| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sdra64 entfernen, aber wie?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.05.2010, 11:29
| #1 |
| |  sdra64 entfernen, aber wie? hi ich habe ein trojanisches programm auf meinem pc und kastersky ist nicht in der lage diesen zu entfernen...was kann ich tun? hier der HijackThis log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:29:39, on 20.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\Programme\Everything\Everything.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Athan\Athan.exe C:\Programme\CyberLink\PowerCinema\PCMAgent.exe C:\Programme\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe C:\Programme\CyberLink\PlayMovie\PMVService.exe C:\Programme\CyberLink\TV Enhance\TVEService.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Programme\Microsoft IntelliType Pro\itype.exe C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe C:\Programme\pdf24\pdf24.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe C:\Programme\DAEMON Tools Pro\DTProAgent.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe C:\Programme\Pando Networks\Media Booster\PMB.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\AirVideoServer\AirVideoServer.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe C:\Programme\VMware\VMware Server\vmware-authd.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\VMware\VMware Server\vmserverdWin32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E3D7ERVP\HiJackThis204[1].exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&source=iglk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: Einladung zum Paradies Toolbar - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O1 - Hosts: 60.190.218.24 www.kavkiskey.com O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Einladung zum Paradies Toolbar - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten6\IEButtonAmazonInterface.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten6\IEButtonEbayInterface.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten6\IEButtonPPInterface.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Einladung zum Paradies Toolbar - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll O4 - HKLM\..\Run: [Everything] "C:\Programme\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [GEST] ] O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Athan] C:\Programme\Athan\Athan.exe O4 - HKLM\..\Run: [PCMAgent] C:\Programme\CyberLink\PowerCinema\PCMAgent.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Programme\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Programme\CyberLink\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [TVEService] "C:\Programme\CyberLink\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [SAFEOEM HotKeys] "C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Phoenix Backup] C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AirVideoServer] C:\Programme\AirVideoServer\AirVideoServer.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; InfoPath.2)" -"hxxp://www.habbo.de/shockwave_client" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: HD Writer AE 1.0.lnk = ? O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten6\\preispiraten.html O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de (file missing) O9 - Extra button: Supreme Auction - {DFE4453A-65DF-47d5-BF37-3D0FD37FBDBB} - C:\Programme\Supreme Auction\SupremeAuctionOnline.exe (HKCU) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg -- End of file - 20111 bytes |
|
20.05.2010, 12:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | sdra64 entfernen, aber wie? Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
20.05.2010, 13:11
| #3 |
| | sdra64 entfernen, aber wie? Malewarebyte:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4119 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.05.2010 14:11:02 mbam-log-2010-05-20 (14-11-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 331132 Laufzeit: 1 Stunde(n), 1 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 14 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 5 Infizierte Verzeichnisse: 7 Infizierte Dateien: 45 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Programme\AutocompletePro\AutocompletePro.dll (Adware.PredictAd) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333} (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e} (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\AutocompletePro.DLL (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro2_is1 (Adware.PredictAd) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\support@predictad.com (Adware.PredictAd) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.PWS) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.PWS) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. C:\Programme\AutocompletePro (Adware.PredictAd) -> Delete on reboot. C:\Programme\AutocompletePro\support@predictad.com (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome\content (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\defaults (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\defaults\preferences (Adware.PredictAd) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\AutocompletePro\AutocompletePro.dll (Adware.PredictAd) -> Delete on reboot. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\getkey1.1\GetKey.exe (Malware.Packer) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\263290.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\pdfupd.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\is-408OV.tmp\AutocompleteProSetup.exe (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\Adobe\Acrobat 9.0\Acrobat\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Adobe\Adobe After Effects CS4\Support Files\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C2FCA812-C5E1-45EF-BD61-30B1576A5F1D}\RP313\A0048665.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C2FCA812-C5E1-45EF-BD61-30B1576A5F1D}\RP327\A0049912.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C2FCA812-C5E1-45EF-BD61-30B1576A5F1D}\RP284\A0045227.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Trojan.PWS) -> Delete on reboot. C:\WINDOWS\Temp\3C.tmp (Trojan.PWS) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{3FEB041B-CBC1-4589-ADA6-53A8B379D077}\RP13\A0001254.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{3FEB041B-CBC1-4589-ADA6-53A8B379D077}\RP13\A0001256.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{3FEB041B-CBC1-4589-ADA6-53A8B379D077}\RP13\A0001258.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{3FEB041B-CBC1-4589-ADA6-53A8B379D077}\RP13\A0001261.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{3FEB041B-CBC1-4589-ADA6-53A8B379D077}\RP13\A0001263.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{3FEB041B-CBC1-4589-ADA6-53A8B379D077}\RP13\A0001318.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. E:\programme\After Effect\All_After_Effects_Plugins\Trapcode 3DStroke v2.04\Trapcode 3DStroke v2.04\trapcode.multikeygen.v1.2.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. E:\programme\After Effect\All_After_Effects_Plugins\Trapcode Echospace v1.0.1\Trapcode Echospace v1.0.1\trapcode.multikeygen.v1.2.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. E:\programme\After Effect\All_After_Effects_Plugins\Trapcode Lux v1.01\Trapcode Lux v1.01\trapcode.multikeygen.v1.2.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. E:\programme\After Effect\All_After_Effects_Plugins\Trapcode Particular v1.50\Trapcode Particular v1.50\trapcode.multikeygen.v1.2.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. E:\programme\After Effect\All_After_Effects_Plugins\Trapcode Starglow v1.03\Trapcode Starglow v1.03\trapcode.multikeygen.v1.2.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. E:\programme\After Effect\All_After_Effects_Plugins\Panopticum New Year Toy v1.0\Panopticum New Year Toy v1.0\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. E:\programme\After Effect\Effect\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\programme\After Effect\Serial\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\programme\Mainboard\DVB-T Treiber\Blaze.HDTV.Player.3.5\Crack\blazevideo.hdtv.player.3.5-nope.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\programme\Sony Vegas Pro 9.0 Build 563 ( 32bit )\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{246C13B8-8F6D-4FE2-939D-7B31A72D2C13}\RP19\A0002047.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\AcRemoteUpdate.exe (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\InstTracker.exe (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\TaskScheduler.dll (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\unins000.dat (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\unins000.exe (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome.manifest (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\install.rdf (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome\content\options.js (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome\content\options.xul (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\chrome\content\utils.js (Adware.PredictAd) -> Quarantined and deleted successfully. C:\Programme\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js (Adware.PredictAd) -> Quarantined and deleted successfully. |
|
20.05.2010, 13:51
| #4 |
| | sdra64 entfernen, aber wie? OTL: Code:
ATTFilter OTL Extras logfile created on: 20.05.2010 14:48:30 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 5373 10000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 94,66 Gb Total Space | 3,58 Gb Free Space | 3,78% Space Free | Partition Type: NTFS
Drive D: | 175,79 Gb Total Space | 98,21 Gb Free Space | 55,87% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 145,43 Gb Free Space | 74,46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 550,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ---
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"58066:TCP" = 58066:TCP:*:Enabled:Pando Media Booster
"58066:UDP" = 58066:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\CyberLink\TV Enhance\TVEnhance.exe" = C:\Programme\CyberLink\TV Enhance\TVEnhance.exe:*:Enabled:CyberLink TVEnhance -- (CyberLink Corp.)
"C:\Programme\CyberLink\TV Enhance\TVEService.exe" = C:\Programme\CyberLink\TV Enhance\TVEService.exe:*:Enabled:CyberLink TVEnhance Resident Program -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IEPro\MiniDM.exe" = C:\Programme\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\Microsoft Games\Rise of Nations\thrones.exe" = C:\Programme\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Programme\CyberLink\TV Enhance\TVEnhance.exe" = C:\Programme\CyberLink\TV Enhance\TVEnhance.exe:*:Enabled:CyberLink TVEnhance -- (CyberLink Corp.)
"C:\Programme\CyberLink\TV Enhance\TVEService.exe" = C:\Programme\CyberLink\TV Enhance\TVEService.exe:*:Enabled:CyberLink TVEnhance Resident Program -- (CyberLink Corp.)
"C:\Programme\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE" = C:\Programme\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9) -- (CAPCOM CO., LTD.)
"C:\Programme\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE" = C:\Programme\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10) -- (CAPCOM CO., LTD.)
"C:\Programme\eBay\Turbo Lister2\Tl.exe" = C:\Programme\eBay\Turbo Lister2\Tl.exe:*:Enabled:eBay Turbo Lister 2 -- (eBay Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\AirVideoServer\AirVideoServer.exe" = C:\Programme\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{090765EE-74A0-4ABB-9B15-4C1F80AB3E10}" = Catalyst Control Center Graphics Full Existing
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{190B4E60-FE37-4B8C-A661-172997347A90}" = Sony Media Manager 2.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B822A6-372A-43E2-9230-0AFA4EC84F8C}" = Lexware buchhalter 2009
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1AC38EA5-454C-4443-834F-6B34106581E1}" = Sony DVD Architect 4.0
"{1F7F3E8C-956E-445C-BECE-4947D164A0BF}" = Sony Vegas 7.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2576C501-677F-3206-C73C-E4F90F9433C4}" = ccc-core-preinstall
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{390B21DF-7C00-8CE2-B205-B199BADCC4B7}" = Catalyst Control Center Graphics Previews Common
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C35A5B5-940E-B44D-1ADA-52F1FE501FC7}" = Catalyst Control Center Graphics Full New
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}" = Preispiraten
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66B4E395-38E3-D233-FB72-EB81DF545985}" = Catalyst Control Center Graphics Light
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8913BD67-274C-0581-203B-9DA14CE43175}" = ccc-core-static
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8CA071D3-A3DD-4EDD-A997-AFB178A181C7}" = DaViDeo ultimate
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D35E8-D426-3E2E-8222-F4FFD9E104FD}" = Google Gears
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A79E6F7D-002A-9B6C-7CB9-60CED94201DA}" = CCC Help English
"{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}" = HP Install Network Printer Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 lite - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DB5443C9-A1C7-302A-1C1D-E24191B0E63D}" = Catalyst Control Center HydraVision Full
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E17E6A29-9FC8-30D8-8A33-0614F616A552}" = Catalyst Control Center Core Implementation
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE6D6D42-6AE2-A259-F8C2-193CCE10C569}" = ccc-utility
"{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}" = VMware Server
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Air Video Server" = Air Video Server 2.2.6u1
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Athan" = Athan Pro 3.0
"ATI Display Driver" = ATI Display Driver
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DVBViewer Pro_is1" = DVBViewer Pro Version 3.9.0.0
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DXAddon" = DirectX 9.0c Zusatzdateien - März 2009
"EA Download Manager" = EA Download Manager
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"Easy-WebPrint" = Easy-WebPrint
"Einladung_zum_Paradies Toolbar" = Einladung_zum_Paradies Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2925] [2009-04-29]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free MTS 2 MPEG-2 Converter Lite_is1" = Free MTS 2 MPEG-2 Converter Lite
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Handbrake" = Handbrake 0.9.4
"HijackThis" = HijackThis 2.0.2
"IE7Pro" = IE7Pro
"IE8" = Sereby's Updatepack - IE8 Addon Version 1.0.3
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"IsoBuster_is1" = IsoBuster 2.7
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"MAGIX Music Maker 15 Premium Download-Version D" = MAGIX Music Maker 15 Premium Download-Version 15.0.1.5 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mouse Joypad V1.0" = Mouse Joypad V1.0
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"MPlayer2" = Windows Media Player 5.2
"Nero Micro 9.2.6.0" = Nero Micro 9.2.6.0 Build.2.3
"Nvu_is1" = Nvu 1.0
"PalTalk8.2" = PaltalkScene
"PDF Editor 2" = PDF Editor 2
"PokerStars" = PokerStars
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rapidshare Search Tool_is1" = Rapidshare Search Tool
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Runtimes" = Allgemeine Runtime Dateien
"SEOToolkit30_is1" = Trellian SEO Toolkit v3.0
"SopCast" = SopCast 3.2.4
"Supreme Auction_is1" = Supreme Auction
"TellmeMoreV50Ara" = TeLL me More
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"UFC Poker" = UFC Poker
"Universal Extractor_is1" = Universal Extractor 1.6
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft DVD to iPad Converter" = Xilisoft DVD to iPad Converter
"Xilisoft MP4 Converter" = Xilisoft MP4 Converter
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.9.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = QMC
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2010 07:27:14 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 596: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 07:27:14 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 584: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 07:27:14 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 07:27:14 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 352: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 19:23:17 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 356: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 19:23:17 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 352: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 19:23:17 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 19:23:17 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 584: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 19:23:17 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 596: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.05.2010 19:23:17 | Computer Name = --- | Source = Bonjour Service | ID = 100
Description = 608: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ OSession Events ]
Error - 31.08.2009 20:22:33 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10119
seconds with 540 seconds of active time. This session ended with a crash.
Error - 12.11.2009 22:10:36 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5545
seconds with 300 seconds of active time. This session ended with a crash.
Error - 13.11.2009 20:18:50 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.01.2010 10:26:07 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.04.2010 08:22:15 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 165
seconds with 120 seconds of active time. This session ended with a crash.
Error - 30.04.2010 17:56:10 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11666
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.04.2010 20:20:48 | Computer Name = --- | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{87CA8FCF-9D33-40E2-B474-A5D2F5EFD297} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 30.04.2010 14:10:51 | Computer Name = --- | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0018E733CD2F zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 14.05.2010 14:27:17 | Computer Name = --- | Source = PSched | ID = 14107
Description = QoS [Adapter {A6502C9C-B36F-400D-A00E-E82DC3D529EB}]: Der Paketplaner
konnte den virtuellen Miniport mit NDIS nicht initialisieren.
Error - 15.05.2010 05:33:02 | Computer Name = --- | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
für die COM-Serveranwendung mit CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} gewährt.
Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 15.05.2010 05:33:02 | Computer Name = --- | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
für die COM-Serveranwendung mit CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} gewährt.
Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 19.05.2010 06:28:01 | Computer Name = --- | Source = Print | ID = 6161
Description = Das Dokument PDF_Rechnung_M211100106043017_04-2010[1].pdf, im Besitz
von Administrator, konnte nicht auf dem Drucker Canon iP4300 gedruckt werden. Datentyp:
NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 262144. Anzahl der gedruckten
Bytes: 163100. Gesamtanzahl der Seiten des Dokuments: 4. Anzahl der gedruckten
Seiten: 0. Clientcomputer: \\---. Vom Druckprozessor zurückgelieferter Win32-Fehlercode:
13 (0xd).
Error - 20.05.2010 08:26:09 | Computer Name = --- | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume3" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
< End of report >
|
|
20.05.2010, 13:53
| #5 |
| | sdra64 entfernen, aber wie?Code:
ATTFilter OTL logfile created on: 20.05.2010 14:48:30 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 5373 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 94,66 Gb Total Space | 3,58 Gb Free Space | 3,78% Space Free | Partition Type: NTFS Drive D: | 175,79 Gb Total Space | 98,21 Gb Free Space | 55,87% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 145,43 Gb Free Space | 74,46% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 550,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: --- Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AirVideoServer\AirVideoServer.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\VMware\VMware Server\vmserverdWin32.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Programme\Everything\Everything.exe () PRC - C:\Programme\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe (Panasonic Corporation) PRC - C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe () PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Programme\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.) PRC - C:\Programme\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.) PRC - C:\Programme\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\SYDATEC\Phoenix Backup Professional\pbtray.exe (SYDATEC) PRC - C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) PRC - C:\Programme\Athan\Athan.exe (www.IslamicFinder.org) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WiselinkPro) -- C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) SRV - (vmserverdWin32) -- C:\Programme\VMware\VMware Server\vmserverdWin32.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (vmount2) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMparport) -- C:\WINDOWS\system32\drivers\vmparport.sys (VMware, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (SLEE_16_DRIVER) -- C:\WINDOWS\system32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (EC168BDA) -- C:\WINDOWS\system32\drivers\EC168BDA.sys (e3C, Inc.) DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (vstor2) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (XBCD) -- C:\WINDOWS\system32\drivers\xbcd.sys (Redcl0ud) DRV - (Tihid) -- C:\WINDOWS\system32\drivers\tihid.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&source=iglk IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s IE - HKCU\..\URLSearchHook: {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://lianjo.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.0.145 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: {EC1B67CA-A2CD-4931-915A-63D5341D1285}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {144D1513-0819-4538-AD26-D515AF443AE7}:1.1.1.0 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}:1.0.0.9 FF - prefs.js..extensions.enabledItems: {4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}:1.0.0.6 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0 FF - prefs.js..extensions.enabledItems: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB}:1.0.5.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3 FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19 FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2 FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.6.7 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2009.09.14 15:12:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.17 00:01:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.17 00:01:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.05.18 13:37:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009.09.23 02:38:45 | 000,000,000 | ---D | M] [2009.12.28 01:43:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2009.12.28 01:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.19 01:30:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions [2010.04.04 00:28:30 | 000,000,000 | ---D | M] (Screengrab) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.02.16 13:48:20 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.02.16 13:48:26 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.05.11 17:33:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.02.16 13:48:17 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2010.02.16 13:48:38 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.02.16 13:48:19 | 000,000,000 | ---D | M] (ShowIP) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2010.02.16 13:48:17 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2010.02.16 13:48:17 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} [2009.05.04 01:39:24 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2010.02.16 13:48:17 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2010.05.13 01:15:21 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009.08.15 23:58:25 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.02.16 13:48:17 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2010.05.11 17:33:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.16 13:48:29 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.02.16 13:48:17 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2010.05.11 17:33:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.11 17:33:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.02.16 13:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.04.04 00:28:34 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.05.11 17:33:33 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.02.24 22:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\add-to-searchbox@maltekraus.de [2010.02.16 13:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.05.04 01:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\firebug@software.joehewitt.com [2010.02.16 13:48:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\firefox@tvunetworks.com [2010.05.11 17:33:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org [2010.04.04 00:28:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\sortplaces@andyhalford.com [2009.05.04 01:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de [2010.03.09 13:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\extensions\toolbar@ask.com [2010.03.09 13:15:44 | 000,002,426 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\.default\searchplugins\askcom.xml [2010.05.17 05:13:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.30 02:47:24 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2009.09.30 02:47:30 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2009.09.30 02:47:28 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} [2009.09.30 02:47:22 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2009.09.30 02:47:15 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Programme\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2009.09.30 02:47:36 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Programme\Mozilla Firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2009.09.30 02:47:32 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2010.03.16 02:20:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2009.09.28 02:44:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.09.28 02:44:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.09.28 02:44:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2007.04.20 18:32:00 | 000,004,292 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SP_ebay_de.xml [2007.01.08 13:48:12 | 000,009,095 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SP_preispiraten_de.xml [2009.09.28 02:44:08 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.09.28 02:44:08 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.09.30 00:54:53 | 000,000,885 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 60.190.218.24 www.kavkiskey.com O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Einladung zum Paradies Toolbar) - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll (Conduit Ltd.) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten6\IEButtonAmazonInterface.dll () O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten6\IEButtonEbayInterface.dll () O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.) O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten6\IEButtonPPInterface.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Einladung zum Paradies Toolbar) - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Einladung zum Paradies Toolbar) - {6813E189-51E7-4D89-A90D-B9C53F2119BB} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Athan] C:\Programme\Athan\Athan.exe (www.IslamicFinder.org) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CLMLServer] C:\Programme\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Everything] C:\Programme\Everything\Everything.exe () O4 - HKLM..\Run: [GEST] File not found O4 - HKLM..\Run: [itype] C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [PCMAgent] C:\Programme\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PlayMovie] C:\Programme\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TVEService] C:\Programme\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [AirVideoServer] C:\Programme\AirVideoServer\AirVideoServer.exe () O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.) O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Phoenix Backup] C:\Programme\SYDATEC\Phoenix Backup Professional\pbtray.exe (SYDATEC) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HD Writer AE 1.0.lnk = C:\Programme\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe (Panasonic Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten6\\preispiraten.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.) O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe () O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 () - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.15 01:38:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.14 02:43:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.09.29 17:52:46 | 000,000,140 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2070.01.01 02:00:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Destinator ND [2010.05.20 12:46:08 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.05.20 12:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.05.20 12:45:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.20 12:45:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.20 12:45:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.20 12:45:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.20 12:38:08 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.18 12:38:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\HandBrake [2010.05.18 12:38:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake [2010.05.18 12:38:00 | 000,000,000 | ---D | C] -- C:\Programme\Handbrake [2010.05.18 03:21:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Local Settings [2010.05.18 03:21:22 | 000,000,000 | -H-D | C] -- C:\jexepackres [2010.05.18 03:21:15 | 000,000,000 | ---D | C] -- C:\Programme\AirVideoServer [2010.05.18 02:28:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Xilisoft Corporation [2010.05.18 01:53:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CocoonSoftware [2010.05.18 01:52:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WDSetup [2010.05.18 01:47:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\4Media [2010.05.18 01:14:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Aiseesoft Studio [2010.05.18 01:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Aiseesoft Studio [2010.05.18 01:05:55 | 000,000,000 | ---D | C] -- C:\Programme\Xilisoft [2010.05.17 04:42:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Free iPad Video Converter [2010.05.17 04:37:08 | 000,000,000 | ---D | C] -- C:\Programme\Convert AVI to MP4 [2010.05.17 00:03:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.05.17 00:03:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.05.17 00:01:20 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.05.16 23:59:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Apple [2010.05.16 23:59:44 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.05.16 23:59:26 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll [2010.05.16 23:58:36 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.05.16 23:58:26 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.05.16 23:58:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple [2010.05.16 01:01:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\TT Navigator 6_203 [2010.05.16 00:33:16 | 000,000,000 | ---D | C] -- C:\Programme\AvantGo Connect [2010.05.16 00:33:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files [2010.05.16 00:32:10 | 000,114,688 | ---- | C] (AvantGo, Inc.) -- C:\WINDOWS\System32\malslib.dll [2010.05.16 00:32:10 | 000,077,903 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rapi.dll [2010.05.16 00:32:10 | 000,069,632 | ---- | C] (AvantGo, Inc.) -- C:\WINDOWS\System32\mbllnk.cpl [2010.05.16 00:32:10 | 000,065,619 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pmailext.dll [2010.05.16 00:32:10 | 000,065,617 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ppvexp.dll [2010.05.16 00:32:10 | 000,061,523 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MsgStRPC.dll [2010.05.16 00:32:10 | 000,036,946 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ppcload.dll [2010.05.16 00:32:10 | 000,024,657 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ceutil.dll [2010.05.16 00:32:10 | 000,024,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uicom.dll [2010.05.16 00:32:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync [2010.05.16 00:10:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Navi [2010.05.16 00:07:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\TT7-CE4.2_u_CE6.0 [2010.05.14 20:26:21 | 000,089,896 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys [2010.05.14 20:26:21 | 000,047,272 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwusb.sys [2010.05.14 20:26:20 | 000,156,392 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwdndis.sys [2010.05.14 20:26:20 | 000,057,384 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys [2010.05.14 20:26:20 | 000,037,160 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btport.sys [2010.05.14 20:26:19 | 000,990,632 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys [2010.05.14 20:26:19 | 000,534,440 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys [2010.05.14 20:26:09 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM [2010.05.06 01:09:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Pokemon [2010.05.04 17:28:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Nitro.PDF.Professional.v6.0.0.29 [2010.05.04 17:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2010.05.04 17:21:20 | 000,172,032 | RHS- | C] (GxieL9) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mczfr.exe [2010.05.02 23:29:28 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.05.02 23:29:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.05.02 23:29:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Einladung_zum_Paradies [2010.05.02 23:29:26 | 000,000,000 | ---D | C] -- C:\Programme\Einladung_zum_Paradies [2010.04.27 17:52:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\nim20 [2010.04.27 17:52:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\nim19 [2010.04.24 02:48:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Destinator_8.0.20.21.1 [2010.04.22 14:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\3 4 The Money [2010.04.20 15:40:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\04_15_18_51_33 [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.20 14:37:13 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.20 14:37:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.20 14:37:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.20 14:37:10 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2010.05.20 14:36:01 | 007,074,848 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.05.20 14:36:01 | 001,245,216 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010.05.20 14:36:01 | 000,061,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.05.20 14:36:01 | 000,009,528 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010.05.20 14:35:55 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat [2010.05.20 14:35:55 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.05.20 14:31:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.20 14:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.05.20 13:53:00 | 000,063,265 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\1_Preisliste_DHL Paket_500-1000_S.pdf [2010.05.20 12:46:10 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.05.20 12:45:32 | 000,000,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 12:38:08 | 000,001,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.05.20 06:59:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.19 22:54:55 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2007.lnk [2010.05.19 14:04:37 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.05.19 12:26:57 | 000,082,986 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PDF_Rechnung_M211100108547965_05-2010.pdf [2010.05.19 12:24:07 | 000,033,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kreditkartenabrechnung_4907xxxxxxxx9402_per_2010_04_22.pdf [2010.05.19 12:23:37 | 000,104,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kontoauszug_1004041958_Nr_2010_005_per_2010_05_05.pdf [2010.05.19 12:22:53 | 000,078,801 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Herunterladen.pdf [2010.05.19 03:40:44 | 272,058,796 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Die Schöpfung.m4v [2010.05.19 02:32:12 | 000,027,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\0118.pdf [2010.05.19 02:31:19 | 000,117,345 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\0201.pdf [2010.05.19 02:30:53 | 000,036,610 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\0023.pdf [2010.05.19 01:00:03 | 018,639,319 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\3DstoryBook-v1.0.ipa [2010.05.19 00:39:11 | 164,501,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RealRacingHD-1.02-Cod3ReD-363998989.ipa [2010.05.19 00:09:31 | 000,050,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2012.2009.1080p.BluRay.DTS.DL.x264-HDC.dlc [2010.05.19 00:08:06 | 000,013,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\bookeli720nl-75ttm2lapdhdt.dlc [2010.05.18 19:20:00 | 000,010,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Auftrag_Rechnung 2010-1021235.pdf [2010.05.18 12:38:00 | 000,000,667 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Handbrake.lnk [2010.05.18 12:07:55 | 000,058,075 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung878.docx [2010.05.18 03:21:17 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Air Video Server.lnk [2010.05.18 03:13:35 | 000,380,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\StreamToMe-2.0.4-Cre4tiVe.ipa [2010.05.18 02:26:55 | 000,001,685 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Xilisoft MP4 Converter.lnk [2010.05.18 02:18:59 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.18 01:53:24 | 000,000,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QUICKMEDIACONVERTER.lnk [2010.05.18 01:06:08 | 000,000,843 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Xilisoft DVD to iPad Converter.lnk [2010.05.18 00:34:00 | 000,000,462 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Dokument.rtf [2010.05.17 14:04:52 | 000,000,138 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\absprint.ini [2010.05.17 04:37:10 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Convert AVI to MP4.lnk [2010.05.17 03:43:38 | 000,070,340 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010.05.17 03:14:41 | 000,007,497 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\onlinstellen.rtf [2010.05.17 00:01:48 | 000,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.05.16 23:59:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.05.16 20:28:08 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\eBay Turbo Lister 2.lnk [2010.05.16 13:41:53 | 000,023,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d6.JPG [2010.05.16 13:41:42 | 000,030,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d5.JPG [2010.05.16 13:41:30 | 000,021,626 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d4.JPG [2010.05.16 13:41:22 | 000,023,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d3.JPG [2010.05.16 13:41:14 | 000,033,983 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d2.JPG [2010.05.16 13:41:05 | 000,033,795 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d1.JPG [2010.05.16 00:33:21 | 000,002,510 | ---- | M] () -- C:\WINDOWS\Microsoft.MIF [2010.05.16 00:33:15 | 000,002,464 | ---- | M] () -- C:\WINDOWS\$_hpcst$.hpc [2010.05.14 20:26:10 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk [2010.05.14 02:25:24 | 000,010,487 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Alle Drehbücher.docx [2010.05.13 20:05:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.11 16:20:00 | 000,022,222 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bericht2.pdf [2010.05.11 16:19:00 | 000,022,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bericht.pdf [2010.05.08 19:39:16 | 000,015,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Notizen.docx [2010.05.05 10:51:39 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2010.05.05 10:51:39 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2010.05.04 16:44:52 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI [2010.05.04 02:43:24 | 000,000,178 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\facebook.rtf [2010.05.03 14:19:00 | 000,661,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\P4220022.JPG [2010.05.03 14:19:00 | 000,648,678 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\P4220021.JPG [2010.05.01 02:46:25 | 000,064,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\szenen.veg [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.29 01:50:11 | 000,044,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\trailer.veg [2010.04.28 01:04:00 | 000,021,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RestpostenRechnung1.pdf [2010.04.28 01:04:00 | 000,021,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung1.pdf [2010.04.27 00:38:07 | 000,000,418 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml% [2010.04.24 22:54:30 | 000,027,783 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RechnungChaerShop.pdf [2010.04.24 22:51:53 | 000,027,780 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung217.pdf [2010.04.24 01:34:44 | 000,435,669 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RR613550657DE.JPG [2010.04.22 16:26:24 | 000,013,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Warenbestand.docx [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.20 13:53:00 | 000,063,265 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\1_Preisliste_DHL Paket_500-1000_S.pdf [2010.05.20 12:45:32 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 12:38:08 | 000,001,699 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.05.19 12:26:57 | 000,082,986 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PDF_Rechnung_M211100108547965_05-2010.pdf [2010.05.19 12:24:07 | 000,033,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kreditkartenabrechnung_4907xxxxxxxx9402_per_2010_04_22.pdf [2010.05.19 12:23:37 | 000,104,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kontoauszug_1004041958_Nr_2010_005_per_2010_05_05.pdf [2010.05.19 12:22:53 | 000,078,801 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Herunterladen.pdf [2010.05.19 03:24:29 | 272,058,796 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Die Schöpfung.m4v [2010.05.19 02:32:12 | 000,027,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\0118.pdf [2010.05.19 02:31:19 | 000,117,345 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\0201.pdf [2010.05.19 02:30:53 | 000,036,610 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\0023.pdf [2010.05.19 00:39:31 | 018,639,319 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\3DstoryBook-v1.0.ipa [2010.05.19 00:39:11 | 164,501,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RealRacingHD-1.02-Cod3ReD-363998989.ipa [2010.05.19 00:09:31 | 000,050,096 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2012.2009.1080p.BluRay.DTS.DL.x264-HDC.dlc [2010.05.19 00:08:05 | 000,013,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\bookeli720nl-75ttm2lapdhdt.dlc [2010.05.18 19:20:00 | 000,010,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Auftrag_Rechnung 2010-1021235.pdf [2010.05.18 12:38:00 | 000,000,667 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Handbrake.lnk [2010.05.18 03:21:17 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Air Video Server.lnk [2010.05.18 03:13:35 | 000,380,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\StreamToMe-2.0.4-Cre4tiVe.ipa [2010.05.18 02:26:55 | 000,001,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Xilisoft MP4 Converter.lnk [2010.05.18 01:53:24 | 000,000,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QUICKMEDIACONVERTER.lnk [2010.05.18 01:06:08 | 000,000,843 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Xilisoft DVD to iPad Converter.lnk [2010.05.18 00:25:35 | 000,058,075 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung878.docx [2010.05.17 04:37:10 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Convert AVI to MP4.lnk [2010.05.17 03:43:38 | 000,070,340 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.05.17 00:04:26 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.05.17 00:01:48 | 000,001,585 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.05.16 23:59:51 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.05.16 13:41:53 | 000,023,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d6.JPG [2010.05.16 13:41:42 | 000,030,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d5.JPG [2010.05.16 13:41:30 | 000,021,626 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d4.JPG [2010.05.16 13:41:22 | 000,023,163 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d3.JPG [2010.05.16 13:41:14 | 000,033,983 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d2.JPG [2010.05.16 13:41:05 | 000,033,795 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d1.JPG [2010.05.16 01:26:07 | 000,007,497 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\onlinstellen.rtf [2010.05.16 00:33:15 | 000,002,464 | ---- | C] () -- C:\WINDOWS\$_hpcst$.hpc [2010.05.16 00:32:10 | 000,057,426 | ---- | C] () -- C:\WINDOWS\System32\mobileV.acm [2010.05.16 00:31:46 | 000,002,510 | ---- | C] () -- C:\WINDOWS\Microsoft.MIF [2010.05.14 20:26:10 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk [2010.05.11 16:41:45 | 000,000,462 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Dokument.rtf [2010.05.11 16:20:00 | 000,022,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bericht2.pdf [2010.05.11 16:19:00 | 000,022,699 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bericht.pdf [2010.05.08 19:43:02 | 000,015,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Notizen.docx [2010.05.04 02:43:24 | 000,000,178 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\facebook.rtf [2010.05.04 02:20:29 | 000,010,487 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Alle Drehbücher.docx [2010.05.03 14:19:00 | 000,661,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\P4220022.JPG [2010.05.03 14:19:00 | 000,648,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\P4220021.JPG [2010.04.28 17:46:22 | 000,064,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\szenen.veg [2010.04.28 17:39:32 | 000,044,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\trailer.veg [2010.04.28 01:04:00 | 000,021,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RestpostenRechnung1.pdf [2010.04.28 01:04:00 | 000,021,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung1.pdf [2010.04.27 00:38:07 | 000,000,418 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml% [2010.04.24 22:54:28 | 000,027,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RechnungChaerShop.pdf [2010.04.24 22:51:45 | 000,027,780 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung217.pdf [2010.04.24 03:45:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2010.04.24 01:34:43 | 000,435,669 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\RR613550657DE.JPG [2010.04.20 00:28:41 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.04.20 00:28:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010.04.14 14:01:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010.02.16 02:02:45 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010.02.16 02:02:44 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2010.02.16 02:02:44 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010.01.23 12:14:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2010.01.09 16:53:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.12.11 20:30:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\Tipage.dll [2009.12.11 20:30:19 | 000,004,505 | ---- | C] () -- C:\WINDOWS\System32\drivers\tihid.sys [2009.11.28 20:12:49 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.11.28 20:12:49 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2009.11.28 20:12:49 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.09.24 16:12:20 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll [2009.09.24 16:12:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\StuffIt.dll [2009.09.24 16:12:17 | 000,057,396 | ---- | C] () -- C:\WINDOWS\System32\pthreadVCE.dll [2009.09.11 23:11:17 | 000,000,917 | ---- | C] () -- C:\WINDOWS\System32\CLWatson.ini [2009.09.08 12:45:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2009.09.08 12:43:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2009.09.08 12:42:18 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2009.09.08 12:41:55 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2009.08.15 23:14:24 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.08.15 04:05:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.08.15 01:53:16 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.08.15 01:49:31 | 000,000,100 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.08.15 01:49:29 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.08.15 01:48:51 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2009.08.15 01:48:51 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll [2009.08.15 01:48:51 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2009.08.15 01:43:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.08.15 01:43:26 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.06.17 12:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll [2009.05.03 03:48:01 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2009.05.03 03:47:59 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008.11.14 18:07:18 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA120VC8.dll [2008.11.13 23:43:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll [2008.11.10 18:03:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2008.11.10 18:02:10 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2008.11.10 18:00:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2008.11.10 18:00:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2008.08.25 22:58:03 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini [2008.04.14 13:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report > |
|
20.05.2010, 14:09
| #6 |
| | sdra64 entfernen, aber wie? hier die der aktuelle log hijackthis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:08:15, on 20.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\Programme\Everything\Everything.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Athan\Athan.exe C:\Programme\CyberLink\PowerCinema\PCMAgent.exe C:\Programme\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe C:\Programme\CyberLink\PlayMovie\PMVService.exe C:\Programme\CyberLink\TV Enhance\TVEService.exe C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Programme\Microsoft IntelliType Pro\itype.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\pdf24\pdf24.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\DAEMON Tools Pro\DTProAgent.exe C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\AirVideoServer\AirVideoServer.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe C:\Programme\VMware\VMware Server\vmware-authd.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\VMware\VMware Server\vmserverdWin32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&source=iglk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Einladung zum Paradies Toolbar - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll O1 - Hosts: 60.190.218.24 www.kavkiskey.com O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Einladung zum Paradies Toolbar - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten6\IEButtonAmazonInterface.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten6\IEButtonEbayInterface.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten6\IEButtonPPInterface.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Einladung zum Paradies Toolbar - {6813e189-51e7-4d89-a90d-b9c53f2119bb} - C:\Programme\Einladung_zum_Paradies\tbEinl.dll O4 - HKLM\..\Run: [Everything] "C:\Programme\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [GEST] ] O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Athan] C:\Programme\Athan\Athan.exe O4 - HKLM\..\Run: [PCMAgent] C:\Programme\CyberLink\PowerCinema\PCMAgent.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Programme\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Programme\CyberLink\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [TVEService] "C:\Programme\CyberLink\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [SAFEOEM HotKeys] "C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Phoenix Backup] C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AirVideoServer] C:\Programme\AirVideoServer\AirVideoServer.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; InfoPath.2)" -"hxxp://www.habbo.de/shockwave_client" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: HD Writer AE 1.0.lnk = ? O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten6\\preispiraten.html O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de (file missing) O9 - Extra button: Supreme Auction - {DFE4453A-65DF-47d5-BF37-3D0FD37FBDBB} - C:\Programme\Supreme Auction\SupremeAuctionOnline.exe (HKCU) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg -- End of file - 18946 bytes |
|
20.05.2010, 14:44
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  sdra64 entfernen, aber wie?Zitat:
 Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu sdra64 entfernen, aber wie? |
| ask toolbar, ask.com, bho, bonjour, browser, browseui preloader, canon, desktop, ebay, einstellungen, entfernen, excel, google, gupdate, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, hängen, internet, kaspersky, pando media booster, plug-in, preferences, programm, schutz, security, software, system, trojan.agent.ck, trojanisches programm, windows xp |
Linear-Darstellung
