Antivir Solution Pro

No136 · 21.07.2010, 02:45

Hallo,

vor drei Stunden ging der Terror los. Antivir meldete mehrere Trojaner etc. und anschl. erschien dann Antivir Solution Pro.

Habe mich an die Anleitung (Antivir Solution Pro entfernen) aus diesem Forum gehalten und alles wie beschrieben ausgeführt.

Dies ist Malwarebytes Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4333

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/21/2010 3:28:01 AM
mbam-log-2010-07-21 (03-28-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|I:\|)
Durchsuchte Objekte: 369279
Laufzeit: 1 Stunde(n), 36 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 26
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 5
Infizierte Dateien: 19

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7954220-5bcc-4018-bd5e-43998ee97c25} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7954220-5bcc-4018-bd5e-43998ee97c25} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7954220-5bcc-4018-bd5e-43998ee97c25} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7954220-5bcc-4018-bd5e-43998ee97c25} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8ddcc7c-3a98-4c53-88c2-c86086417ad6} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8ddcc7c-3a98-4c53-88c2-c86086417ad6} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\inpsp.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vnpsp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\uhedyvt.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\noxaremwcs.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\eblmw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5HN5GTJ1\kksahc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LLQUVKUM\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LLQUVKUM\ggbrzx[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1492185233-2546747359-688579986-7836\hdav.exe (Worm.Autorun.B) -> Delete on reboot.
C:\System Volume Information\_restore{5CFF7841-1DBF-4BBC-BC22-5715FDD74275}\RP885\A0173934.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5CFF7841-1DBF-4BBC-BC22-5715FDD74275}\RP885\A0173935.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5CFF7841-1DBF-4BBC-BC22-5715FDD74275}\RP885\A0173936.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\sisytj32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rnpsp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

Wie sollte ich nun weiter verfahren?

Vielen Dank schonmal.

edit
Nachdem Neustart bekam ich folgende Meldung:
"Fehler beim Laden von vnpsp.dll
Das angegebene Modul wurde nicht gefunden."

edit2
Ups RSIT-Log vergessen. Hier ist es:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-07-21 04:08:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (4%) free of 102 GB
Total RAM: 3070 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:08:16 AM, on 07/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\KMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\DOKUME~1\User\LOKALE~1\Temp\l84alx.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\LifeView TVR\RecSche.exe
C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programme\Slim\Multimedia Keyboard\1.4\KbdAp32A.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX1000.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\hnyvmfigy\hentoggtssd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\DNA\btdna.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Logitech\SetPoint\LU\LULnchr.exe
C:\Programme\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe
C:\Programme\LifeView TVR\remote.exe
C:\Dokumente und Einstellungen\User\Desktop\RSIT.exe
C:\Programme\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youtube.com/TheRandomRipper
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Remote] "C:\Programme\LifeView TVR\remote.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Programme\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ORTEKMKBD] C:\Programme\Slim\Multimedia Keyboard\1.4\KbdAp32A.exe
O4 - HKLM\..\Run: [UVS11 Preload] F:\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TrayServer] F:\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Standby] "C:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [sta] rundll32 "vnpsp.dll",,Run
O4 - HKLM\..\Run: [vryvbwhn] C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\hnyvmfigy\hentoggtssd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RGSC] E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [vryvbwhn] C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\hnyvmfigy\hentoggtssd.exe
O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOKUME~1\User\LOKALE~1\Temp\l84alx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ASUS WiFi-AP Solo.lnk = C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Programme\Common Files\LogiShrd\eReg\Common\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ASUS WiFi-AP Solo.lnk = C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Programme\Common Files\LogiShrd\eReg\Common\eReg.exe (User 'Default user')
O4 - Startup: ASUS WiFi-AP Solo.lnk = C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Programme\Common Files\LogiShrd\eReg\Common\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\User\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - H:\1\CF\Paltalk\Paltalk.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///C:/Dokumente%20und%20Einstellungen/User/Eigene%20Dateien/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///C:/Dokumente%20und%20Einstellungen/User/Eigene%20Dateien/components/A9.ocx
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///C:/Dokumente%20und%20Einstellungen/User/Eigene%20Dateien/components/wmvhdrating.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14525 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KEIN-TQGRWBEWR7-User.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
C:\WINDOWS\tasks\wavepadDowngrade.job
C:\WINDOWS\tasks\wavepadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Remote"=C:\Programme\LifeView TVR\remote.exe [2007-02-15 212992]
"RecSche"=C:\Programme\LifeView TVR\RecSche.exe [2007-02-15 458752]
"RemoteControl"=C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ORTEKMKBD"=C:\Programme\Slim\Multimedia Keyboard\1.4\KbdAp32A.exe [2004-07-19 382464]
"UVS11 Preload"=F:\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd []
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-03-30 267048]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-10-20 198160]
"TrayServer"=F:\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe [2008-08-07 90112]
"VX1000"=C:\WINDOWS\vVX1000.exe [2010-03-12 762736]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"nwiz"=C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"DivXUpdate"=C:\Programme\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"AdobeAAMUpdater-1.0"=C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Standby"=C:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe [2010-03-18 105632]
"AdobeCS4ServiceManager"=C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"sta"=rundll32 vnpsp.dll,,Run []
"vryvbwhn"=C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\hnyvmfigy\hentoggtssd.exe [2010-07-21 311040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"tcyz46"=C:\DOKUME~1\User\LOKALE~1\Temp\l84alx.exe [2010-07-21 41984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1211176]
"BitTorrent DNA"=C:\Programme\DNA\btdna.exe [2009-11-13 323392]
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2010-05-13 26192168]
"RGSC"=E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe [2010-04-13 306088]
"RocketDock"=C:\Programme\RocketDock\RocketDock.exe [2007-09-02 495616]
"vryvbwhn"=C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\hnyvmfigy\hentoggtssd.exe [2010-07-21 311040]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart
ASUS WiFi-AP Solo.lnk - C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe
Logitech . Product Registration.lnk - C:\Programme\Common Files\LogiShrd\eReg\Common\eReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Haegemonia\_HGM.TMP"="E:\Haegemonia\_HGM.TMP:*:Disabled:Haegemonia"
"E:\World of Warcraft\WoW-1.12.0-deDE-downloader.exe"="E:\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"E:\World of Warcraft\WoW-2.2.0-deDE-downloader.exe"="E:\World of Warcraft\WoW-2.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\BearShare Applications\BearShare\BearShare.exe"="C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"E:\WORLD IN CONFLICT\wic.exe"="E:\WORLD IN CONFLICT\wic.exe:*:Enabled:WORLD IN CONFLICT"
"E:\WORLD IN CONFLICT\wic_online.exe"="E:\WORLD IN CONFLICT\wic_online.exe:*:Enabled:WORLD IN CONFLICT - Nur Online"
"E:\WORLD IN CONFLICT\wic_ds.exe"="E:\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:WORLD IN CONFLICT - Dedizierter Server"
"E:\Crysis\Bin32\Crysis.exe"="E:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programme\GameSpy\Comrade\Comrade.exe"="C:\Programme\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"E:\Unreal Tournament 3\Binaries\UT3.exe"="E:\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"E:\Empire Earth III\EE3.exe"="E:\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"="C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\Sins of a Solar Empire\Sins of a Solar Empire.exe"="E:\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA"
"E:\Call of Duty - World at War\CoDWaWmp.exe"="E:\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Call of Duty - World at War\CoDWaW.exe"="E:\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Call of Duty - World at War\CoDWaW (alt).exe"="E:\Call of Duty - World at War\CoDWaW (alt).exe:*:Disabled:Call of Duty(R): World at War Campaign/Coop"
"E:\GTA IV\Game\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\GTA IV\Game\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\GTA IV\Game\Grand Theft Auto IV\GTAIV.exe"="E:\GTA IV\Game\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"H:\CF\Camfrog Video Chat\Camfrog Video Chat.exe"="H:\CF\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"H:\1\CF\ICQ\ICQ6.5\ICQ.exe"="H:\1\CF\ICQ\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\1\CF\Camfrog Video Chat\Camfrog Video Chat.exe"="H:\1\CF\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"H:\1\CF\Paltalk\paltalk.exe"="H:\1\CF\Paltalk\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Programme\NetMeeting\conf.exe"="C:\Programme\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"I:\1\CF\Camfrog Video Chat\Camfrog Video Chat.exe"="I:\1\CF\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"I:\Serien\Deep Space Nine\DS9 - Season 2\Cover\1\1\CF\Camfrog Video Chat\Camfrog Video Chat.exe"="I:\Serien\Deep Space Nine\DS9 - Season 2\Cover\1\1\CF\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"H:\CF\ICQ\ICQ6.5\ICQ.exe"="H:\CF\ICQ\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"H:\CF\Paltalk\paltalk.exe"="H:\CF\Paltalk\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"J:\ICQ6.5\ICQ.exe"="J:\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"E:\Ports of Call\poc2008\Poc3D2008.exe"="E:\Ports of Call\poc2008\Poc3D2008.exe:*:Enabled:Poc3D2008"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Dragon Age\bin_ship\daorigins.exe"="E:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel"
"E:\Dragon Age\DAOriginsLauncher.exe"="E:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher"
"E:\Dragon Age\tools\GffEditor.exe"="E:\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor"
"E:\Dragon Age\tools\ErfEditor.exe"="E:\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor"
"E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Programme\concept design\onlineTV 5\onlineTV.exe"="C:\Programme\concept design\onlineTV 5\onlineTV.exe:*:Enabled:onlineTV"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\concept design\onlineTV 5\onlineTV.exe"="C:\Programme\concept design\onlineTV 5\onlineTV.exe:*:Enabled:onlineTV"

======List of files/folders created in the last 1 months======

2010-07-21 03:59:04 ----D---- C:\rsit
2010-07-21 03:59:04 ----D---- C:\Programme\trend micro
2010-07-21 01:40:22 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
2010-07-21 01:40:15 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-21 01:40:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-07-21 01:40:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-21 01:40:13 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-21 00:28:22 ----A---- C:\WINDOWS\system32\drivers\ibbrg.sys
2010-07-21 00:28:04 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ABF5B0FF62805C4819BF861D0EC6A344
2010-07-09 01:40:02 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-07-02 19:53:05 ----D---- C:\Programme\Zattoo4
2010-06-27 11:13:17 ----A---- C:\WINDOWS\system32\srvany.exe
2010-06-27 11:13:17 ----A---- C:\WINDOWS\KMService.exe
2010-06-25 03:13:13 ----D---- C:\Programme\XP Codec Pack
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\NCTAudioEditor2.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\auth.dll
2010-06-25 01:51:02 ----A---- C:\WINDOWS\system32\advd.dll
2010-06-25 01:51:01 ----D---- C:\Programme\concept design
2010-06-25 01:51:01 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\concept design
2010-06-24 03:14:25 ----D---- C:\Programme\Burn4Free
2010-06-24 03:14:25 ----A---- C:\WINDOWS\system32\B4FM.dll
2010-06-22 20:30:45 ----D---- C:\Programme\Lavalys

======List of files/folders modified in the last 1 months======

2010-07-21 04:07:32 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Skype
2010-07-21 04:00:01 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DNA
2010-07-21 03:59:04 ----D---- C:\Programme
2010-07-21 03:51:50 ----D---- C:\WINDOWS\Temp
2010-07-21 03:50:47 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\skypePM
2010-07-21 03:50:17 ----A---- C:\WINDOWS\RTacDbg.txt
2010-07-21 03:50:15 ----D---- C:\WINDOWS
2010-07-21 03:50:00 ----D---- C:\Programme\DNA
2010-07-21 03:49:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-21 03:48:57 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 03:47:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-21 03:37:08 ----D---- C:\WINDOWS\Minidump
2010-07-21 03:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$
2010-07-21 03:28:01 ----D---- C:\WINDOWS\system32
2010-07-21 03:28:01 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Desktopicon
2010-07-21 03:26:26 ----D---- C:\Downloads
2010-07-21 02:00:37 ----D---- C:\Programme\Mozilla Thunderbird
2010-07-21 01:49:16 ----SHD---- C:\RECYCLER
2010-07-21 00:51:27 ----D---- C:\Programme\Mozilla Firefox
2010-07-21 00:28:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-21 00:00:00 ----D---- C:\Programme\PokerStars
2010-07-20 23:59:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-20 23:56:45 ----D---- C:\WINDOWS\Prefetch
2010-07-19 01:01:09 ----D---- C:\Programme\JDownloader
2010-07-10 04:21:50 ----SHD---- C:\WINDOWS\Installer
2010-07-10 04:21:50 ----SHD---- C:\Config.Msi
2010-07-10 04:09:09 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\vlc
2010-07-09 01:40:02 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-07-09 01:39:50 ----D---- C:\Programme\DVDVideoSoft
2010-07-07 13:02:15 ----D---- C:\Programme\Full Tilt Poker
2010-07-04 20:44:23 ----SD---- C:\WINDOWS\Tasks
2010-07-04 20:44:20 ----D---- C:\WINDOWS\security
2010-07-04 20:43:43 ----D---- C:\WINDOWS\system32\DirectX
2010-07-04 20:43:42 ----HD---- C:\WINDOWS\inf
2010-06-28 00:05:08 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BitTorrent
2010-06-27 11:18:41 ----D---- C:\WINDOWS\system
2010-06-27 11:18:41 ----D---- C:\WINDOWS\msapps
2010-06-27 11:18:41 ----D---- C:\Programme\microsoft frontpage
2010-06-27 11:18:41 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-06-22 21:51:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 ohci1394;Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-08-24 66560]
R0 SI3132;SiI-3132 SATALink Controller; C:\WINDOWS\system32\DRIVERS\SI3132.sys [2005-01-20 67200]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2004-11-02 10368]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-19 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ACEDRV06;ACEDRV06; \??\C:\WINDOWS\system32\drivers\ACEDRV06.sys []
R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys []
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-11 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-26 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-26 25888]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2007-09-11 892032]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-10-05 7655872]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-20 47360]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 176128]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 aqrtjpvh;aqrtjpvh; C:\WINDOWS\system32\drivers\aqrtjpvh.sys []
S3 aswl55a9;aswl55a9; C:\WINDOWS\system32\drivers\aswl55a9.sys []
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cmudau32;C-Media USB UDA Sound Interface; C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-02-10 1391040]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-10-12 23832]
S3 iMSPQMn;iMSPQMn; \??\C:\DOKUME~1\User\LOKALE~1\Temp\iMSPQMn.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-12 1920920]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 LVUVC;QuickCam Communicate Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-10-12 3647384]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PVUSB;CESG502 USB Driver; C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-13 40672]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2010-03-12 1961072]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Capture Device Service;Capture Device Service; C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 DBService;DATA BECKER Update Service; C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KMService;KMService; C:\WINDOWS\system32\srvany.exe [2003-04-18 8192]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-10 66872]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 StarWindServiceAE;StarWind AE Service; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 iPod Service;iPod Service; C:\Programme\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-07-03 133104]
S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-15 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 SwitchBoard;SwitchBoard; C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

No136 · 21.07.2010, 08:44

Habe festgestellt dass Antivir Solution Pro immer noch nicht vollständig entfernt ist. Wollte grad wie in der Anleitung beschrieben den OTHelper (http://www.trojaner-board.de/83878-o...processes.html) downloaden aber der steht nicht mehr zur Verfügung (403 Forbidden! Access to this resource on the server is denied!).

No136 · 21.07.2010, 21:34

Das hat leider nicht so gut geklappt hier. Mache das Sys platt. Sicher ist sicher.

Antivir Solution Pro

Plagegeister aller Art und deren Bekämpfung: Antivir Solution Pro