Suite
Spb Traveler-->C:\Programme\Microsoft ActiveSync\Spb Traveler\Uninstall.exe Spb Traveler
Spb Wallet 2.0.0-->"C:\Programme\Spb Wallet\unins000.exe"
Spb Wallet-->C:\Programme\Microsoft ActiveSync\Spb Wallet\Uninstall.exe Spb Wallet
Spb Xonix II qVGA-->C:\Programme\Microsoft ActiveSync\Spb Xonix II QVGA\Uninstall.exe Spb Xonix II qVGA
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Steganos Safe OEM-->C:\Programme\Steganos Safe OEM\uninstall.exe
SUPER © Version 2010.bld.37 (Jan 2, 2010)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
TL-WN321G-Drahtlos-Tool-->"C:\Programme\InstallShield Installation Information\{7EF80615-639D-4BD0-B612-E347096452AD}\setup.exe" -runfromtemp -l0x0007 -removeonly
Ultralingua-->C:\Programme\Ultralingua\Ultralingua 4\uninstall.exe
Uniblue RegistryBooster 2009-->"H:\Software\RegistryBooster 2009\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
UseNeXT-->"C:\Programme\UseNeXT\unins000.exe"
VistaMizer 3.3.0.0-->C:\WINDOWS\VistaMizer\Uninstall.exe
VLC media player 0.9.8a-->C:\Programme\VideoLAN\VLC\uninstall.exe
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZoneAlarm-->C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 w*w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 w*w.008k.com
127.0.0.1 008k.com
127.0.0.1 w*w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 w*w.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop
FW: ZoneAlarm Firewall

======System event log======

Computer Name: **************-57C3E06
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 17185
Source Name: Service Control Manager
Time Written: 20100302161308.000000+060
Event Type: Informationen
User:

Computer Name: ******************-57C3E06
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 17184
Source Name: Service Control Manager
Time Written: 20100302161301.000000+060
Event Type: Informationen
User:

Computer Name: *******************-57C3E06
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet.

Record Number: 17183
Source Name: Service Control Manager
Time Written: 20100302161301.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name:******************-57C3E06
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 17182
Source Name: Service Control Manager
Time Written: 20100302161301.000000+060
Event Type: Informationen
User:

Computer Name: ****************-57C3E06
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 17181
Source Name: Service Control Manager
Time Written: 20100302161301.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: ********************-57C3E06
Event Code: 0
Message:
Record Number: 2910
Source Name: gusvc
Time Written: 20091202105818.000000+060
Event Type: Informationen
User:

Computer Name: ********************-57C3E06
Event Code: 0
Message:
Record Number: 2909
Source Name: gusvc
Time Written: 20091202105717.000000+060
Event Type: Informationen
User:

Computer Name: *******************-57C3E06
Event Code: 0
Message:
Record Number: 2908
Source Name: gusvc
Time Written: 20091202105149.000000+060
Event Type: Informationen
User:

Computer Name: ****************-57C3E06
Event Code: 0
Message:
Record Number: 2907
Source Name: gupdate1ca137293d81c76
Time Written: 20091202105124.000000+060
Event Type: Informationen
User:

Computer Name: ************************-57C3E06
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 2906
Source Name: Avira AntiVir
Time Written: 20091202105055.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;C:\Programme\Business Objects\Common\3.5\bin\NOTES\;C:\Programme\Business Objects\Common\3.5\bin\NOTES\DATA\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Softex\OmniPass;C:\Programme\Samsung\Sam sung PC Studio 3\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by ****** at 2010-04-12 18:23:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 1022 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:28, on 12.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programme\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\RocketDock\rocketdock .exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\*******\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\********.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.o2online.de/goto/isphome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://msdn2.microsoft.com/en-us/netframework/aa569263.aspx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Programme\Spb Wallet\SpbWalletToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\rocketdock .exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Make Advanced Screenshot - res://C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: IE Screenshot Pro - {75D74791-9D1E-4baf-B4BD-C91976BEBEF6} - C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL
O9 - Extra 'Tools' menuitem: Make Advanced Screenshot - {75D74791-9D1E-4baf-B4BD-C91976BEBEF6} - C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: IE Screenshot Pro - {75D74791-9D1E-4baf-B4BD-C91976BEBEF6} - C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Make Advanced Screenshot - {75D74791-9D1E-4baf-B4BD-C91976BEBEF6} - C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1ca137293d81c76) (gupdate1ca137293d81c76) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8540 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{49116150-98FB-4D56-ACFA-79C84CE64110}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-23 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-23 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-02-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2913D3DD-9363-4C21-B205-C19A584A0674} - Spb Wallet - C:\Programme\Spb Wallet\SpbWalletToolbar.dll [2009-02-05 113152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-23 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-05-11 88204]
"ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Programme\RocketDock\rocketdock .exe [2007-09-02 495616]
"ISUSPM"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe [2010-03-23 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
E:\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-30 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Programme\Softex\OmniPass\opxpgina.dll [2005-09-22 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\DSL Connection Manager\DSLCoMan.exe"="C:\Programme\DSL Connection Manager\DSLCoMan.exe:*:Enabled

SL Connection Manager"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\graxku.exe"="C:\WINDOWS\system32\graxku.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-04-12 18:23:39 ----D---- C:\rsit
2010-04-12 16:06:23 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Malwarebytes
2010-04-12 16:05:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-12 16:05:39 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-12 14:12:28 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-12 13:42:26 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Avira
2010-04-12 13:36:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2010-04-12 09:40:44 ----D---- C:\Programme\AlbumArtDownloader
2010-04-05 18:17:30 ----D---- C:\Programme\7-Zip
2010-04-05 13:57:03 ----A---- C:\WINDOWS\system32\VB5DE.dll
2010-04-05 13:57:03 ----A---- C:\WINDOWS\system32\TabCtDE.dll
2010-04-05 13:57:03 ----A---- C:\WINDOWS\system32\CmDlgDE.dll
2010-04-05 13:57:02 ----D---- C:\Programme\CD-Labelscan
2010-04-05 13:21:39 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Canneverbe Limited
2010-04-04 17:40:13 ----D---- C:\Programme\QuickTime
2010-04-04 17:40:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-04-04 17:36:29 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-04-04 17:35:36 ----D---- C:\Programme\Apple Software Update
2010-04-04 17:35:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2010-03-24 20:05:33 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\QuickScan
2010-03-24 15:33:27 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-20 15:36:16 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\CoSoSys
2010-03-16 13:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-12 18:24:28 ----D---- C:\Programme\Trend Micro
2010-04-12 18:22:44 ----D---- C:\WINDOWS\Internet Logs
2010-04-12 18:17:11 ----D---- C:\WINDOWS
2010-04-12 18:14:48 ----D---- C:\WINDOWS\Temp
2010-04-12 18:11:40 ----D---- C:\WINDOWS\system32\Lang
2010-04-12 18:10:05 ----SD---- C:\WINDOWS\Tasks
2010-04-12 18:09:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-12 18:08:23 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-12 18:04:26 ----D---- C:\Programme\CCleaner
2010-04-12 17:50:07 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\U3
2010-04-12 17:33:54 ----D---- C:\WINDOWS\system32\drivers
2010-04-12 16:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-12 16:21:42 ----D---- C:\WINDOWS\system32
2010-04-12 16:05:39 ----RD---- C:\Programme
2010-04-12 15:53:47 ----SHD---- C:\WINDOWS\Installer
2010-04-12 15:34:28 ----SHD---- C:\System Volume Information
2010-04-12 14:49:45 ----D---- C:\Programme\Google
2010-04-12 14:16:26 ----HD---- C:\WINDOWS\inf
2010-04-12 14:12:27 ----D---- C:\WINDOWS\repair
2010-04-12 14:12:14 ----D---- C:\WINDOWS\Registration
2010-04-12 14:01:19 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-04-12 13:36:08 ----D---- C:\Programme\Avira
2010-04-12 13:25:47 ----HD---- C:\Programme\InstallShield Installation Information
2010-04-12 13:24:32 ----D---- C:\Programme\3D-RealityMaps
2010-04-12 13:08:26 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Nokia
2010-04-12 13:07:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2010-04-12 13:07:28 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-12 13:06:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-12 12:23:40 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\UseNeXT
2010-04-12 09:27:23 ----D---- C:\WINDOWS\WinSxS
2010-04-10 10:39:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-05 17:45:54 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Any Video Converter
2010-04-05 17:36:00 ----D---- C:\Programme\Any Video Converter
2010-04-05 17:14:20 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-04-05 17:13:41 ----RSD---- C:\WINDOWS\assembly
2010-04-05 16:37:25 ----D---- C:\Programme\CDBurnerXP
2010-04-05 14:35:27 ----D---- C:\Programme\DVDVideoSoft
2010-04-05 12:44:25 ----D---- C:\Programme\Mozilla Firefox
2010-04-05 10:22:04 ----D---- C:\Programme\Internet Explorer
2010-04-04 17:58:11 ----D---- C:\Programme\UseNeXT
2010-04-04 15:32:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-04 15:32:15 ----D---- C:\WINDOWS\Debug
2010-04-04 14:54:55 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-04-04 14:50:46 ----D---- C:\WINDOWS\ie8updates
2010-04-04 14:47:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-24 20:26:33 ----D---- C:\WINDOWS\network diagnostic
2010-03-24 16:37:16 ----D---- C:\WINDOWS\Prefetch
2010-03-24 16:13:57 ----D---- C:\Programme\DSL Connection Manager
2010-03-21 15:44:29 ----D---- C:\Programme\Mozilla Thunderbird
2010-03-16 17:29:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-03-16 14:45:27 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Research In Motion
2010-03-16 14:44:07 ----D---- C:\Programme\Research In Motion
2010-03-16 14:43:58 ----RSD---- C:\WINDOWS\Fonts
2010-03-16 13:58:12 ----D---- C:\Programme\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Programme\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver]; \??\C:\WINDOWS\system32\drivers\Sleen16.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-05 42000]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-05-13 1094881]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-30 1333760]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-09-22 116594]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-18 3856896]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-07-13 67968]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-09-06 56648]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys []
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys []
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys []
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys []
S3 QV2KUX;Casio-Digitalkamera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RT73;TL-WN321G USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2009-07-03 465152]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 StMp3Rec;Treiber für Player-Wiederherstellungsgerät; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2006-06-27 71368]
S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accvssvc;AccSys WLAN Control Service; C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe [2007-06-11 126976]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-30 376832]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-02-07 153376]
R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 omniserv;Softex OmniPass Service; C:\Programme\Softex\OmniPass\Omniserv.exe [2005-09-22 32768]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S2 gupdate1ca137293d81c76;Google Update Service (gupdate1ca137293d81c76); C:\Programme\Google\Update\GoogleUpdate.exe [2009-08-02 133104]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 190448]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Habe ich etwas vergessen......????

Wer von den Cracks hier hat eine Ahnung?

cosinus · 13.04.2010, 20:30

Hallo und

Lass mal tiefer graben: Erstell Logfile mit GMER und OSAM danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Meeluh · 14.04.2010, 14:43

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:33:29 on 14.04.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Common]
-----( %SystemRoot%\Tasks )-----
"At1.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At10.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At11.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At12.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At13.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At14.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At15.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At16.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At17.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At18.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At19.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At2.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At20.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At21.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At22.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At23.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At24.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At3.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At4.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At5.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At6.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At7.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At8.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At9.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
"CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe
"WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl
"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl
"scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"Hotkey" (Hotkey) - ? - C:\WINDOWS\system32\drivers\Hotkey.sys (File found, but it contains no detailed information)
"HWiNFO32 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - C:\Programme\HWiNFO32\HWiNFO32.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"mailKmd" (mailKmd) - ? - C:\WINDOWS\system32\drivers\mailKmd.sys (File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys
"Nokia USB Generic" (Nokia USB Generic) - ? - C:\WINDOWS\System32\drivers\nmwcdc.sys (File not found)
"Nokia USB Modem" (Nokia USB Modem) - ? - C:\WINDOWS\System32\drivers\nmwcdcm.sys (File not found)
"Nokia USB Phone Parent" (Nokia USB Phone Parent) - ? - C:\WINDOWS\System32\drivers\nmwcd.sys (File not found)
"Nokia USB Port" (Nokia USB Port) - ? - C:\WINDOWS\System32\drivers\nmwcdcj.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"srescan" (srescan) - "Zone Labs, LLC" - C:\WINDOWS\System32\ZoneLabs\srescan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information)
"Steganos Live Encryption Engine 16 [Driver]" (SLEE_16_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\WINDOWS\system32\drivers\Sleen16.sys
"TL-WN321G USB Wireless Adapter" (RT73) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt73.sys
"Treiber für Player-Wiederherstellungsgerät" (StMp3Rec) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\StMp3Rec.sys
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\System32\vsdatant.sys
"Wbutton" (Wbutton) - ? - C:\WINDOWS\system32\drivers\Wbutton.sys (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll (File found, but it contains no detailed information)
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - C:\Programme\Outlook Express\wabfind.dll
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\photowiz.dll
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll (File found, but it contains no detailed information)
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found)
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\system32\hticons.dll
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - C:\WINDOWS\system32\cabview.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Wcesview.dll
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found)
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\remotepg.dll
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Programme\Softex\OmniPass\opfolderext.dll
{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Programme\Softex\OmniPass\opfolderext.dll
{FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Programme\Steganos Safe OEM\ShellExtension.dll (File found, but it contains no detailed information)
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found)
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "ZLAVShExt Class" - "Zone Labs, LLC" - C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4418313E-BF07-4614-830C-6FF1F3E707CD} "IE Screenshot Pro" - "BrowserTweaks.com" - C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "Spb Wallet" - ? - C:\Programme\Spb Wallet\SpbWalletToolbar.dll (File found, but it contains no detailed information)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} "Java Plug-in 1.4.2_19" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_19\bin\npjpi142_19.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4D5C8C25-D075-11d0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\INetRepl.dll
"Exec" - "Microsoft Corporation" - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
{4418313E-BF07-4614-830C-6FF1F3E707CD} "IE Screenshot Pro" - "BrowserTweaks.com" - C:\PROGRA~1\BROWSE~1\IESCRE~1\IESCRE~1.DLL
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{2913D3DD-9363-4C21-B205-C19A584A0674} "Spb Wallet" - ? - C:\Programme\Spb Wallet\SpbWalletToolbar.dll (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll
"ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll
"user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"RocketDock" - ? - "C:\Programme\RocketDock\rocketdock .exe" (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"ZoneAlarm Client" - "Zone Labs, LLC" - "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca137293d81c76)" (gupdate1ca137293d81c76) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\WINDOWS\system32\PSIService.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Programme\Softex\OmniPass\Omniserv.exe
"TrueVector Internet Monitor" (vsmon) - "Zone Labs, LLC" - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\LogonUI.EXE
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll
"OPXPGina" - ? - C:\Programme\Softex\OmniPass\opxpgina.dll (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Meeluh · 14.04.2010, 14:45

OTL logfile created on: 14.04.2010 13:58:34 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 543,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 16,07 Gb Free Space | 10,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-57C3E06
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programme\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (HWiNFO32) -- C:\Programme\HWiNFO32\HWiNFO32.SYS (REALiX(tm))
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SLEE_16_DRIVER) -- C:\WINDOWS\system32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Microsoft Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (Hotkey) -- C:\WINDOWS\system32\drivers\HOTKEY.sys ()
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = h**p://www.***zeitung.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.****online.de/goto/isphome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {a76cd07b-f0d7-4ef9-9566-8faef6e290e4}:1.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.3
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.4.8
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.0.1
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.05 12:44:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.05 12:44:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 17:44:10 | 000,000,000 | ---D | M]

[2009.08.06 10:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.04.14 13:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions
[2010.03.16 16:28:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.03.21 13:04:22 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.03 22:50:46 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009.08.26 14:07:44 | 000,000,000 | ---D | M] (Bookmark All) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{a76cd07b-f0d7-4ef9-9566-8faef6e290e4}
[2010.01.29 15:13:01 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.03.21 13:04:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.07 11:59:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.10 10:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009.09.17 18:24:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.21 13:04:17 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010.04.10 10:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\isreaditlater@ideashower.com
[2010.04.10 10:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\extensions\smarterwiki@wikiatic.com
[2009.11.23 16:24:06 | 000,000,838 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t7ykb2q2.default\searchplugins\conduit.xml
[2010.04.14 13:04:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.05 12:43:47 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.08 12:15:04 | 000,002,194 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.04.05 12:43:47 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.05 12:43:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.05 12:43:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.05 12:43:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.16 17:23:21 | 000,377,841 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13022 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Spb Wallet) - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Programme\Spb Wallet\SpbWalletToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Spb Wallet) - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Programme\Spb Wallet\SpbWalletToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\rocketdock .exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Make Advanced Screenshot - C:\Programme\BrowserTweaks\IEScreenshotPro\iescreenshotpro.dll (BrowserTweaks.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: IE Screenshot Pro - {75D74791-9D1E-4baf-B4BD-C91976BEBEF6} - C:\Programme\BrowserTweaks\IEScreenshotPro\iescreenshotpro.dll (BrowserTweaks.com)
O9 - Extra 'Tools' menuitem : Make Advanced Screenshot - {75D74791-9D1E-4baf-B4BD-C91976BEBEF6} - C:\Programme\BrowserTweaks\IEScreenshotPro\iescreenshotpro.dll (BrowserTweaks.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Programme\Softex\OmniPass\opxpgina.dll - C:\Programme\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.29 18:34:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.04.15 12:57:52 | 000,000,025 | ---- | M] () - C:\autorun.inf.vir -- [ NTFS ]
O33 - MountPoints2\{57fe7fa4-fb6b-11de-9a80-000ae4ae4f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{57fe7fa4-fb6b-11de-9a80-000ae4ae4f6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57fe7fa4-fb6b-11de-9a80-000ae4ae4f6f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.14 13:24:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR
[2010.04.14 13:24:20 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.04.12 18:23:39 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.12 18:21:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.04.12 16:06:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.04.12 16:05:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.12 16:05:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.12 16:05:40 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.12 16:05:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.12 14:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.04.12 13:42:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Avira
[2010.04.12 13:36:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.12 13:36:12 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.04.12 13:36:11 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.04.12 13:36:10 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.04.12 13:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.04.12 09:44:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\AlbumArtDownloader
[2010.04.12 09:40:44 | 000,000,000 | ---D | C] -- C:\Programme\AlbumArtDownloader
[2010.04.09 15:13:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Neuer Ordner (2)
[2010.04.05 18:17:30 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.04.05 13:57:03 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2010.04.05 13:57:03 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DE.dll
[2010.04.05 13:57:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CmDlgDE.dll
[2010.04.05 13:57:03 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TabCtDE.dll
[2010.04.05 13:57:02 | 000,000,000 | ---D | C] -- C:\Programme\CD-Labelscan
[2010.04.05 13:21:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canneverbe Limited
[2010.04.04 17:40:13 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.04.04 17:40:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.04.04 17:36:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.04.04 17:35:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.04.04 17:35:36 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.04.04 17:35:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.04.04 17:35:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.03.24 20:05:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickScan
[2010.03.24 16:19:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Neuer Ordner
[2010.03.24 15:46:01 | 000,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2010.03.24 15:33:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.20 15:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CoSoSys
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.03.16 13:51:27 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.03 14:44:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.02.15 20:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2010.02.15 10:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.02.15 10:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.02.05 17:38:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2010.02.05 17:38:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.02.05 17:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Google
[2010.02.05 17:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2010.02.05 17:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.01.25 15:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Google
[2010.01.25 15:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.01.25 15:01:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.01.25 15:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft

========== Files - Modified Within 30 Days ==========

[2010.04.14 14:01:33 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{49116150-98FB-4D56-ACFA-79C84CE64110}.job
[2010.04.14 14:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.04.14 13:52:25 | 010,747,904 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.04.14 13:50:48 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.14 13:50:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.04.14 13:49:49 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.04.14 13:49:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.14 13:49:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.14 13:48:47 | 029,503,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.04.14 13:48:47 | 000,350,564 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.04.14 13:48:21 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.04.14 13:41:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.14 13:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.04.14 12:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.04.14 11:43:51 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\2ertpxpr.exe
[2010.04.14 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.04.14 10:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.04.14 09:12:17 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Outlook 2007.lnk
[2010.04.14 09:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.04.13 18:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.04.13 17:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.04.13 16:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.04.13 10:59:39 | 000,001,446 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\APOPLEX THAILAND.rtf
[2010.04.13 10:31:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.13 00:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.04.12 23:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.04.12 22:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.04.12 21:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.04.12 18:04:31 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.04.12 16:05:56 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.12 15:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.04.12 14:52:14 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.12 13:36:43 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.11 14:40:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.10 10:39:21 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010.04.05 20:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.04.05 19:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.04.05 17:14:20 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.05 13:57:04 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CD-Labelscan.lnk
[2010.04.05 13:21:08 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2010.04.04 17:58:11 | 000,001,484 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\UseNeXT.lnk
[2010.04.04 17:50:16 | 000,062,123 | ---- | M] () -- C:\Dokumente und Einstellungen\***\folder.jpg
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.29 13:27:51 | 000,000,177 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\WLAN.rtf
[2010.03.29 13:25:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.03.16 17:23:21 | 000,377,841 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.16 14:38:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

========== Files Created - No Company Name ==========

[2010.04.14 11:43:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\2ertpxpr.exe
[2010.04.13 10:59:38 | 000,001,446 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\APOPLEX THAILAND.rtf
[2010.04.12 16:05:56 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.12 14:52:14 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.12 13:36:43 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.04.05 13:57:04 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CD-Labelscan.lnk
[2010.04.04 17:50:16 | 000,062,123 | ---- | C] () -- C:\Dokumente und Einstellungen\***\folder.jpg
[2010.03.29 13:27:51 | 000,000,177 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\WLAN.rtf
[2010.01.26 09:30:30 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010.01.26 09:30:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010.01.26 09:30:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010.01.26 09:30:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010.01.24 19:58:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.11.10 20:07:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.10.07 18:43:13 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.10.07 18:42:21 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.09.28 12:04:09 | 000,000,024 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Mediaport.conf
[2009.09.18 18:31:05 | 000,000,231 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009.07.20 21:14:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.07.20 20:50:36 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.07.17 10:56:30 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009.07.09 09:50:52 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.06.30 21:26:53 | 000,000,083 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2009.06.30 19:34:44 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2009.06.30 19:22:22 | 000,097,280 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.30 19:14:13 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2009.06.30 19:14:13 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2009.06.30 19:13:49 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009.06.30 18:46:50 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.06.30 15:48:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2009.06.30 15:09:39 | 000,001,337 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009.06.29 18:53:15 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.dat.LOG
[2009.06.29 18:53:15 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2009.06.29 18:53:14 | 010,747,904 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2009.04.27 19:37:50 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

FC5A2B2
< End of report >

Meeluh · 14.04.2010, 14:53

der Scan von GMER bleibt ständig hängen.
Hab´s mind. 15-x versucht.

Geht bis zu
Section:C:\\WINDOWS\system32\drivers\atapi.sys

oder

Section C:\\WINDOWS\system32\drivers\disk.sys

dann bleibt alles stehen.

Und den 2. Log von OTL konnte ich hier nicht einfügen, deshalb als Anhang.

cosinus · 14.04.2010, 15:10

Ok. Dann probier mal bitte Folgendes:

Fixen mit OSAM:

Zitat:

[Common]
-----( %SystemRoot%\Tasks )-----
"At1.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At10.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At11.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At12.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At13.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At14.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At15.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At16.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At17.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At18.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At19.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At2.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At20.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At21.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At22.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At23.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At24.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At3.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At4.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At5.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At6.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At7.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At8.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)
"At9.job" - ? - c:\programme\internet explorer\wmpscfgs.exe (File not found)

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM)

Danach:

Lad Dir bitte von hier eine saubere disk.sys am besten direkt auf c: herunter (ist die disk.sys von meiner XP-Installation), danach:

PartedMagic

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 90 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partition wo Windows installiert ist, meistens isses /dev/sda1
6. Benenne auf sda1 die Datei /windows/system32/drivers/disk.sys um in disk.bad
7. Kopiere die saubere disk.sys in den Pfad hinein (/windows/system32/drivers) (müsste eigentlich alles ganz easy über den graphischen Dateibowser in Linux gehen)
8. Starte den Rechner neu und boote Windows
9. Die in Linux umbenannte Datei (disk.bad in system32\drivers) bei Virustotal.com auswerten lassen und Ergebnislink posten
10. Einen neuen Durchlauf mit GMER probieren und Log posten

Microsoft-Update-Seite "kann nicht angezeigt werden"

Plagegeister aller Art und deren Bekämpfung: Microsoft-Update-Seite "kann nicht angezeigt werden"