Hallo zusammen. Zwar ist dieser Rootkit (rootkit.win32.agent.besn in xueboiyc.sys) schon einmal im Forum behandelt worden, leider gab es dort aus gewissen Gründen (keygen) aber keine Lösung.


Dieser Rootkit taucht nun immer wieder auf, egal mit was ich ihn zu löschen versuchte.

Der hier:
trojan.win32.buzus.duug (in xnilrm.sys)
taucht übrigens auch immer wieder auf. Ich habe außerdem das Gefühl, dass trotz des aktiven Kaspersky-Virenschutzes (vielleicht durch die rootkits??) zwischendurch weitere Trojaner & Co auftauchen.

Nun ja:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.05.2010 20:50:46
mbam-log-2010-05-03 (20-50-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135087
Laufzeit: 16 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\fis.amo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.amo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\drivers\xnilrm.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\xueboiyc.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


(xnilrm und xueboiyc sind einfach nicht totzukriegen^^)



RSIT & Hijack This

info.txt logfile of random's system information tool 1.06 2010-05-03 20:53:21

======Uninstall list======

-->"C:\Programme\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5608AF0C-8F3F-467E-A37F-C68D3793FAFB}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
21 Marble Insanity by John Min-->MsiExec.exe /X{6BA2C0FB-7EF3-11D7-9E00-0004769EEFEB}
3D GameStudio-->C:\WINDOWS\unin0407.exe -fC:\Programme\GStudio\DeIsL1.isu -cC:\Programme\GStudio\_ISREG32.DLL
ABM 1.1-->C:\Games\ABM\uninst.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adrenalin Demo-->"C:\Programme\Adrenalin Demo\Uninstall.exe" "C:\Programme\Adrenalin Demo\install.log"
Age of Castles-->C:\Programme\Age of Castles\uninstall.exe
AGEIA PhysX v2.4.4-->"C:\Programme\AGEIA Technologies\uninstall.exe"
AMCAP-->MsiExec.exe /X{7E60C9C0-B135-41FE-8EEA-0B021BB63234}
America-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\DATA BECKER\America\Uninst.isu"
American Conquest Fight Back-->C:\Programme\American Conquest - Fight Back\uninstall.exe
American Conquest-->C:\Programme\American Conquest\uninstall.exe
Animals in 3D-->C:\WINDOWS\system32\Uninstal.exe
AOL Coach Version 1.0(Build:20040229.1 de)-->"C:\Programme\Gemeinsame Dateien\aolshare\Coach\AolCInUn.exe" -lang="de-de"
AOL Deinstallation-->C:\Programme\Gemeinsame Dateien\AOL\uninstaller.exe
AOL Meine Fotos Bildschirmschoner-->C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Armagetron-->C:\Programme\Armagetron\Uninstal.exe
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C} /l1031
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.02.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1031
ATI Remote Wonder 2.3-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3347F781-9C89-4C9B-B471-B1FFC3BC4A84} /l1031
ATI TVTV Help-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{45E631D2-3822-4580-9476-7465BF58AC62}\setup.exe" -l0x7
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
AuthorScript Engine 1.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{752CA503-E29F-4610-A1A4-B21CDC58EF8D} /l1031
Autobahn Raser 3-->C:\PROGRA~1\Davilex\AUTOBA~2\UNINST32.EXE C:\PROGRA~1\Davilex\AUTOBA~2\install.Log
Autobahn Raser IV-->C:\PROGRA~1\Davilex\AUTOBA~1\UNINST32.EXE C:\PROGRA~1\Davilex\AUTOBA~1\INSTALL.LOG
BaqSoft WinInBlaQ 3-->C:\Programme\BaqSoft\WinInBlaQ\unins000.exe
Beach King-->C:\PROGRA~1\Davilex\BEACHK~1\UNINST32.EXE C:\PROGRA~1\Davilex\BEACHK~1\INSTALL.LOG
Biologie Chemie 5 bis 13-->C:\WINDOWS\unin0407.exe -f"C:\Programme\Schülerhilfe\Biologie Chemie 5 bis 13\DeIsL1.isu" -c"C:\Programme\Schülerhilfe\Biologie Chemie 5 bis 13\_ISREG32.DLL"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BootSkin-->C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
briblo Screen Saver-->C:\WINDOWS\system32\briblo.scr /u
Bridge Builder Demo-->C:\PROGRA~1\BRIDGE~1\UNWISE.EXE C:\PROGRA~1\BRIDGE~1\INSTALL.LOG
CamSpace-->C:\Programme\CamSpace\uninstall.exe
Canon PIXMA iP1500-->C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0407.dll"
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe C:\Programme\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Cartoonist 1.3-->"C:\Programme\Cartoonist\unins000.exe"
Castle Attack Install-->C:\Programme\Castle Attack\SXUNINST.EXE
CCleaner-->"C:\Programme\kill_Virus_etc\CCleaner\uninst.exe"
Championsheep Rally-->C:\Programme\Black Sheep Studio\Championsheep Rally\uninst.exe
Chipcard master 5.15-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Cmaster\ST6UNST.LOG"
Clickster-->C:\Programme\Clickster\Uninst.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Cossacks - Back To War-->C:\WINDOWS\una2setup.exe
Cossacks II-->C:\Programme\GSC Game World\Cossacks II\uninstall.exe
DAO-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Das Latein-Wörterbuch 2.1-->C:\Programme\Latein-Wörterbuch\unins000.exe
DeskoverX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70EDC5C-5B1F-4E71-8B2E-AE4E2C73483E}
DeskScapes (Free)-->"C:\Programme\Stardock\Object Desktop\DeskScapes\UninstHelper.exe" /autouninstall dksw
DesktopX-->C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\INSTALL.LOG
die ReadKVK Applikation-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2F315767-6230-4980-BE36-C2E91D42BBB8}\Setup.exe" -l0x7
Die Römer-->C:\Programme\Die Römer\Uninstall\uninstall.exe /C "/U:C:\Programme\Die Römer\Uninstall\uninstall.xml"
Die Siedler - Honig für den König-->"C:\Programme\Ubisoft\Bluebyte\Die Siedler - Honig für den König\uninstall.exe"
Die Siedler II - Die nächste Generation-->"C:\Programme\Ubisoft\Funatics\Die Siedler II - Die nächste Generation\uninstall.exe"
Die Siedler III Gold Edition-->C:\WINDOWS\IsUn0407.exe -fC:\BlueByte\Siedler3\Uninst.isu -x -c"C:\BlueByte\Siedler3\install\itools.dll"
Die Völker 2 Gold Edition-->MsiExec.exe /X{8C0A88AE-8388-42D5-9134-149BCD77E4F2}
Digital Camera Driver-->C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
Dirty Split (remove only)-->"C:\Programme\Dreamagination\DirtySplit\uninst.exe"
Dominion Wars-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1198DF3B-9322-11D5-8EE9-0050DACFBEBC}\Setup.exe"
Don't Touch My Computer 2 Screen Saver-->C:\WINDOWS\NCUNINST.EXe REMOVE Don't Touch My Computer 2
DSL-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7
Easy CD-DA Extractor 10-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Programme\Easy CD-DA Extractor 10\irunin.xml"
Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
Edgar Torronteras' Extreme Biker-->C:\WINDOWS\IsUn0407.exe -f"C:\SIERRA\Extreme Biker\Uninst.isu"
Enable Viacam 1.1-->"C:\Programme\Enable Viacam\unins000.exe"
eTrust Antivirus Registration-->MsiExec.exe /I{C5223522-2B12-4522-B165-99EE6C88771E}
Eu3 - DEMO-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C181E444-FEF3-4DB7-8A6E-F09791C18346}\Setup.exe" -l0x7
Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\unwise.exe
Flatcast Viewer Plugin 5.2.2.454-->"C:\WINDOWS\unins000.exe"
Flatout2 De Demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3AC04082-2278-47CE-9EA9-A579284B723A}\setup.exe" -l0x7 -removeonly
FM-56PCI-HSFi-AB-->C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F02&SUBSYS_000B1767
Foto-Mosaik 4.1.0-->C:\Programme\Foto-Mosaik\unins000.exe
Freddy:Mathe5/Mathe6-->C:\WINDOWS\iun507.exe C:\Programme\Freddy\Mathe56\irunin.ini
Free Download Manager 3.0-->"C:\Programme\Free Download Manager\unins000.exe"
Free Fire Screensaver-->C:\Programme\Free Fire Screensaver\uninstall.exe
Free iPod Video Converter 1.34-->"C:\Programme\Free iPod Video Converter\unins000.exe"
Free Video to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Freeciv 2.1.5 (GTK+ client)-->"C:\Programme\Freeciv-2.1.5-gtk2\uninstall.exe"
Frog Hunt v1.0-->"c:\games\froghunt\unins000.exe"
FrostWire 4.17.0-->C:\Programme\FrostWire\Uninstall.exe
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
G-Force-->C:\Programme\SoundSpectrum\G-Force\Uninstall.exe
GhostMouse 2.0-->C:\WINDOWS\uninst.exe -fC:\GMouse20\DeIsL1.isu -cC:\GMouse20\_ISREG32.DLL
Google Desktop-->C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x7 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x7 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
Heroes of Might and Magic® III-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\3DO\Heroes3\Uninst.isu -c"C:\Programme\3DO\Heroes3\uninst.dll
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highway Pursuit-->C:\Programme\HighwayPursuit\unins000.exe
HijackThis 2.0.2-->"C:\Programme\kill_Virus_etc\HijackThis\HijackThis.exe" /uninstall
Hotel Gigant-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{949576CE-4627-11D6-A7FE-0050FC21662B}\setup.exe" -uninst
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
ICQ Toolbar-->regsvr32 /u /s "C:\Programme\ICQToolbar\toolbaru.dll"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Icy Tower v1.3.1-->"C:\games\icytower\unins000.exe"
Icy Tower-->c:\games\icytower\Uninstal.exe
Invasion-->MsiExec.exe /X{31E47E5B-5BC6-4214-8FC6-F5D8B16080B7}
iPod for Windows 2006-06-28-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1031
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jack the Destructor (GER)-->"C:\Programme\Jack the Destructor\unins000.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joey (remove only)-->C:\Programme\BRAINGAME\Screenmates\Joey\Uninstall.exe
Kaminfeuer Titanium Edition II-->C:\WINDOWS\ST5UNST.EXE -n "C:\Programme\Kaminfeuer Titanium Edition II\ST5UNST.LOG"
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Keepsake-->"C:\Programme\Wicked Studios\Keepsake\uninstall.exe"
kiss me tiger! - WHISKAS Screen Saver-->C:\WINDOWS\system32\KISSME~1.SCR /U
LADSPA_plugins-win-0.4.15-->"C:\Programme\Audacity\Plug-Ins\unins000.exe"
LAME v3.98.2 for Audacity-->"C:\Programme\Lame for Audacity\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe
Linder BIOLOGIE Stoffwechsel-->C:\Programme\Schroedel\Linder BIOLOGIE Stoffwechsel\UnVOL1.exe
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LuUninstall.LiveUpdate"
LogonStudio-->C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Magic Video Batch Converter 3.6-->"C:\Programme\Magic Video Batch Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\kill_virus_etc\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Age of Empires Expansion-->"C:\Programme\Spiele\Microsoft Games\Age of Empires\UNINSTX.EXE" /runtemp
Microsoft Age of Empires-->C:\Programme\Spiele\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft AutoRoute 2005-->MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Combat Flight Simulator-->"C:\Programme\Microsoft Games\Combat Flight Simulator\UNINSTAL.EXE" /runtemp
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Enzyklopädie 2005-->MsiExec.exe /I{05440044-64A6-4248-A026-9745C1E9E159}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Foto Premium 10-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works-->MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}
Mozilla Firefox (3.0.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Myst III Exile-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}\Setup.exe"
Myst Masterpiece Edition-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Red Orb\Myst Masterpiece Edition\MystMEUninst.isu"
Need for Speed Underground 2-->C:\Programme\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
NeoPaint für Windows (Prüfversion)-->C:\PROGRA~1\NEOPAI~1\UNWISE.EXE C:\PROGRA~1\NEOPAI~1\INSTALL.LOG
Nero Suite-->C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\Setup.exe /uninstall
NFS Underground-->C:\Programme\EA GAMES\NFS Underground\EAUninstall.exe
Niki-->C:\WINDOWS\unin0407.exe -fC:\Programme\Niki\DeIsL1.isu -cC:\Programme\Niki\_ISREG32.DLL
Notion 1.5 Demo-->C:\Programme\Notion Demo\uninst.exe
ODF Add-in für Microsoft Word-->MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}
Oktoberfest Wacky Wiesn Version 1.1-->"C:\Programme\10tacle Studios\Oktoberfest Wacky Wiesn\unins000.exe"
PC-Bibliothek Express-->C:\WINDOWS\unin0407.exe -fC:\PC-BIB\DeIsL1.isu -cC:\PC-BIB\_ISREG32.DLL
PDA digital camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AD054DC5-D7D9-11D7-88A5-0000B485C5DF}\setup.exe"
phase5-->"C:\Programme\phase5\uninstall.exe"
Pinnacle Hollywood FX 4.6-->C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX 4.6\uninstal.log
Pinnacle Hollywood FX Pack - ATI FX-->C:\WINDOWS\unvise32.exe C:\WINDOWS\unhfxpackatifx.log
Pinnacle TRex-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9313E9A6-03DF-11D5-88F8-005004361016}\Setup.exe" -l0x7 UNINSTALL
Polymorf3D Screen Saver-->C:\WINDOWS\Uninstall.exe "C:\WINDOWS\install.log"
POV-Ray for Windows v3.6.1c-->C:\PROGRA~1\POV-RA~1.6\unwise.exe C:\PROGRA~1\POV-RA~1.6\install.log
Prince of Persia The Sands of Time-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0x7
printing-1 3.65-->C:\Programme\printing-1\uninst.exe
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PuzzlesMaster-->C:\Programme\PuzzlesMaster\uninstall.exe
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Razor Gumpfs-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C62DCB40-6014-11D5-986D-00500443CF9F}\Setup.exe"
Real Alternative 1.60-->"C:\Programme\Real Alternative\unins000.exe"
reformat-->C:\WINDOWS\st6unst.exe -n "C:\WINDOWS\system32\ST6UNST.LOG"
Roter Baron III - Herrscher der Lüfte-->C:\Programme\Roter Baron III - Herrscher der Lüfte\uninstall.exe
RTP for RM2K (Png, Wav, Midi, Fonts)-->C:\WINDOWS\UnGins.exe "C:\Programme\Vampires\RTP\install.log"
Sacred Underworld-->"C:\Programme\Ascaron Entertainment\Sacred Underworld\unins000.exe"
Sacred-->"C:\Programme\Ascaron Entertainment\Sacred\unins000.exe"
Santa Claus in trouble ... gold!-->C:\PROGRA~1\SANTAC~1.GOL\UNINST~1\UNWISE.EXE C:\PROGRA~1\SANTAC~1.GOL\UNINST~1\INSTALL.LOG
Screen Antics 2.1-->C:\WINDOWS\uninst.exe
Setup-Start von Microsoft Works 2005-->C:\Programme\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP e:\
Shock Screensaver-->C:\PROGRA~1\Shock\UNWISE.EXE C:\PROGRA~1\Shock\INSTALL.LOG
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShrinkTo5Basic-->C:\Programme\ShrinkTo5Basic\uninstall.exe
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sierra-Dienstprogramme-->C:\Programme\Sierra On-Line\sutil32.exe uninstall
Singles 2 Patch 1.4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2B4770D0-D3D9-498E-BC32-7882B2CC2825}\setup.exe" -l0x9 -removeonly
SkinStudio Free-->C:\PROGRA~1\Stardock\OBJECT~1\SKINST~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\SKINST~1\INSTALL.LOG
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Snow3 1.3.1-->"C:\Programme\Snow3\unins000.exe"
Software Informer 1.0 BETA-->"C:\Programme\Software Informer\unins000.exe"
Stadtplan Generator 5.40-->MsiExec.exe /I{53328244-E005-46A3-B39F-A15F005FECEB}
Star Trek Armada II-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Activision\Star Trek Armada II\STA2.isu"
Star Trek Legacy-->MsiExec.exe /I{287A4E96-AC57-4A19-9B51-C5EED2EAB382}
Stardock Impulse-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}\shareware.exe" REMOVE=TRUE MODIFY=FALSE
Stronghold Crusader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe"
Stronghold-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
Studio 8-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x7 UNINSTALL-L0x7 -c
StyleBuilder (remove only)-->"C:\Programme\TGTSoft\StyleBuilder\StyleBuilder-uninstall.exe"
Sudeki-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AE49300B-06AE-4F30-8E62-60C59A59CA4C} /l1031
Sven XXX - XS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BB9EA451-351D-4EDC-B23E-BFECFCEC0E0F}\Setup.exe" -l0x7
Sven004 Screensaver 01 1.0-->"C:\Programme\Sven004 Screensaver 01\unins000.exe"
TequilaCursor 5.00-->C:\Programme\TequilaCursor\uninstall.exe
The Matrix Trilogy 3D Code Screen Saver v3.4-->"C:\Programme\UselessCreations\Matrix3D\uninst.exe"
The One Ring 3D Screensaver 1.0-->"C:\Programme\The One Ring 3D Screensaver\unins000.exe"
T-Online 6.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\setup.exe" CPAS
T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
Tuned!-->"C:\Programme\tuned\UninstallerData\Uninstall tuned.exe"
TuneUp WinStyler-->MsiExec.exe /I{6FE7F94E-7AF8-421F-9A19-04681A099AE3}
Two Worlds Pinball-->C:\PROGRA~1\TWOWOR~1\Unwise.exe /U C:\PROGRA~1\TWOWOR~1\install.log
UFOInvasion-->C:\Programme\UFOInvasion\SXUNINST.EXE
Ulead Photo Express 5 SE-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\Setup.exe" -l0x7
Ultrawave Guitar Racks version 1.5-->"C:\Programme\Audiozeugs\Ultrawave Guitar Racks\unins000.exe"
UnHackMe 5.80 release-->"C:\Programme\kill_Virus_etc\UnHackMe\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Vampires Dawn 2 - Ancient Blood-->MsiExec.exe /X{23398D03-A9CD-4200-8B1F-6881E1ABB217}
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 1.0.1-->C:\Programme\VideoLAN\VLC\uninstall.exe
VST Bridge 1.1-->"C:\Programme\Audacity\Plug-ins\VST Bridge\unins000.exe"
Web Photo Album 0.9 Beta-->"C:\Programme\Web Photo Album\unins000.exe"
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp (nur entfernen)-->"C:\Programme\Winamp\deinstwa.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wisdom-soft ScreenHunter 5.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
World Racing-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B151F020-1DEE-4716-944F-2759FC3C51DA}
XP-Games JRE-->C:\Programme\XPGames\SXUNINST.EXE
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zoom Player (remove only)-->"C:\Programme\Zoom Player\uninstall.exe"
ZyDAS IEEE 802.11g Wireless LAN - USB-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9

=====HijackThis Backups=====

O8 - Extra context menu item: &Search - hxxp://kp.bar.need2find.com/KP/menusearch.html?p=KP [2010-04-26]
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) [2010-04-26]

======Security center information======

AV: Kaspersky Anti-Virus
FW: F-Secure Anti-Virus 2006 6.10 (disabled)

======System event log======

Computer Name: ****
Event Code: 20158
Message: Der Benutzer "xyz#0001@t-online.de" hat eine Verbindung mit "T-Online" hergestellt, unter Verwendung des Geräts "PPPoE5-0".

Record Number: 52821
Source Name: RemoteAccess
Time Written: 20100329153221.000000+120
Event Type: Informationen
User:

Computer Name: ****
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet".

Record Number: 52820
Source Name: Service Control Manager
Time Written: 20100329153207.000000+120
Event Type: Informationen
User:

Computer Name: ****
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".

Record Number: 52819
Source Name: Service Control Manager
Time Written: 20100329153205.000000+120
Event Type: Informationen
User:

Computer Name: ****
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.

Record Number: 52818
Source Name: Service Control Manager
Time Written: 20100329153205.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Beendet".

Record Number: 52817
Source Name: Service Control Manager
Time Written: 20100329153159.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ****
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.

Record Number: 16163
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20100330154520.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****
Event Code: 0
Message:
Record Number: 16162
Source Name: gusvc
Time Written: 20100330153127.000000+120
Event Type: Informationen
User:

Computer Name: ****
Event Code: 0
Message:
Record Number: 16161
Source Name: iPod Service
Time Written: 20100330153109.000000+120
Event Type: Informationen
User:

Computer Name: ****
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 16160
Source Name: SecurityCenter
Time Written: 20100330153102.000000+120
Event Type: Informationen
User:

Computer Name: ****
Event Code: 0
Message:
Record Number: 16159
Source Name: gupdate1ca30416aefe1d6
Time Written: 20100330153056.000000+120
Event Type: Informationen
User:

=====Security event log=====

Computer Name: ****
Event Code: 576
Message: Besondere Rechte bei neuer Anmeldung:

Benutzername: NETZWERKDIENST

Domäne: NT-AUTORITÄT

Anmeldekennung: (0x0,0x3E4)

Berechtigungen: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 109304
Source Name: Security
Time Written: 20100424202029.000000+120
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\NETZWERKDIENST

Computer Name: ****
Event Code: 528
Message: Erfolgreiche Anmeldung:

Benutzername: NETZWERKDIENST

Domäne: NT-AUTORITÄT

Anmeldekennung: (0x0,0x3E4)

Anmeldetyp: 5

Anmeldevorgang: Advapi

Authentifizierungspaket: Negotiate

Name der Arbeitsstation:

Anmelde-GUID: -

Record Number: 109303
Source Name: Security
Time Written: 20100424202029.000000+120
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\NETZWERKDIENST

Computer Name: ****
Event Code: 551
Message: Benutzerinitiierte Abmeldung:

Benutzername: ****

Domäne: ****

Anmeldekennung: (0x0,0x19397)


Record Number: 109302
Source Name: Security
Time Written: 20100424200340.000000+120
Event Type: Überwachung erfolgreich
User: ****\****

Computer Name: ****
Event Code: 576
Message: Besondere Rechte bei neuer Anmeldung:

Benutzername: NETZWERKDIENST

Domäne: NT-AUTORITÄT

Anmeldekennung: (0x0,0x3E4)

Berechtigungen: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 109301
Source Name: Security
Time Written: 20100424185711.000000+120
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\NETZWERKDIENST

Computer Name: ****
Event Code: 528
Message: Erfolgreiche Anmeldung:

Benutzername: NETZWERKDIENST

Domäne: NT-AUTORITÄT

Anmeldekennung: (0x0,0x3E4)

Anmeldetyp: 5

Anmeldevorgang: Advapi

Authentifizierungspaket: Negotiate

Name der Arbeitsstation:

Anmelde-GUID: -

Record Number: 109300
Source Name: Security
Time Written: 20100424185711.000000+120
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\NETZWERKDIENST

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\Borland\Delphi7\Bin;C:\Programme\Borland\Delphi7\Projects\Bpl\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pr ogramme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD;C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Vielen Dank schon mal im Vorraus, ich hoffe, es gibt noch eine Chance auf Rettung ohne alles platt zu machen.

Gruß
ontirio

PS: Ich kann seltsamerweise keine Antwort schreiben, d.h., dass ich den zweiten Bericht gerade nicht hochladen kann... Ich versuche es morgen einfach noch einmal^^

Hallo und

bitte nen Vollscan mit Malwarebytes machen (vorher aktualisieren!) und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hier konnte ich mir schwer vorstellen, dass meine kümmerlichen Delphi-Programme an allem schuld sein sollen, ich habe sie mal nicht gelöscht/in Quarantäne verschoben...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04.05.2010 17:22:26
mbam-log-2010-05-04 (17-22-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368266
Laufzeit: 2 Stunde(n), 56 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 21

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\info\Rechnen 01\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\info\Zylinder\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\AnalogUhr\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Dreieck_moeglich\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Format\Format1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\function\project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Kegel\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Notenrechner\Notenrechnerproject.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\NotenrechnerEVA\NotenrechnerEVAproject.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Prozeduren\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Timer\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\UmrechnungderWochentage\Umrechnung.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Delphi 7\Zylinder\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Informatik\Rechnen 01\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Quaderberechnung\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Taschenrechner\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Dokumente und Einstellungen\****\Eigene Dateien\Schule\GKs\Informatik\Taschenrechner\Taschenrechner.exe (Trojan.Downloader) -> Not selected for removal.
C:\Programme\Borland\Delphi7\Projects\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\Programme\Borland\Delphi7\Projects\Taschenrechner\Project1.exe (Trojan.Downloader) -> Not selected for removal.
C:\WINDOWS\system32\drivers\xnilrm.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\xueboiyc.sys (Rootkit.Agent) -> Delete on reboot.


OTL logfile created on: 04.05.2010 17:26:13 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Burkhard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 216,00 Mb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 228,52 Gb Total Space | 61,89 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive D: | 2,05 Gb Total Space | 1,48 Gb Free Space | 72,08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ****
Current User Name: ****
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\{819EA0C1-5E17-4798-B6F0-B0805C8B6FAC}\Garbage truck.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Gemeinsame Dateien\aol\1165009021\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe (Stardock)
PRC - C:\Programme\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
PRC - C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe (TuneUp Software GmbH)
PRC - C:\Programme\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (Computer Associates)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\TuneUp WinStyler\WinStylerThemeHelper.dll ()


========== Win32 Services (SafeList) ==========

SRV - (x10nets) -- File not found
SRV - (LiveUpdate Notice) -- File not found
SRV - (GoogleDesktopManager-110309-193829) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (TDslMgrService) -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (AOL LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (CA_LIC_SRVR) -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (Computer Associates)
SRV - (LogWatch) -- C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (Computer Associates)
SRV - (CA_LIC_CLNT) -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (Computer Associates)


========== Driver Services (SafeList) ==========

DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (SASDIFSV) -- C:\Programme\kill_Virus_etc\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\kill_Virus_etc\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Programme\kill_Virus_etc\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (BootScreen) -- C:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (TSMPacket) -- C:\WINDOWS\system32\drivers\tsmpkt.sys (T-Systems)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATITUNEP) -- C:\WINDOWS\system32\drivers\atineuxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio) -- C:\WINDOWS\system32\drivers\atinesxx.sys (ATI Technologies Inc.)
DRV - (atinevxx) -- C:\WINDOWS\system32\drivers\atinevxx.sys (ATI Technologies Inc.)
DRV - (MVDCODEC) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.)
DRV - (ativraxx) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.)
DRV - (TTDec) -- C:\WINDOWS\system32\drivers\atinttxx.sys (ATI Technologies Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ATI Remote Wonder II) -- C:\WINDOWS\system32\drivers\atirwvd.sys (Jungo)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)
DRV - (IMT0521) -- C:\WINDOWS\system32\drivers\IMT0521.sys (Inmax Technology Corp.)
DRV - (X10UIF) -- C:\WINDOWS\system32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ENUM1394) -- C:\WINDOWS\system32\drivers\enum1394.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (PCANDIS5) -- C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\****\Components: C:\Programme\Mozilla Firefox\components [2010.01.28 23:58:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\****\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.21 20:14:28 | 000,000,000 | ---D | M]

[2009.09.14 19:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2009.09.14 19:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.04.06 02:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\648yqgzv.default\extensions
[2009.12.08 21:25:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\648yqgzv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.21 20:15:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.21 20:15:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.20 20:58:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.01.21 19:14:04 | 000,719,064 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv415.dll
[2008.10.16 19:14:24 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\aol\1165009021\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [LogonStudio] C:\Programme\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [Malwareb*tes Anti-Malware (reboot)] C:\Programme\kill_Virus_etc\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OEM-Reset] File not found
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Programme\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - HKCU..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
O4 - HKCU..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Programme\kill_Virus_etc\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\kill_virus_etc\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Garbage truck.lnk = C:\Dokumente und Einstellungen\****\Eigene Dateien\Sonstiges\Designing\Garbagetruckgadgetbyrelhom\Garbage truck.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206437583703 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206437571453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} hxxp://data.flatcast.com/NpFv415.dll (Flatcast Viewer 4.15)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} hxxp://www.flatcast-data.com/data/objects/NpFv501.dll (Flatcast Viewer 5.0)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (WBSYS.DLL) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\MZVKBD3.DLL) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\kill_Virus_etc\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll - C:\Programme\Gemeinsame Dateien\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Programme\Gemeinsame Dateien\Stardock\MCPCore.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop Components:0 () - file:///E:/bilder/snd.gif
O24 - Desktop Components:1 () - file:///C:/DOKUME~1//LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:2 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\kill_Virus_etc\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.09.29 17:08:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.01.20 15:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) - D:\AUTORUN.EXE -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ntvdvr32 - (C:\WINDOWS\system32\sethtbss.dll) - C:\WINDOWS\System32\sethtbss.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 14:11:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2010.05.03 20:53:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.03 19:16:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent
[2010.04.28 23:58:19 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010.04.26 15:59:05 | 000,000,000 | ---D | C] -- C:\Backreg
[2010.04.26 15:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\RestoreSafeDeleted
[2010.04.25 00:29:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010.04.24 23:55:35 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010.04.24 23:55:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\RegRun2
[2010.04.24 23:55:10 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010.04.24 23:55:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\regruninfo
[2010.04.22 20:32:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2010.04.22 20:32:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.22 20:32:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.22 20:32:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.22 20:28:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.04.22 20:28:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SUPERAntiSpyware.com
[2010.04.22 20:26:45 | 000,000,000 | ---D | C] -- C:\Programme\kill_Virus_etc
[2010.04.21 20:14:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.21 20:14:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.21 20:14:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.21 20:14:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.20 20:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.04.20 20:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2010.04.20 20:54:39 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.04.20 20:45:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
[2010.04.06 03:01:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\Super Smash Bros. (Europe) (En,Fr,De)
[2010.04.05 01:28:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.04.05 01:28:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.04.05 01:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.04.05 01:21:25 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2004.09.29 17:53:29 | 000,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 17:30:56 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\xueboiyc.sys
[2010.05.04 17:30:52 | 000,586,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\xnilrm.sys
[2010.05.04 17:22:36 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gyyytjj.sys
[2010.05.04 17:15:05 | 000,001,220 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006UA.job
[2010.05.04 16:33:16 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.04 15:15:05 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006Core.job
[2010.05.04 14:38:31 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.04 14:11:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2010.05.04 14:05:18 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\Partizan.RRI
[2010.05.04 14:03:10 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2010.05.04 13:55:07 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\KLIF.spi
[2010.05.04 13:23:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.04 13:22:42 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.05.04 13:22:21 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.04 13:22:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.04 13:22:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.04 13:22:10 | 536,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.03 22:35:55 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini
[2010.05.03 22:35:54 | 014,155,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\NTUSER.DAT
[2010.05.03 22:26:07 | 000,397,027 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Wildenbilder4.pdf
[2010.05.03 19:29:24 | 000,000,815 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.03 19:10:49 | 000,001,693 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\CCleaner.lnk
[2010.05.02 21:36:30 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010.04.30 18:32:13 | 001,579,844 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.30 18:06:09 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.04.30 17:13:37 | 000,002,341 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.04.29 21:07:39 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\RSIT.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.29 00:20:43 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.04.29 00:20:42 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.04.26 22:32:26 | 000,043,008 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.26 18:05:19 | 000,001,725 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\HijackThis.lnk
[2010.04.25 21:37:24 | 000,077,076 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.25 00:29:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010.04.25 00:29:16 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010.04.25 00:21:10 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\rd
[2010.04.24 23:55:47 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010.04.24 23:55:46 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.24 23:55:46 | 000,001,806 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010.04.24 16:45:47 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010.04.24 16:45:47 | 000,002,388 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG
[2010.04.24 16:05:51 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.04.24 15:42:13 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.22 20:28:26 | 000,000,903 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.20 20:54:39 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.04.12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.08 20:30:57 | 000,002,653 | ---- | M] () -- C:\WINDOWS\winpolis.ini
[2010.04.08 20:30:47 | 000,000,330 | ---- | M] () -- C:\WINDOWS\winpolis.rng
[2010.04.07 23:49:16 | 000,000,473 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010.04.06 03:00:24 | 016,058,110 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\KuWi_Institut.zip
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.04 17:22:36 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gyyytjj.sys
[2010.05.04 14:13:01 | 000,000,815 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.04 14:05:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\Partizan.RRI
[2010.05.04 13:54:35 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\KLIF.spi
[2010.05.03 22:26:06 | 000,397,027 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Wildenbilder4.pdf
[2010.05.03 19:10:48 | 000,001,693 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\CCleaner.lnk
[2010.04.29 21:07:37 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\RSIT.exe
[2010.04.26 18:05:19 | 000,001,725 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\HijackThis.lnk
[2010.04.25 21:37:24 | 000,077,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.25 00:21:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\rd
[2010.04.24 23:55:47 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010.04.24 16:44:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010.04.24 16:44:56 | 000,002,388 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG
[2010.04.24 16:05:51 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.04.24 15:42:13 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.22 21:21:04 | 536,137,728 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.22 20:28:26 | 000,000,903 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.04.20 20:57:45 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.04.20 20:57:45 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.04.15 14:45:23 | 000,586,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\xnilrm.sys
[2010.04.11 22:39:18 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\jasltw.dat
[2010.04.06 02:58:57 | 016,058,110 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\KuWi_Institut.zip
[2010.04.06 01:19:45 | 000,000,012 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\jasltw.dat
[2010.04.05 01:29:48 | 000,804,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\xueboiyc.sys
[2009.12.09 20:38:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009.12.09 20:35:16 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.12.09 20:34:32 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.11.15 16:15:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CamTraxAPI.dll
[2009.10.11 19:51:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009.06.20 01:27:11 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2009.06.20 01:27:10 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2008.12.18 16:43:58 | 000,004,676 | ---- | C] () -- C:\WINDOWS\7thLevel.ini
[2008.02.19 13:17:30 | 000,000,279 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.02.18 22:34:22 | 000,002,653 | ---- | C] () -- C:\WINDOWS\winpolis.ini
[2007.12.27 15:39:17 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007.12.27 15:07:19 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.11.21 23:20:32 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.10.02 20:50:22 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.10.02 20:50:22 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.06.09 21:49:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\michasbs.INI
[2007.06.09 21:49:45 | 000,000,987 | ---- | C] () -- C:\WINDOWS\ssaver.ini
[2007.05.27 21:21:10 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2007.05.27 20:27:19 | 000,000,067 | ---- | C] () -- C:\WINDOWS\wbdbg.ini
[2007.05.27 17:23:56 | 000,000,084 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI
[2007.03.26 17:44:01 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.03.26 17:44:01 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.03.25 22:40:08 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007.03.25 22:39:18 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007.03.04 12:51:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2007.01.27 16:40:09 | 000,000,179 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2007.01.21 20:44:04 | 000,000,021 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007.01.21 01:56:02 | 000,005,124 | ---- | C] () -- C:\WINDOWS\langorig.ini
[2007.01.21 01:55:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007.01.21 00:49:17 | 000,000,306 | ---- | C] () -- C:\WINDOWS\System32\9462E5FB7A2D45aeB8A411BB655558EB.ini
[2007.01.20 22:53:28 | 000,000,053 | ---- | C] () -- C:\WINDOWS\scrMatrics.ini
[2006.12.25 19:23:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006.12.25 19:23:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006.12.25 19:23:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006.12.22 18:05:57 | 000,000,218 | ---- | C] () -- C:\WINDOWS\scrantic.ini
[2006.12.16 21:09:54 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006.09.14 22:00:09 | 000,000,209 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2006.07.27 20:50:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.07.27 20:49:21 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2006.07.24 16:10:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.04.29 12:08:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.10.02 19:08:59 | 000,000,048 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2005.06.13 10:31:27 | 000,001,020 | ---- | C] () -- C:\WINDOWS\bitths.ini
[2005.03.28 17:27:36 | 000,000,992 | ---- | C] () -- C:\WINDOWS\STA2.ini
[2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2005.01.22 16:13:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005.01.22 16:11:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2004.12.31 15:14:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2004.09.29 20:23:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.09.29 20:17:15 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004.09.29 19:17:19 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2004.09.29 19:08:24 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2004.09.29 19:08:24 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2004.09.29 19:08:24 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2004.09.29 19:08:24 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2004.09.29 19:08:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2004.09.29 18:32:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.09.29 18:12:54 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2004.09.29 17:37:33 | 000,000,821 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2004.09.29 17:37:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004.09.29 17:31:11 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004.09.29 17:15:18 | 000,000,953 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.09.29 16:53:40 | 000,000,896 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.14 21:35:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.28 11:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004.01.28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004.01.28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\****\Desktop\IMG_2052.jpg:SummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:302A9871
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:59756FA4
< End of report >

Und Teil 2, ich hoffe ehrlich, es lässt sich was damit anfangen (ich jedenfalls werde daraus nicht wirklich schlau^^)

OTL Extras logfile created on: 04.05.2010 17:26:13 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 216,00 Mb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 228,52 Gb Total Space | 61,89 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive D: | 2,05 Gb Total Space | 1,48 Gb Free Space | 72,08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ****
Current User Name: ****
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Öffnen] -- explorer.exe "%1" (Microsoft Corporation)
Directory [Öffnen!] -- C:\WINDOWS\explorer.exe "%1" (Microsoft Corporation)
Directory [Öffnen!!!] -- rundll32.exe fldr.dll,RouteTheCall %L
Directory [Öffnen"] -- C:\WINDOWS\system32\fastopen.exe %1 ()
Directory [open] -- explorer.exe "%1" (Microsoft Corporation)
Directory [openn] -- rundll32.exe fldr.dll,RouteTheCall %L
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Programme\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\American Conquest\dmcr.exe" = C:\Programme\American Conquest\dmcr.exe:*:Enabled:dmcr -- (-GSC-)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\Programme\Activision\Star Trek Armada II\Armada2.exe" = C:\Programme\Activision\Star Trek Armada II\Armada2.exe:*:Enabled:Star Trek Armada 2 -- (Activision)
"C:\Programme\Spiele\Microsoft Games\Age of Empires\EMPIRESX.EXE" = C:\Programme\Spiele\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Programme\Cossacks - Back To War\dmcr.exe" = C:\Programme\Cossacks - Back To War\dmcr.exe:*:Enabled:dmcr -- (-GSC-)
"C:\Dokumente und Einstellungen\****\Desktop\Strategie-kriegsspiele\Siedler 3 gold\Siedler3\Programmstart.exe" = C:\Dokumente und Einstellungen\****\Desktop\Strategie-kriegsspiele\Siedler 3 gold\Siedler3\Programmstart.exe:*:Enabled:Siedler3 -- File not found
"C:\Programme\American Conquest - Fight Back\dmcr.exe" = C:\Programme\American Conquest - Fight Back\dmcr.exe:*:Enabled:dmcr -- (-GSC-)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL Optimized Dial-In -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL Optimized Dial-In -- (AOL LLC)
"C:\Programme\JoWood\Die Völker 2 Gold Edition\bin\game.exe" = C:\Programme\JoWood\Die Völker 2 Gold Edition\bin\game.exe:*:Enabled:Game -- (JoWooD AG)
"C:\Programme\Monte Cristo\Silverfall Demo\Silverfall.exe" = C:\Programme\Monte Cristo\Silverfall Demo\Silverfall.exe:*:Enabled:Silverfall -- File not found
"C:\BlueByte\Siedler3\s3.exe" = C:\BlueByte\Siedler3\s3.exe:*:Enabled:Siedler3 -- (Blue Byte )
"C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" = C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop -- (Google)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\BlueByte\Siedler3\s3 Kompatibilität aus xp.exe" = C:\BlueByte\Siedler3\s3 Kompatibilität aus xp.exe:*:Enabled:Siedler3 -- (Blue Byte )
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Gemeinsame Dateien\aol\1165009021\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\aol\1165009021\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Programme\FireFly Studios\Stronghold\Stronghold.exe" = C:\Programme\FireFly Studios\Stronghold\Stronghold.exe:*:Enabled:Stronghold -- ()
"C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ()
"\\Voyager\SharedDocs\Siedler 3 gold\Siedler3\Programmstart.exe" = \\Voyager\SharedDocs\Siedler 3 gold\Siedler3\Programmstart.exe:*:Enabled:Programmstart.exe
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1198DF3B-9322-11D5-8EE9-0050DACFBEBC}" = Dominion Wars
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23398D03-A9CD-4200-8B1F-6881E1ABB217}" = Vampires Dawn 2 - Ancient Blood
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{273B140B-5BBA-4021-8D2A-BE9845168E7B}" = Linder BIOLOGIE Stoffwechsel
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B4770D0-D3D9-498E-BC32-7882B2CC2825}" = Singles 2 Patch 1.4
"{2F315767-6230-4980-BE36-C2E91D42BBB8}" = die ReadKVK Applikation
"{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{31E47E5B-5BC6-4214-8FC6-F5D8B16080B7}" = Invasion
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC04082-2278-47CE-9EA9-A579284B723A}" = Flatout2 De Demo
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{45E631D2-3822-4580-9476-7465BF58AC62}" = ATI TVTV Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53328244-E005-46A3-B39F-A15F005FECEB}" = Stadtplan Generator 5.40
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{5608AF0C-8F3F-467E-A37F-C68D3793FAFB}" =
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11g Wireless LAN - USB
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BA2C0FB-7EF3-11D7-9E00-0004769EEFEB}" = 21 Marble Insanity by John Min
"{6FE7F94E-7AF8-421F-9A19-04681A099AE3}" = TuneUp WinStyler
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E60C9C0-B135-41FE-8EEA-0B021BB63234}" = AMCAP
"{80178345-5157-48a3-B504-72601F5E47CC}" = Adrenalin Demo
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{8C0A88AE-8388-42D5-9134-149BCD77E4F2}" = Die Völker 2 Gold Edition
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9313E9A6-03DF-11D5-88F8-005004361016}" = Pinnacle TRex
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{949576CE-4627-11D6-A7FE-0050FC21662B}" = Hotel Gigant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III Exile
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A70EDC5C-5B1F-4E71-8B2E-AE4E2C73483E}" = DeskoverX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{AD054DC5-D7D9-11D7-88A5-0000B485C5DF}" = PDA digital camera
"{AE49300B-06AE-4F30-8E62-60C59A59CA4C}" = Sudeki
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{BB9EA451-351D-4EDC-B23E-BFECFCEC0E0F}" = Sven XXX - XS
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BF2FC5F6-EC88-4CA5-BD83-DC6613FD077D}_is1" = Enable Viacam 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C181E444-FEF3-4DB7-8A6E-F09791C18346}" = Eu3 - DEMO
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C5223522-2B12-4522-B165-99EE6C88771E}" = eTrust Antivirus Registration
"{C62DCB40-6014-11D5-986D-00500443CF9F}" = Razor Gumpfs
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Impulse
"{D11016EA-8CFB-4E07-91D4-28606762DF06}" = Der Planer 3
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D36EC5B8-D511-43EB-9277-DBD4F59B3EAD}" = Bounci
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}" = Chipkartenleser Treiberinstallation
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C}" = ATI Decoder
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E51F8EB2-0F55-4F80-9A1E-CE84BE063045}" = Fritz6
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"{FA075505-EFF6-4006-8E9F-921E09774684}" = Big Mutha Truckers 2
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"3D GameStudio" = 3D GameStudio
"ABM" = ABM 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Castles" = Age of Castles
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"America" = America
"American Conquest" = American Conquest
"American Conquest Fight Back" = American Conquest Fight Back
"Animals in 3D" = Animals in 3D
"AOL Deinstallation" = AOL Deinstallation
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"Armagetron" = Armagetron
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Autobahn Raser 3" = Autobahn Raser 3
"Autobahn Raser IV" = Autobahn Raser IV
"BaqSoft WinInBlaQ 3_is1" = BaqSoft WinInBlaQ 3
"Beach King" = Beach King
"Beekeeper" = Die Siedler - Honig für den König
"Biologie Chemie 5 bis 13" = Biologie Chemie 5 bis 13
"BootSkin" = BootSkin
"briblo" = briblo Screen Saver
"Bridge Builder Demo" = Bridge Builder Demo
"CamSpace" = CamSpace
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"Cartoonist_is1" = Cartoonist 1.3
"Castle Attack Install" = Castle Attack Install
"CCleaner" = CCleaner
"Championsheep Rally" = Championsheep Rally
"Clickster16342" = Clickster
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00" = FM-56PCI-HSFi-AB
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Cossacks : Back To War" = Cossacks - Back To War
"Cossacks II" = Cossacks II
"DeskScapes (Free)" = DeskScapes (Free)
"DesktopX" = DesktopX
"Digital Camera Driver" = Digital Camera Driver
"Dirty Split" = Dirty Split (remove only)
"Don't Touch My Computer 2" = Don't Touch My Computer 2 Screen Saver
"Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Edgar Torronteras' Extreme Biker" = Edgar Torronteras' Extreme Biker
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0
"freddyMathe56" = Freddy:Mathe5/Mathe6
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Fire Screensaver" = Free Fire Screensaver
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Freeciv-2.1.5-gtk2" = Freeciv 2.1.5 (GTK+ client)
"Frog Hunt_is1" = Frog Hunt v1.0
"G-Force" = G-Force
"GhostMouse 2.0" = GhostMouse 2.0
"Glory of the Roman Empire" = Die Römer
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"Highway Pursuit_is1" = Highway Pursuit
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"Icy Tower" = Icy Tower
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3
"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.02.2
"InstallShield_{A70EDC5C-5B1F-4E71-8B2E-AE4E2C73483E}" = DeskoverX
"InstallShield_{AE49300B-06AE-4F30-8E62-60C59A59CA4C}" = Sudeki
"InstallShield_{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C}" = ATI Decoder
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Jack the Destructor_is1" = Jack the Destructor (GER)
"Joey" = Joey (remove only)
"Keepsake" = Keepsake
"kiss me tiger! - WHISKAS Screen Saver" = kiss me tiger! - WHISKAS Screen Saver
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Latein-Wörterbuch_is1" = Das Latein-Wörterbuch 2.1
"LogonStudio" = LogonStudio
"Magic Video Batch Converter_is1" = Magic Video Batch Converter 3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrix3D" = The Matrix Trilogy 3D Code Screen Saver v3.4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"NeoPaint für Windows (Prüfversion)" = NeoPaint für Windows (Prüfversion)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Niki" = Niki
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notion 1.5 Demo" = Notion 1.5 Demo
"Oktoberfest_is1" = Oktoberfest Wacky Wiesn Version 1.1
"PC-Bibliothek Express" = PC-Bibliothek Express
"phase5" = phase5
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Pinnacle Hollywood FX Pack - ATI FX" = Pinnacle Hollywood FX Pack - ATI FX
"Polymorf3DSetup" = Polymorf3D Screen Saver
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.1c
"printing-1" = printing-1 3.65
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PuzzlesMaster" = PuzzlesMaster
"RealAlt_is1" = Real Alternative 1.60
"Roter Baron III - Herrscher der Lüfte" = Roter Baron III - Herrscher der Lüfte
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"S2TNG" = Die Siedler II - Die nächste Generation
"S3" = Die Siedler III Gold Edition
"Sacred Underworld_is1" = Sacred Underworld
"Sacred_is1" = Sacred
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"Screen Antics" = Screen Antics 2.1
"Shock Screensaver" = Shock Screensaver
"Shockwave" = Shockwave
"ShrinkTo5Basic" = ShrinkTo5Basic
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SkinStudio Free" = SkinStudio Free
"Snow3_is1" = Snow3 1.3.1
"Software Informer_is1" = Software Informer 1.0 BETA
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"ST6UNST #1" = Chipcard master 5.15
"ST6UNST #2" = reformat
"Star Trek Armada II" = Star Trek Armada II
"Stardock Impulse" = Stardock Impulse
"StreetPlugin" = Learn2 Player (Uninstall Only)
"StyleBuilder" = StyleBuilder (remove only)
"Sven004 Screensaver 01_is1" = Sven004 Screensaver 01 1.0
"TequilaCursor 5.00" = TequilaCursor 5.00
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"Tuned!" = Tuned!
"Two Worlds Pinball" = Two Worlds Pinball
"UFOInvasion" = UFOInvasion
"Ultrawave Guitar Racks_is1" = Ultrawave Guitar Racks version 1.5
"UnHackMe_is1" = UnHackMe 5.80 release
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VST Bridge_is1" = VST Bridge 1.1
"Web Photo Album_is1" = Web Photo Album 0.9 Beta
"Winamp" = Winamp (nur entfernen)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP-Games JRE" = XP-Games JRE
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Alien Chess" = Alien Chess
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.04.2010 11:14:13 | Computer Name = **** | Source = MsiInstaller | ID = 11719
Description = Produkt: Skype™ 4.0 -- Fehler 1719. Auf den Windows Installer-Dienst
konnte nicht zugegriffen werden. Dies kann auftreten, wenn Windows im abgesicherten
Modus ausgeführt wird oder wenn der Windows Installer nicht korrekt installiert
wurde. Setzen Sie sich mit dem Supportpersonal in Verbindung, um weitere Unterstützung
zu erhalten.

Error - 30.04.2010 11:23:01 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung reanimator.exe, Version 6.8.6.84, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 30.04.2010 11:24:24 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 30.04.2010 11:33:08 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 30.04.2010 11:35:53 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 30.04.2010 12:15:08 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 02.05.2010 15:33:27 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 03.05.2010 12:15:14 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 03.05.2010 12:33:42 | Computer Name = **** | Source = Google Update | ID = 20
Description =

Error - 04.05.2010 07:33:15 | Computer Name = **** | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 30.04.2010 10:21:26 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde

Error - 30.04.2010 11:17:58 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde

Error - 01.05.2010 04:22:40 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde

Error - 01.05.2010 04:24:37 | Computer Name = **** | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.

Error - 02.05.2010 15:33:24 | Computer Name = **** | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 02.05.2010 15:33:24 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde

Error - 02.05.2010 15:33:24 | Computer Name = **** | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 03.05.2010 00:12:02 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde

Error - 03.05.2010 12:02:26 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde

Error - 04.05.2010 07:23:00 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde


< End of report >

Zitat:

Datenbank Version: 4052

Hm, Du hast Malwarebytes nicht aktualisiert. Bitte nachholen und noch nen Vollscan machen.

Ay, hatte es doch 2 Sekunden vorher noch gelesen...
Einfach vergessen, tut mir Leid.

Jetzt aber was aktuelles:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4066

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.05.2010 00:24:56
mbam-log-2010-05-05 (00-24-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 369877
Laufzeit: 2 Stunde(n), 42 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\sound32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\xnilrm.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\xueboiyc.sys (Rootkit.Agent) -> Delete on reboot.

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV - (x10nets) -- File not found
SRV - (LiveUpdate Notice) -- File not found
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - File not found
O4 - HKLM..\Run: [OEM-Reset] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [fsm] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O32 - AutoRun File - [2004.01.20 15:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) - D:\AUTORUN.EXE -- [ FAT32 ]
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
[2010.05.04 17:30:56 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\xueboiyc.sys
[2010.05.04 17:30:52 | 000,586,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\xnilrm.sys
[2010.05.04 17:22:36 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gyyytjj.sys
:Files
C:\WINDOWS\tasks\At*.job
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

All processes killed
========== OTL ==========
Service x10nets stopped successfully!
Service x10nets deleted successfully!
File File not found not found.
Service LiveUpdate Notice stopped successfully!
Service LiveUpdate Notice deleted successfully!
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OEM-Reset deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
D:\AUTORUN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:Partizan deleted successfully.
C:\WINDOWS\system32\Partizan.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:ootExecute settings... deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\xueboiyc.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\xnilrm.sys scheduled to be moved on reboot.
File C:\WINDOWS\System32\drivers\gyyytjj.sys not found.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\At*.job not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Besitzer

User: ****
->Temp folder emptied: 558702707 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 277239127 bytes
->Flash cache emptied: 7640 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Flash cache emptied: 41 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 201 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49869 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 628348 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 41585 bytes
%systemroot%\System32 .tmp files removed: 102791 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39945072 bytes
RecycleBin emptied: 1380720 bytes

Total Files Cleaned = 838,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05052010_192131

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\xueboiyc.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\xnilrm.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

----------------------------------------------------------------------------------------------------------
Dass xueboiyc und xnilrm beim nächsten Neustart gelöscht werden hat mir bis jetzt so gut wie jedes Programm gesagt...
Irgendwie deprimierend.
Ich hoffe mal, du weißt trotzdem was damit anzufangen.

Gruß
ontirio

Zitat:

Dass xueboiyc und xnilrm beim nächsten Neustart gelöscht werden hat mir bis jetzt so gut wie jedes Programm gesagt...

Die Dinger arbeiten auch mit fiesen Tricks
Deswegen brauchen wir wohl Logfiles von GMER und OSAM - bitte posten

Ich habe es jetzt ein paar mal versucht, aber bei GMER stürzt mein Computer immer nach ein paar Minuten Scanzeit ohne Vorwarnung ab (er klingt allerdings nicht so, als wäre er überlastet).

Ich hatte alle Programme beendet und habe während des Scans weder die Maus bewegt noch sonst den Computer auch nur im Entferntesten berührt.
Eigentlich habe ich mich genau an die Anleitung gehalten.
Hast du eine Idee, was da los sein könnte?

Na ja, das hier funktionierte jedenfalls:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:55:50 on 06.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Stardock.Net, Inc" - C:\WINDOWS\system32\WBSYS.DLL
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\MZVKBD3.DLL
"AppInit_DLLs" - "Google" - C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Greatis Software" - C:\WINDOWS\system32\Partizan.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"SERVICE.CPL" - "Davilex Software bv" - C:\WINDOWS\system32\SERVICE.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"BootScreen" (BootScreen) - ? - C:\WINDOWS\System32\drivers\vidstub.sys (File found, but it contains no detailed information)
"DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\system32\drivers\kl1.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"mchInjDrv" (mchInjDrv) - ? - C:\WINDOWS\TEMP\mc21.tmp (File not found)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"Partizan" (Partizan) - "Greatis Software" - C:\WINDOWS\System32\drivers\Partizan.sys
"PCANDIS5" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\GEMEIN~1\T-Com\DSLCheck\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"RegGuard" (RegGuard) - "Greatis Software" - C:\WINDOWS\system32\Drivers\regguard.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASKUTIL.SYS
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys (File not found)
"SymIMMP" (SymIMMP) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"xnilrm" (xnilrm) - ? - C:\WINDOWS\system32\drivers\xnilrm.sys (Hidden file | Hidden registry entry, rootkit activity | File found, but it contains no detailed information)
"xueboiyc" (xueboiyc) - ? - C:\WINDOWS\system32\drivers\xueboiyc.sys (Hidden file | Hidden registry entry, rootkit activity | File found, but it contains no detailed information)
"ZDPNDIS5 NDIS Protocol Driver" (ZDPNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\ZDPNDIS5.SYS

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - /E:/bilder/snd.gif (File not found)
"(1) Source" - ? - /C:/DOKUME~1/****/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg (File not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{2AB289AE-4B90-4281-B2AE-1F4BB034B647} "text/html" - ? - (File not found | COM-object registry key not found)
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes Class" - "Stardock Corporation" - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{D22F6E51-BD32-4b7d-A17D-DC89C7FDFF15} "DreamImages Object" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamThumbnails.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{DCED20BE-3645-11D4-BC95-00C04F0E0588} "InoShell" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Programme\msaccrt\Access 97\soa800.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{2F5AC606-70CF-461C-BFE1-6063670C3466} "ShellDlg Class" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DeskScapesShellXP.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
{FA603FF3-D04C-415d-8049-EFE29EEF4B26} "StardockDeskscapes.DreamFile" - ? - (File not found | COM-object registry key not found)
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} "MCPShellInstantiator Class" - "Stardock" - C:\PROGRA~1\GEMEIN~1\Stardock\MCPCore.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar2.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E55FD215-A32E-43FE-A777-A7E8F165F551} "Flatcast Viewer 4.15" - "1 mal 1 Software GmbH" - C:\WINDOWS\DOWNLO~1\NpFv415.dll / hxxp://data.flatcast.com/NpFv415.dll
{E55FD215-A32E-43FE-A777-A7E8F165F557} "Flatcast Viewer 5.0" - "1 mal 1 Software GmbH" - C:\WINDOWS\DOWNLO~1\NpFv501.dll / hxxp://www.flatcast-data.com/data/objects/NpFv501.dll
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - "Yahoo! Inc." - C:\Programme\Yahoo!\Common\Yinsthelper.dll / C:\Programme\Yahoo!\Common\Yinsthelper.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
{44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar2.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdm2.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\desktop.ini
"Garbage truck.lnk" - ? - C:\Dokumente und Einstellungen\****\Eigene Dateien\Sonstiges\Designing\Garbagetruckgadgetbyrelhom\Garbage truck.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ATI DeviceDetect" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\main\ATIDtct.EXE
"ATI Remote Control" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\RemCtrl\ATIRW.EXE
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"NCLaunch" - "Northcode Inc." - C:\WINDOWS\NCLAUNCH.EXe
"Software Informer" - "Informer Technologies, Inc." - "C:\Programme\Software Informer\softinfo.exe" -autorun
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"UnHackMe Monitor" - "Greatis Software" - C:\Programme\kill_Virus_etc\UnHackMe\hackmon.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
"AVP" - "Kaspersky Lab" - "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
"BootSkin Startup Jobs" - ? - "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager" - "America Online, Inc." - C:\Programme\Gemeinsame Dateien\AOL\1165009021\ee\AOLSoftware.exe
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogonStudio" - ? - "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx )-----
"Flags" - ? - € (File not found)
"Title" - ? - UnHackMe Rootkit Check (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Automatic LiveUpdate Scheduler" (Automatic LiveUpdate Scheduler) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"CA-Lizenz-Client" (CA_LIC_CLNT) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
"CA-Lizenzserver" (CA_LIC_SRVR) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
"DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
"Ereignisprotokoll-Überwachung" (LogWatch) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
"Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca30416aefe1d6)" (gupdate1ca30416aefe1d6) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Kaspersky Anti-Virus" (AVP) - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe
"WAN Miniport (ATW) Service" (WANMiniportService) - "America Online, Inc." - C:\WINDOWS\wanmpsvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\THEONE~1.SCR (File found, but it contains no detailed information)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonuiX.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASWINLO.dll
"klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll
"MCPClient" - "Stardock" - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

(ich hoffe, die Farbe hat nicht vewirrt^^)

Code: Alles auswählenAufklappen

ATTFilter

"xnilrm" (xnilrm) - ? - C:\WINDOWS\system32\drivers\xnilrm.sys (Hidden file | Hidden registry entry, rootkit activity | File found, but it contains no detailed information)
"xueboiyc" (xueboiyc) - ? - C:\WINDOWS\system32\drivers\xueboiyc.sys (Hidden file | Hidden registry entry, rootkit activity | File found, but it contains no detailed information)
"SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\THEONE~1.SCR (File found, but it contains no detailed information)
         

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM) und löschen (delete from storage). Poste danach ein neues Log von OSAM

So...
"from storage deleted"^^

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:41:39 on 08.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Stardock.Net, Inc" - C:\WINDOWS\system32\WBSYS.DLL
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\MZVKBD3.DLL
"AppInit_DLLs" - "Google" - C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Greatis Software" - C:\WINDOWS\system32\Partizan.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"SERVICE.CPL" - "Davilex Software bv" - C:\WINDOWS\system32\SERVICE.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"BootScreen" (BootScreen) - ? - C:\WINDOWS\System32\drivers\vidstub.sys (File found, but it contains no detailed information)
"DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\system32\drivers\kl1.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"mchInjDrv" (mchInjDrv) - ? - C:\WINDOWS\TEMP\mc21.tmp (File not found)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"Partizan" (Partizan) - "Greatis Software" - C:\WINDOWS\System32\drivers\Partizan.sys
"PCANDIS5" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\GEMEIN~1\T-Com\DSLCheck\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"RegGuard" (RegGuard) - "Greatis Software" - C:\WINDOWS\system32\Drivers\regguard.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASKUTIL.SYS
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys (File not found)
"SymIMMP" (SymIMMP) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"ZDPNDIS5 NDIS Protocol Driver" (ZDPNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\ZDPNDIS5.SYS

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - /E:/bilder/snd.gif (File not found)
"(1) Source" - ? - /C:/DOKUME~1/****/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg (File not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{2AB289AE-4B90-4281-B2AE-1F4BB034B647} "text/html" - ? - (File not found | COM-object registry key not found)
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes Class" - "Stardock Corporation" - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{D22F6E51-BD32-4b7d-A17D-DC89C7FDFF15} "DreamImages Object" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamThumbnails.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{DCED20BE-3645-11D4-BC95-00C04F0E0588} "InoShell" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Programme\msaccrt\Access 97\soa800.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{2F5AC606-70CF-461C-BFE1-6063670C3466} "ShellDlg Class" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DeskScapesShellXP.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
{FA603FF3-D04C-415d-8049-EFE29EEF4B26} "StardockDeskscapes.DreamFile" - ? - (File not found | COM-object registry key not found)
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} "MCPShellInstantiator Class" - "Stardock" - C:\PROGRA~1\GEMEIN~1\Stardock\MCPCore.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar2.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E55FD215-A32E-43FE-A777-A7E8F165F551} "Flatcast Viewer 4.15" - "1 mal 1 Software GmbH" - C:\WINDOWS\DOWNLO~1\NpFv415.dll / hxxp://data.flatcast.com/NpFv415.dll
{E55FD215-A32E-43FE-A777-A7E8F165F557} "Flatcast Viewer 5.0" - "1 mal 1 Software GmbH" - C:\WINDOWS\DOWNLO~1\NpFv501.dll / hxxp://www.flatcast-data.com/data/objects/NpFv501.dll
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - "Yahoo! Inc." - C:\Programme\Yahoo!\Common\Yinsthelper.dll / C:\Programme\Yahoo!\Common\Yinsthelper.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
{44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar2.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdm2.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\desktop.ini
"Garbage truck.lnk" - ? - C:\Dokumente und Einstellungen\****\Eigene Dateien\Sonstiges\Designing\Garbagetruckgadgetbyrelhom\Garbage truck.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ATI DeviceDetect" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\main\ATIDtct.EXE
"ATI Remote Control" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\RemCtrl\ATIRW.EXE
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"NCLaunch" - "Northcode Inc." - C:\WINDOWS\NCLAUNCH.EXe
"Software Informer" - "Informer Technologies, Inc." - "C:\Programme\Software Informer\softinfo.exe" -autorun
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"UnHackMe Monitor" - "Greatis Software" - C:\Programme\kill_Virus_etc\UnHackMe\hackmon.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
"AVP" - "Kaspersky Lab" - "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
"BootSkin Startup Jobs" - ? - "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HostManager" - "America Online, Inc." - C:\Programme\Gemeinsame Dateien\AOL\1165009021\ee\AOLSoftware.exe
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogonStudio" - ? - "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx )-----
"Flags" - ? - € (File not found)
"Title" - ? - UnHackMe Rootkit Check (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Automatic LiveUpdate Scheduler" (Automatic LiveUpdate Scheduler) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"CA-Lizenz-Client" (CA_LIC_CLNT) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
"CA-Lizenzserver" (CA_LIC_SRVR) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
"DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
"Ereignisprotokoll-Überwachung" (LogWatch) - "Computer Associates" - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
"Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca30416aefe1d6)" (gupdate1ca30416aefe1d6) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Kaspersky Anti-Virus" (AVP) - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUp WinStyler\WinStylerThemeSvc.exe
"WAN Miniport (ATW) Service" (WANMiniportService) - "America Online, Inc." - C:\WINDOWS\wanmpsvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonuiX.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\kill_virus_etc\SUPERAntiSpyware\SASWINLO.dll
"klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll
"MCPClient" - "Stardock" - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

Ok. Dann mach nochmal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So, da hast du :)

ComboFix 10-05-08.03 - **** 09.05.2010 21:12:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.196 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\cofi.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sys.txt
c:\windows\Fonts\acrsec.fon
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-09 bis 2010-05-09 ))))))))))))))))))))))))))))))
.

2010-05-08 11:24 . 2010-05-08 11:38 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Online Solutions
2010-05-05 17:24 . 2010-05-05 17:24 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-05 17:21 . 2010-05-05 17:21 -------- d-----w- C:\_OTL
2010-05-03 18:53 . 2010-05-03 18:53 -------- d-----w- C:\rsit
2010-04-28 21:58 . 2010-05-02 19:36 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-04-26 13:59 . 2010-04-26 13:59 -------- d-----w- C:\Backreg
2010-04-26 13:54 . 2010-05-03 16:25 -------- d-----w- c:\windows\RestoreSafeDeleted
2010-04-25 19:37 . 2010-04-25 19:37 77076 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-24 22:29 . 2010-04-24 22:29 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-24 21:55 . 2010-04-24 21:55 2 --shatr- c:\windows\winstart.bat
2010-04-24 21:55 . 2010-03-23 15:34 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-04-24 14:44 . 2010-04-24 14:45 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-22 18:32 . 2010-04-22 18:32 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Malwarebytes
2010-04-22 18:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-22 18:32 . 2010-04-22 18:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-22 18:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 18:28 . 2010-04-22 18:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-04-22 18:28 . 2010-04-22 18:28 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\SUPERAntiSpyware.com
2010-04-22 18:26 . 2010-04-26 16:05 -------- d-----w- c:\programme\kill_Virus_etc
2010-04-21 18:14 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 18:57 . 2010-05-05 17:43 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-20 18:57 . 2010-05-05 17:43 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-20 18:55 . 2010-05-09 19:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-04-20 18:55 . 2010-04-20 18:55 -------- d-----w- c:\programme\Kaspersky Lab
2010-04-20 18:45 . 2010-04-20 18:45 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 19:32 . 2009-06-07 16:04 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Software Informer
2010-05-03 17:29 . 2010-05-03 17:29 6153352 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-25 19:04 . 2006-07-24 14:11 -------- d-----w- c:\programme\Cossacks - Back To War
2010-04-24 13:40 . 2006-12-01 14:58 -------- d-----w- c:\programme\Google
2010-04-22 18:42 . 2010-04-22 18:29 117760 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-22 18:29 . 2010-04-22 18:29 52224 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-22 18:27 . 2007-05-27 14:07 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-04-21 21:23 . 2009-09-14 14:57 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\vlc
2010-04-21 18:14 . 2006-12-01 14:57 -------- d-----w- c:\programme\Java
2010-04-20 20:37 . 2006-09-14 19:10 -------- d-----w- c:\programme\American Conquest - Fight Back
2010-04-20 19:32 . 2008-03-30 14:18 -------- d-----w- c:\programme\GStudio
2010-04-20 19:11 . 2010-04-20 19:11 80400 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-20 19:11 . 2010-04-20 19:11 80400 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-20 19:09 . 2006-12-01 11:09 -------- d-----w- c:\programme\ICQToolbar
2010-04-20 18:40 . 2009-06-07 16:02 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Free Download Manager
2010-04-11 20:39 . 2010-04-11 20:39 8 ----a-w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\jasltw.dat
2010-04-05 23:19 . 2010-04-05 23:19 12 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\jasltw.dat
2010-04-05 00:01 . 2010-04-04 23:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-04-04 23:21 . 2010-04-04 23:21 907 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2010-04-01 01:16 . 2006-12-01 14:55 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-04-01 01:16 . 2010-04-01 01:16 503808 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a3b1599-n\msvcp71.dll
2010-04-01 01:16 . 2010-04-01 01:16 499712 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a3b1599-n\jmc.dll
2010-04-01 01:16 . 2010-04-01 01:16 348160 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a3b1599-n\msvcr71.dll
2010-04-01 01:16 . 2010-04-01 01:16 61440 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c795ba0-n\decora-sse.dll
2010-04-01 01:16 . 2010-04-01 01:16 12800 ----a-w- c:\dokumente und einstellungen\****\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c795ba0-n\decora-d3d.dll
2010-03-29 16:55 . 2009-06-13 21:09 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Skype
2010-03-29 16:54 . 2009-06-13 21:29 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\skypePM
2010-03-29 14:44 . 2004-09-29 14:53 85954 ----a-w- c:\windows\system32\perfc007.dat
2010-03-29 14:44 . 2004-09-29 14:53 462932 ----a-w- c:\windows\system32\perfh007.dat
2010-03-10 06:15 . 2004-09-29 14:53 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:15 . 2004-09-29 14:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-09-29 14:53 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2004-08-04 00:50 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:04 . 2004-08-04 00:50 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:03 . 2010-03-06 06:06 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-09-29 14:52 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-09-29 14:53 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-28 21:32 . 2008-06-28 21:32 844 ----a-w- c:\programme\Joey.lnk
2009-12-10 18:59 . 2007-11-20 16:09 119808 ----a-w- c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\programme\ATI Multimedia\main\ATIDtct.EXE" [2004-09-27 69707]
"ATI Remote Control"="c:\programme\ATI Multimedia\RemCtrl\ATIRW.EXE" [2004-07-08 196608]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-01-27 40960]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-14 68856]
"Google Update"="c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2009-06-07 133104]
"Software Informer"="c:\programme\Software Informer\softinfo.exe" [2009-01-30 1708101]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"UnHackMe Monitor"="c:\programme\kill_Virus_etc\UnHackMe\hackmon.exe" [2010-03-23 594144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 2550272]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 339968]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1165009021\ee\AOLSoftware.exe" [2006-11-17 50736]
"LogonStudio"="c:\programme\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-10 30192]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\****\Startmen�\Programme\Autostart\
Garbage truck.lnk - c:\dokumente und einstellungen\****\Eigene Dateien\Sonstiges\Designing\Garbagetruckgadgetbyrelhom\Garbage truck.exe [2009-7-25 514048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\kill_virus_etc\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\kill_Virus_etc\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\GEMEIN~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-06-21 12:42 70952 ----a-r- c:\programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-19 12:03 45056 ------w- c:\programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]
2004-01-12 19:40 69632 ----a-w- c:\programme\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntvdvr32 REG_SZ c:\windows\system32\sethtbss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programme\\American Conquest\\dmcr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programme\\Activision\\Star Trek Armada II\\Armada2.exe"=
"c:\\Programme\\Spiele\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Programme\\Cossacks - Back To War\\dmcr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\American Conquest - Fight Back\\dmcr.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\JoWood\\Die Völker 2 Gold Edition\\bin\\game.exe"=
"c:\\StubInstaller.exe"=
"c:\\BlueByte\\Siedler3\\s3.exe"=
"c:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\BlueByte\\Siedler3\\s3 Kompatibilität aus xp.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1165009021\\ee\\aolsoftware.exe"=
"c:\\Programme\\FireFly Studios\\Stronghold\\Stronghold.exe"=
"c:\\Programme\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"\\\\Voyager\\SharedDocs\\Siedler 3 gold\\Siedler3\\Programmstart.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Dokumente und Einstellungen\\****\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R1 SASDIFSV;SASDIFSV;c:\programme\kill_Virus_etc\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\kill_Virus_etc\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2010 11:15 66632]
R2 LogWatch;Ereignisprotokoll-Überwachung;c:\programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [19.09.2002 23:29 53248]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [01.06.2009 14:33 61440]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [29.09.2004 17:37 34825]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.10.2009 18:39 19472]
R3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys [07.06.2009 16:08 13824]
R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [29.09.2004 17:53 13824]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25.04.2010 00:29 35816]
S2 gupdate1ca30416aefe1d6;Google Update Service (gupdate1ca30416aefe1d6);c:\programme\Google\Update\GoogleUpdate.exe [08.09.2009 07:01 133104]
S3 CA_LIC_CLNT;CA-Lizenz-Client;c:\programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [19.09.2002 23:27 77824]
S3 CA_LIC_SRVR;CA-Lizenzserver;c:\programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [19.09.2002 23:41 77824]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [09.12.2009 20:39 1527900]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [20.11.2007 18:08 30192]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [01.06.2009 14:33 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [07.06.2009 16:06 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [07.06.2009 16:06 17536]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [28.04.2010 23:58 24416]
S3 SASENUM;SASENUM;c:\programme\kill_Virus_etc\SUPERAntiSpyware\SASENUM.SYS [17.02.2010 11:15 12872]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [29.09.2004 17:37 63608]
S3 TDslMgrService;DSL-Manager;c:\programme\T-Online\DSL-Manager\DslMgrSvc.exe [07.06.2009 16:08 290816]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners

2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-14 04:56]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-08 05:00]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-08 05:00]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006Core.job
- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-06-07 14:38]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1966131690-2052747319-584720533-1006UA.job
- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-06-07 14:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
TCP: {6DB0D123-BBBB-401B-AC7B-3D3E67751340} = 192.168.0.1
TCP: {D0C740C8-96E8-4528-A70A-45855B295A90} = 217.0.43.97 217.0.43.113
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - hxxp://data.flatcast.com/NpFv415.dll
FF - ProfilePath - c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\648yqgzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - component: c:\programme\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\dokume~1\****\ANWEND~1\Flatcast\NpFv522.dll
FF - plugin: c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NpFv415.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NpFv501.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NpFv522.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-ATI Launchpad - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-09 21:29
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\Partizan.log 15599 bytes
c:\dokumente und einstellungen\****\Anwendungsdaten\Software Informer\cache\icons\Cossacks : Back To War.ico 4398 bytes hidden from API

Scan erfolgreich abgeschlossen
versteckte Dateien: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1966131690-2052747319-584720533-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1966131690-2052747319-584720533-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,2a,c1,8f,b6,16,72,dd,95,78,bc,da,3d,10,9b,6f,e8,50,94,72,15,ff,04,
8b,9a,38,2f,03,07,40,33,35,1a,b8,17,df,25,cd,03,8a,b5,64,76,9f,d7,d5,2e,95,\
"??"=hex:cf,ae,ec,d0,bb,e2,a4,e9,ec,1d,c9,3a,fd,1d,70,90

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1980)
c:\programme\TuneUp WinStyler\WinStylerThemeHelper.dll
c:\programme\kill_virus_etc\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\progra~1\GEMEIN~1\Stardock\mcpstub.dll

- - - - - - - > 'lsass.exe'(2036)
c:\programme\TuneUp WinStyler\WinStylerThemeHelper.dll

- - - - - - - > 'explorer.exe'(2452)
c:\programme\TuneUp WinStyler\WinStylerThemeHelper.dll
c:\programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\D\ESBRes.DLL
c:\programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\programme\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\windows\system32\d3dx9_32.dll
c:\programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
c:\programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll
c:\progra~1\GEMEIN~1\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\TuneUp WinStyler\WinStylerThemeSvc.exe
c:\progra~1\GEMEIN~1\Stardock\SDMCP.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\GEMEIN~1\aol\ACS\AOLacsd.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\wanmpsvc.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\carpserv.exe
c:\windows\system32\rundll32.exe
c:\dokume~1\****\LOKALE~1\Temp\{819EA0C1-5E17-4798-B6F0-B0805C8B6FAC}\Garbage truck.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-09 21:41:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-09 19:41

Vor Suchlauf: 24 Verzeichnis(se), 66.888.007.680 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 66.758.516.736 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F07C55C5BE40FA9F2F5BBD78648EBDE0

Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!