Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys

SupaOpa · 30.05.2010, 19:11

Hallo Trojaner-Board-Community

Mein Anti-Viren-Programm AVG (Vollversion) hat mir heute die Meldung gebracht, dass die im Titel genannte Datei ftdisk.sys mit einem "Win32/Patched.DO" infiziert ist. Nur bietet er mir keine Reinigung der Datei an, sondern nur die Option Ignorieren.
Mein System weist zur Zeit ein recht seltsames Verhalten auf was ich schon im CHIP-Forum gepostet habe da ich diese Symptome nicht direkt mit einem Virus in Verbindung gebracht habe.
Hier kurzgefasst die Symptome:
- Windows Update funktioniert nicht ("Die Webseite kann nicht angezeigt werden.")
- auch einige andere Support-Seiten von Microsoft werden ohne zu laden als "kann nicht angezeigt werden" abgestempelt
- im Browser öffnen sich oft von allein willkürlich Seiten (keine Popups/Werbung) bzw. auch wenn ich auf einen Link klicke öffnet sich eine andere Seite als die gewünschte (musste schon um aufs Trojaner-Board komme 4 x Link klicken -> Seite zurück -> link klicken, bis ich hier war)
- Designs-Dienst startet nicht automatisch mit Windows
- (irrelevant?) Bei der Funktion LAN-Verbindung reparieren zeigt er mir an das die Registrierung beim DNS fehlgeschlagen ist
- Ich konnte hier im Forum und auch im CHIP-Forum von meinem eigenen PC aus keine Posts mit Logs erstellen, da ich sofort die Nachricht "Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde."

Wenn mir noch mehr einfällt editiere ich es dazu.
Und nun zum besten Teil den log-dateien!

Habe auch ganz fein säuberlich alle Namen und Computer Namen durch *** ersetzt und bei den Links das http durch h**p ersetzt

Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4152

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.05.2010 20:40:40
mbam-log-2010-05-28 (20-40-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147806
Laufzeit: 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

RSIT [log.txt]:
RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.07 (written by random/random)
Run by *** at 2010-05-28 20:41:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 72 GB (36%) free of 200 GB
Total RAM: 3327 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:38, on 28.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\AVG\AVG9\avgchsvx.exe
C:\Programme\AVG\AVG9\avgrsx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\AVG\AVG9\avgwdsvc.exe
C:\Programme\AVG\AVG9\avgfws9.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\OO Software\Defrag\oodag.exe
C:\Programme\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\AVG\AVG9\avgam.exe
C:\Programme\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\AVG\AVG9\avgemc.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\Programme\OO Software\CleverCache\ooccctrl.exe
C:\Programme\OO Software\Defrag\oodtray.exe
C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programme\ROCCAT\Kone Mouse\osd.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\***\Desktop\Downloads\RSIT.exe
C:\Programme\trend micro\***.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Programme\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [Kone] "C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: h**p://download.windowsupdate.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - h**p://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267016198328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267016189359
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - h**p://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - h**p://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB4653E2-A594-46C8-9B83-080896EC2DEA}: NameServer = 217.237.150.188,192.168.178.1
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Programme\OO Software\Defrag\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Programme\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9997 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG9\avgssie.dll [2010-05-27 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ooccctrl.exe"=C:\Programme\OO Software\CleverCache\ooccctrl.exe [2007-01-28 1911568]
"OODefragTray"=C:\Programme\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"Kone"=C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-05-27 2064736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"Nero BackItUp Scheduler 3"=2
"iPod Service"=3
"Apple Mobile Device"=2

C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart
FRITZ!DSL Startcenter.lnk - C:\Programme\FRITZ!DSL\StCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-05-27 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0
"HonorAutorunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\uTorrent\utorrent.exe"="C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Programme\CCleaner\CCleaner.exe"="C:\Programme\CCleaner\CCleaner.exe:*:Enabled:CCleaner"
"D:\Programme\Warcraft III\Warcraft III.exe"="D:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Programme\World of Warcraft\Launcher.exe"="D:\Programme\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"D:\Programme\Wolfenstein ET\ET.exe"="D:\Programme\Wolfenstein ET\ET.exe:*:Enabled:Wolfenstein - Enemy Territory"
"G:\Programme\WinRAR\WinRAR.exe"="G:\Programme\WinRAR\WinRAR.exe:*:Enabled:WinRAR"
"D:\Programme\Wolfenstein ET\ETStarterPro.exe"="D:\Programme\Wolfenstein ET\ETStarterPro.exe:*:Enabled:ET Starter Pro"
"D:\Programme\Warcraft III\Frozen Throne.exe"="D:\Programme\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"D:\Programme\Age of Empires 2\age2_x1\age2_x1.exe"="D:\Programme\Age of Empires 2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Programme\CS\hl.exe"="D:\Programme\CS\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Programme\Battlefield 2\BF2.exe"="D:\Programme\Battlefield 2\BF2.exe:*:Enabled:BF2"
"C:\Programme\Teamspeak2_RC2\server_windows.exe"="C:\Programme\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"G:\Programme\Curse\CurseClient.exe"="G:\Programme\Curse\CurseClient.exe:*:Enabled:Curse Client"
"D:\Programme\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exe"="D:\Programme\DIE SIEDLER - Aufstieg eines Königreichs\base\bin\Settlers6.exe:*:Enabled:DIE SIEDLER - Aufstieg eines Königreichs"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Sony\Sony Ericsson\Update Service\Update Service.exe"="C:\Programme\Sony\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Programme\Stronghold 2\Stronghold2.exe"="D:\Programme\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\ICQ7.0\ICQ.exe"="C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Programme\Assassin's Creed\AssassinsCreed_Dx9.exe"="D:\Programme\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\Programme\Assassin's Creed\AssassinsCreed_Dx10.exe"="D:\Programme\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\Programme\Assassin's Creed\AssassinsCreed_Launcher.exe"="D:\Programme\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour""
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Steam\steamapps\***\counter-strike source\hl2.exe"="C:\Programme\Steam\steamapps\***\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"C:\Programme\AVG\AVG9\avgam.exe"="C:\Programme\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Programme\AVG\AVG9\avgdiagex.exe"="C:\Programme\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Programme\AVG\AVG9\avgemc.exe"="C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG9\avgupd.exe"="C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG9\avgnsx.exe"="C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQ7.0\ICQ.exe"="C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Programme\ICQ7.0\aolload.exe"="C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-05-28 20:41:19 ----D---- C:\rsit
2010-05-28 20:41:19 ----D---- C:\Programme\trend micro
2010-05-28 17:48:07 ----D---- C:\Programme\UltraUXThemePatcher
2010-05-27 17:15:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-05-27 17:14:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
2010-05-27 17:13:37 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-05-27 14:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-05-27 14:43:15 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-17 19:28:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
2010-05-12 13:13:05 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-05-12 13:04:46 ----A---- C:\WINDOWS\system32\MRT.INI
2010-05-12 13:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-11 18:33:26 ----D---- C:\CFLog
2010-05-06 12:56:45 ----D---- C:\Programme\iPod
2010-05-06 12:54:28 ----D---- C:\Programme\Bonjour
2010-05-03 17:39:32 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-05-03 17:39:32 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-05-03 17:39:32 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-05-03 17:39:32 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-05-03 17:39:30 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-05-03 17:39:30 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-05-03 17:39:30 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-05-03 17:39:30 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-05-03 17:39:30 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-04-30 17:52:29 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WindSolutions
2010-04-30 17:52:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions

======List of files/folders modified in the last 1 months======

2010-05-28 20:41:33 ----D---- C:\WINDOWS\temp
2010-05-28 20:41:19 ----D---- C:\Programme
2010-05-28 20:37:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-28 20:37:11 ----D---- C:\Programme\CCleaner
2010-05-28 20:32:04 ----D---- C:\Dokumente und Einstellungen\***Anwendungsdaten\Skype
2010-05-28 19:30:07 ----DC---- C:\WINDOWS\system32\dllcache
2010-05-28 19:21:52 ----D---- C:\WINDOWS\system32
2010-05-28 19:21:31 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2010-05-28 19:21:26 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
2010-05-28 18:45:05 ----D---- C:\Programme\HijackThis
2010-05-28 17:51:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-28 17:48:08 ----A---- C:\WINDOWS\system32\uxtheme.dll
2010-05-27 22:17:39 ----RSH---- C:\boot.ini
2010-05-27 22:17:39 ----A---- C:\WINDOWS\system32\TUKernel.exe
2010-05-27 17:55:56 ----AD---- C:\WINDOWS
2010-05-27 17:15:00 ----D---- C:\WINDOWS\system32\drivers
2010-05-27 17:13:38 ----D---- C:\WINDOWS\inf
2010-05-27 17:12:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
2010-05-27 17:12:22 ----SHD---- C:\WINDOWS\Installer
2010-05-27 17:11:55 ----D---- C:\Config.Msi
2010-05-27 17:08:03 ----SD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
2010-05-27 16:50:23 ----D---- C:\WINDOWS\system32\oodag
2010-05-27 16:44:59 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-05-27 16:40:07 ----SHD---- C:\System Volume Information
2010-05-27 16:40:07 ----D---- C:\WINDOWS\system32\Restore
2010-05-27 16:33:00 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ!
2010-05-27 16:27:23 ----D---- C:\Programme\Steam
2010-05-27 15:06:35 ----D---- C:\Programme\TuneUp Utilities 2008
2010-05-27 14:59:05 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-27 14:58:21 ----D---- C:\WINDOWS\Debug
2010-05-27 14:55:35 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-27 14:44:14 ----D---- C:\WINDOWS\network diagnostic
2010-05-27 14:37:36 ----D---- C:\WINDOWS\Help
2010-05-27 14:32:28 ----D---- C:\Programme\DirectXtractings
2010-05-27 14:24:29 ----D---- C:\WINDOWS\OPTIONS
2010-05-27 14:23:38 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-05-26 16:05:18 ----D---- C:\Programme\uTorrent
2010-05-25 20:54:47 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent
2010-05-25 19:11:26 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-05-25 16:19:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
2010-05-19 00:07:36 ----D---- C:\WINDOWS\msagent
2010-05-18 22:13:30 ----RSHD---- C:\WINDOWS\system32\MSOffice
2010-05-18 22:07:32 ----RSD---- C:\WINDOWS\assembly
2010-05-18 22:06:37 ----D---- C:\WINDOWS\system32\DirectX
2010-05-18 21:58:44 ----HD---- C:\Programme\InstallShield Installation Information
2010-05-17 22:24:26 ----D---- C:\WINDOWS\system32\RTCOM
2010-05-17 21:47:42 ----D---- C:\WINDOWS\Prefetch
2010-05-17 19:31:22 ----D---- C:\Programme\DivX
2010-05-17 19:30:45 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2010-05-12 13:01:21 ----D---- C:\Programme\Outlook Express
2010-05-12 12:49:49 ----D---- C:\WINDOWS\$hf_mig$
2010-05-10 22:02:22 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
2010-05-06 12:57:02 ----D---- C:\Programme\iTunes
2010-05-06 12:56:44 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-05-03 17:54:28 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-05-03 17:46:19 ----D---- C:\Programme\NVIDIA Corporation
2010-05-03 17:40:52 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
2010-05-03 17:38:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-05-03 17:37:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-30 17:22:46 ----A---- C:\WINDOWS\vncutil.exe
2010-04-30 17:22:46 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-04-30 17:22:46 ----A---- C:\WINDOWS\SkyTel.exe
2010-04-30 17:22:40 ----A---- C:\WINDOWS\RtlUpd.exe
2010-04-30 17:22:40 ----A---- C:\WINDOWS\RTLCPL.EXE
2010-04-30 17:22:34 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2010-04-30 17:22:34 ----A---- C:\WINDOWS\RtkAudioService.exe
2010-04-30 17:22:34 ----A---- C:\WINDOWS\RTHDCPL.EXE
2010-04-30 17:22:28 ----A---- C:\WINDOWS\MicCal.exe
2010-04-30 17:22:22 ----A---- C:\WINDOWS\ALCWZRD.EXE
2010-04-30 17:22:22 ----A---- C:\WINDOWS\ALCMTR.EXE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 43520]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-05-27 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-05-27 29512]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-05-27 242896]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vobcom;vobcom; C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 9728]
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2003-08-29 187392]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-02 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-02 25416]
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2002-04-17 11264]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-05-27 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2002-12-13 64000]
R3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2004-05-11 6656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 KoneFltr;ROCCAT Kone; C:\WINDOWS\system32\drivers\Kone.sys [2008-12-11 13056]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-05-03 225232]
R3 SaiHFF0C;SaiHFF0C; C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]
R3 SaiUFF0C;SaiUFF0C; C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 XDva349;XDva349; \??\C:\WINDOWS\system32\XDva349.sys []
S3 a8139l5c;a8139l5c; C:\WINDOWS\system32\drivers\a8139l5c.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-05-27 30104]
S3 catchme;catchme; \??\C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-12-02 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-12-02 25512]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-04 25280]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
S3 npkcrypt;npkcrypt; \??\G:\Program files\FightRO\Gravity\FightRO\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\G:\Program files\FightRO\Gravity\FightRO\npkcusb.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 scramby;Scramby Microphone; C:\WINDOWS\system32\drivers\scramby.sys [2007-02-13 25896]
S3 scramby_out;Scramby Output; C:\WINDOWS\system32\drivers\scramby_out.sys [2007-08-08 23840]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 sermouse;Serieller Maustreiber; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-08-04 18176]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva225;XDva225; \??\C:\WINDOWS\system32\XDva225.sys []
S3 XDva285;XDva285; \??\C:\WINDOWS\system32\XDva285.sys []
S3 XDva326;XDva326; \??\C:\WINDOWS\system32\XDva326.sys []
S3 XDva347;XDva347; \??\C:\WINDOWS\system32\XDva347.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 avg9emc;AVG E-mail Scanner; C:\Programme\AVG\AVG9\avgemc.exe [2010-05-27 916760]
R2 avg9wd;AVG WatchDog; C:\Programme\AVG\AVG9\avgwdsvc.exe [2010-05-27 308064]
R2 avgfws9;AVG Firewall; C:\Programme\AVG\AVG9\avgfws9.exe [2010-05-27 2325816]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-05-27 5888008]
R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 IGDCTRL;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MBAMService;MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 O&O Defrag;O&O Defrag; C:\Programme\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 OOCleverCacheAgent;O&O CleverCache Agent; C:\Programme\OO Software\CleverCache\ooccag.exe [2007-01-28 391952]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-06 75064]
R2 SimpTcp;Einfache TCP/IP-Dienste; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-13 72704]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-31 361728]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S4 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2008-07-14 89136]
S4 NBService;NBService; G:\Programme\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OMSI download service;Sony Ericsson OMSI download service; G:\Programme\Sony\Sony Ericsson\SupServ.exe [2009-04-30 90112]

-----------------EOF-----------------

--- --- ---

RSIt [info.txt]:
[CODE]info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.06 2010-05-28 20:41:39

======Uninstall list======

-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->G:\Programme\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
µTorrent-->"C:\Programme\uTorrent\uninstall.exe"
7-Zip 4.65-->"G:\Programme\7-Zip\Uninstall.exe"
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Reader 8.2.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A82000000003}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
AMD Dual-Core Optimizer-->MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:G:\Programme\FLV-Player\Uninstall\uninstall.xml"
Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
Auslogics BoostSpeed-->"G:\Programme\AusLogics BoostSpeed\unins000.exe"
AVG 9.0-->C:\Programme\AVG\AVG9\setup.exe /UNINSTALL
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d
AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A}
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7  -removeonly
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Programme\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch-->C:\Programme\InstallShield Installation Information\{D1B7EF59-A3E2-452A-882E-076E1A18D94A}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Programme\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Programme\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19 
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Cross Fire En-->"D:\Programme\CrossFire\unins000.exe"
Curse Client-->G:\Programme\Curse\uninstall.exe
DIE SIEDLER - Aufstieg eines Königreichs-->"C:\Programme\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Driver Magician 3.45-->"G:\Programme\Driver Magician\unins000.exe"
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Empire Earth-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" 
EPSON-Drucker-Software-->C:\WINDOWS\system32\spool\DRIVERS\W32X86\EPUPDATE.EXE /R
ET Starter Pro-->MsiExec.exe /X{666524AE-8EFB-4992-ABE5-C52A62C92407}
FIFA 2003-->D:\Programme\EA Sports\FIFA 2003\EAUninstall.exe
FoxyTunes for Firefox-->"C:\Programme\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Genesys USB Mass Storage Device-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\Setup.exe" 
GIMP 2.6.7-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
ICQ7-->"C:\Programme\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Impulse-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}\Impulse_setup.exe
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe" 
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"D:\Programme\Messsenger Plus!\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II: The Conquerors Expansion-->"D:\Programme\Age of Empires 2\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"D:\Programme\Age of Empires 2\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
MobMap 3.20-->"G:\Programme\MobMapUpdater\unins000.exe"
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSI MSIDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe"  REMOVEALL
MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NBA LIVE 2005-->D:\Programme\EA Sports\NBA Live 2005\EAUninstall.exe
Need for Speed™ Most Wanted-->D:\Programme\EA Games\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 Ultra Edition-->MsiExec.exe /X{7516254D-7F98-49DD-8209-5D2208BD1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
O&O CleverCache-->MsiExec.exe /X{53480390-0EC4-429E-BBEE-78E19EEB03BD}
O&O Defrag Professional-->MsiExec.exe /I{D75814C1-5AA5-4198-BFF6-093A226D9F0D}
OpenAL-->"C:\Programme\OpenAL\OpenALwEAX.exe" /U /S
Pinnacle InstantCD/DVD Suite-->MsiExec.exe /I{AD6B62AC-18A2-4632-86D0-7962E2ECB9D5}
Postal Fudge Pack-->C:\WINDOWS\unvise32.exe D:\Programme\Postal2STP\uninstal.log
PowerISO-->"G:\Programme\PowerISO\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Replay Converter 2.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
ROCCAT Kone Mouse Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9733747E-E53D-4C17-977E-3A872AFB93E1}\Setup.exe" 
S4 League_EU-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9 
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Suite 6.009.00-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x7  -removeonly
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->D:\Programme\Teamspeak2_RC2\unins000.exe
TeamSpeak 2 Server RC2-->"C:\Programme\Teamspeak2_RC2\unins000.exe"
TeamSpeak 3 Client-->"C:\Programme\TeamSpeak 3 Client\uninstall.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ubisoft Game Launcher-->"C:\Programme\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
UltraUXThemePatcher-->C:\Programme\UltraUXThemePatcher\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update Service-->C:\Programme\Sony\Sony Ericsson\Update Service\uninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 1.0.1-->G:\Programme\VLC\uninstall.exe
WC3Banlist-->"D:\Programme\WC3Banlist\unins000.exe"
Winamp-->"G:\Programme\Winamp\UninstWA.exe"
Windows Driver Package - ROCCAT (HidUsb) HIDClass  (09/01/2009 1.00)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\kone_0BE2A7825CAC1740D745513948247887A9782F48\kone.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C710CEED791003E4D635992B02471584893356A0\amdk8.inf
WinPcap 4.1.1-->C:\Programme\WinPcap\uninstall.exe
WinRAR archiver-->G:\Programme\WinRAR\uninstall.exe
Wise Disk Cleaner 4 Professional v4.91-->"G:\Programme\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 4 Professional V4.93-->"G:\Programme\Wise Registry Cleaner 3\unins000.exe"
Wolfenstein - Enemy Territory-->D:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u D:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
World of Warcraft-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

======System event log======

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Installer" befindet sich jetzt im Status "Ausgeführt".

Record Number: 9054
Source Name: Service Control Manager
Time Written: 20100421125326.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Windows Installer" gesendet.

Record Number: 9053
Source Name: Service Control Manager
Time Written: 20100421125326.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Filtertreiber für IP-Verkehr" gesendet.

Record Number: 9052
Source Name: Service Control Manager
Time Written: 20100421124952.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 9051
Source Name: Service Control Manager
Time Written: 20100421124942.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 9050
Source Name: Service Control Manager
Time Written: 20100421124936.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: ***
Event Code: 4096
Message: 
Record Number: 5
Source Name: Avira AntiVir
Time Written: 20091119202955.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 0
Message: 
Record Number: 4
Source Name: iPod Service
Time Written: 20091118132914.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20091118132659.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 1
Message: 
Record Number: 2
Source Name: Bonjour Service
Time Written: 20091118132651.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 4096
Message: 
Record Number: 1
Source Name: Avira AntiVir
Time Written: 20091118132646.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Programme\NVIDIA Corporation\PhysX\Common;C:\Programme\QuickTime\QTSystem;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\Gemeinsame Dateien\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

--- --- ---

Bei Fragen - Einfach fragen! (:
Im Vorraus schon mal ein herzliches

für jede Antwort

MfG SupaOpa

cosinus · 30.05.2010, 19:45

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys

Plagegeister aller Art und deren Bekämpfung: Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys

Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys

Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys

Ähnliche Themen: Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys