Windows Security Alert

Darklord · 08.08.2010, 16:02

Hi habe ebenfalls diesen Schädling.

habe bereits einen quick scann und danach einen vollständigen scann mit malwarebyte ausgeführt.

Ebenso mit OTL.

anbei die logs die erzeugt wurden.

Meine frage war es das oder muss ich weitere Schritte ausführen?

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4406

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

08.08.2010 13:14:40
mbam-log-2010-08-08 (13-14-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150552
Laufzeit: 15 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omdoxxwu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omdoxxwu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\uyoliltvn\dlsdjustssd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4406

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

08.08.2010 16:23:26
mbam-log-2010-08-08 (16-23-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 254115
Laufzeit: 2 Stunde(n), 6 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP999\A0528367.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP1014\A0530619.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP1014\A0530665.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B916A41-8485-4A6A-BC69-669605E696B1}\RP1014\A0532638.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.08.2010 16:30:23 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Sascha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 616,00 Mb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 8,63 Gb Free Space | 11,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SASCHA-GABI
Current User Name: Sascha
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Sascha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\TortoiseGit\bin\TGitCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\slserv.exe ( )
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Sascha\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\bin\NJEEVES.EXE File not found
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\System32\CTsvcCDA.exe File not found
SRV - (AVWUpSrv) -- C:\Programme\AVPersonal\AVWUPSRV.EXE File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe File not found
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (License Management Service ESD) -- C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PfModNT) -- C:\WINDOWS\System32\PfModNT.sys File not found
DRV - (jbridgep) -- C:\DOKUME~1\Sascha\LOKALE~1\Temp\jbridgep.sys File not found
DRV - (cdawdm) -- C:\WINDOWS\System32\DRIVERS\CDAWDM.sys File not found
DRV - (AMDPCI) -- C:\DOKUME~1\Sascha\LOKALE~1\Temp\AMDPCI.sys File not found
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys ()
DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys ()
DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMparport) -- C:\WINDOWS\system32\drivers\vmparport.sys (VMware, Inc.)
DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (atjsgt) -- C:\WINDOWS\system32\drivers\atjsgt.sys ()
DRV - (linsgt) -- C:\WINDOWS\system32\drivers\linsgt.sys ()
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ACEDRV06) -- C:\WINDOWS\system32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MOUSEWDFilter) -- C:\WINDOWS\system32\drivers\MOUSEWD.SYS ()
DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (atitray) -- C:\Programme\Radeon Omega Drivers\v2.6.75a\ATI Tray Tools\atitray.sys ()
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (vserial) -- C:\WINDOWS\system32\drivers\vserial.sys ()
DRV - (vsbus) -- C:\WINDOWS\system32\drivers\vsb.sys ()
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (SSHDRV56) -- C:\WINDOWS\system32\drivers\SSHDRV56.sys ()
DRV - (SSHDRV58) -- C:\WINDOWS\system32\drivers\SSHDRV58.sys ()
DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG)
DRV - (hidfltr) -- C:\WINDOWS\system32\drivers\MWhid.sys ()
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (DCamUSBSTK013) -- C:\WINDOWS\system32\drivers\STK013W2.sys (Syntek Ltd.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (odysseyIM3) -- C:\WINDOWS\system32\drivers\odysseyIM3.sys (Funk Software, Inc.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys ( )
DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro )
DRV - (amdtools) -- C:\WINDOWS\system32\drivers\amdtools.sys (AMD, Inc.)
DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (axsaki) -- C:\WINDOWS\system32\drivers\axsaki.sys ( )
DRV - (axskbus) -- C:\WINDOWS\system32\drivers\axskbus.sys ( )
DRV - (uscbs108) -- C:\WINDOWS\system32\drivers\uscbs108.sys ( )
DRV - (uscsc108) -- C:\WINDOWS\system32\drivers\uscsc108.sys ( )
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\p, = preispiratensearchurl %s|-A0|
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\pp2, = preispiratensearchurl %s|-A0|
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\preispirat, = preispiratensearchurl %s|-A0|
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\preispiraten, = preispiratensearchurl %s|-A0|
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://game4.stne.net/Game.aspx|hxxp://game3.stne.net/Game.aspx|hxxp://npc.stne.net/forum/viewtopic.php?f=7&t=684|hxxp://forum.stne.net/viewtopic.php?t=10217&postdays=0&postorder=asc&start=0|hxxp://game4.stne.net/Game.aspx?cr=lXI30fXZr82VtHfI_1pbXtETCiwpe_2xhtOekDrKVjRw70FO4dwD440wyKLZm_1tOQmrRCXw8SMjbYWO68UcHXFtg_3_3|hxxp://forum.stne.net/index.php|hxxp://game4.stne.net/Game.aspx?cr=gcg6yZraFCVMWpCPdBl42rh0htMPJw0unC1yZ78Hx3UndQlq1Qf4ZwF_13fV9VRc_1Xm6dsgJOu90BoTk42muKVA_3_3|hxxp://game3.stne.net/Game.aspx?cr=c_2VtwyUuhMh4t1CIwf8FtsMF7PnW8imfIppo9TUKK8sZz7Ap2_1_2kzVLdcEgSIbo8Tm4a79TvVpF3FOY5fTlHsNEaK93_1nxSBRcn04jFxlBw_3|hxxp://game3.stne.net/Game.aspx?cr=to8YulDY11Rhf752NIm0lffFe1rR7SrfN3W1f2TabW4985rejUaKH09jg63sisXjWmvMzD2fwmvr9P99PfMpY_2D1Hm6JP2mRWeXq1BQEvYxHS9dHW6VrBfHcALCE820_1yo8toRaXqDJ6mQ0LyV41JA_3_3|hxxp://game3.stne.net/Game.aspx?cr=IzuL7lnEqI56cMmiQ4WODhcq7beefom9zgmf3nUHHxgklYEjNbZcpNnMv3zy_2Ow1cFNG1uLvrHul6OEHECuWjXaTYIwqYokZ43iGyu6tWHyhe1csj6PQLL8VfvXDPvGGRWGBCDq36qIsUTlWW4M4pw_3_3|hxxp://chat.stne.net/chat/?user=DE4-4&session=059a68bdfb6b74e24a1a630674213696|hxxp://chat.stne.net/chat/?user=DE4-4&session=2896f88b67c9a086e64dd531f1b0643a#"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {fbe90e7a-2b2e-6a58-e1d1-43c1919546b7}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..network.proxy.ftp: "192.168.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.168.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.26 18:29:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.26 18:29:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.08.07 21:55:52 | 000,000,000 | ---D | M]
 
[2008.07.07 19:00:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Extensions
[2010.08.06 18:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions
[2009.08.13 16:36:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.25 15:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.08.20 16:54:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.08.20 16:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.20 16:54:48 | 000,000,000 | ---D | M] (FireFTP [de]) -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009.06.29 10:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\de_DE@dicts.j3e.de
[2009.08.20 16:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\staged-xpis
[2009.02.08 20:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\extensions\toolbar@ask.com
[2010.07.19 21:20:54 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-1.xml
[2010.02.27 18:57:17 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-10.xml
[2010.07.22 23:40:30 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-11.xml
[2009.08.09 14:51:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-2.xml
[2009.08.11 17:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-3.xml
[2009.08.20 17:10:11 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-4.xml
[2009.08.21 16:05:59 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-5.xml
[2009.11.01 00:41:59 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-6.xml
[2009.11.08 03:05:33 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-7.xml
[2009.12.25 12:06:27 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-8.xml
[2010.01.14 12:21:44 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin-9.xml
[2009.07.24 17:05:52 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\icqplugin.xml
[2010.03.23 22:25:32 | 000,000,261 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\qqcta64n.default\searchplugins\Search.xml
[2010.08.08 12:49:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 20:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.23 22:25:28 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Programme\Mozilla Firefox\extensions\{fbe90e7a-2b2e-6a58-e1d1-43c1919546b7}
[2010.08.07 21:57:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2004.02.20 22:14:09 | 000,176,177 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.24 00:25:47 | 000,000,839 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 192.168.178.24 stgc
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PreispiratenSearchURL) - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O2 - BHO: (metaspinner media GmbH) - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll ()
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll (TODO: <Company name>)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe File not found
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [mspd] C:\WINDOWS\system32\mspd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPCTray] C:\Programme\Norman\npc\bin\npc_tray.exe File not found
O4 - HKLM..\Run: [OdTray.exe] C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WireLessMouse] C:\Programme\12024SC Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKCU..\Run: [{14755657-6E55-80E8-6740-CF1CE149C22C}] C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Aqfoih\emmuy.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Sascha\Startmenü\Programme\Autostart\Ubisoft register.lnk = C:\Programme\Ubisoft\Register\schedule.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\Sascha\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html ()
O9 - Extra Button: Get More Games - {120CC99A-8016-42d4-93AF-8C5FE64FE4E3} -  File not found
O9 - Extra 'Tools' menuitem : Get More Games - {120CC99A-8016-42d4-93AF-8C5FE64FE4E3} -  File not found
O9 - Extra Button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Programme\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Programme\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.20 23:05:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{319205c2-57ff-11da-af0d-00030d20d9fd}\Shell - "" = AutoRun
O33 - MountPoints2\{319205c2-57ff-11da-af0d-00030d20d9fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{319205c2-57ff-11da-af0d-00030d20d9fd}\Shell\AutoRun\command - "" = E:\LaunchBFII.exe -- File not found
O33 - MountPoints2\{cc228f06-4d70-11da-af06-00030d20d9fd}\Shell - "" = AutoRun
O33 - MountPoints2\{cc228f06-4d70-11da-af06-00030d20d9fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc228f06-4d70-11da-af06-00030d20d9fd}\Shell\AutoRun\command - "" = E:\LaunchBFII.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.08 13:45:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sascha\Desktop\OTL.exe
[2010.08.08 12:55:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Malwarebytes
[2010.08.08 12:54:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.08 12:54:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.08 12:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.08 12:54:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.07 22:18:52 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.08.07 21:54:42 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.08.07 21:54:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2010.08.07 18:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\uyoliltvn
[2010.08.05 17:44:24 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts
[2010.07.19 19:11:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Eigene Dateien\Downloads
[2010.07.19 18:46:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Eigene Dateien\My Music
[2010.07.18 00:51:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\WB Games
[2010.07.17 23:31:32 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010.07.17 23:31:32 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010.07.17 23:31:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010.07.17 23:31:27 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010.07.17 23:31:27 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010.07.17 23:31:23 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010.07.17 23:31:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010.07.17 23:31:21 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010.07.17 23:31:21 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010.07.17 23:31:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010.07.17 23:31:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010.07.17 23:31:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010.07.17 23:31:15 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010.07.17 23:31:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010.07.17 23:31:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010.07.17 23:31:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010.07.17 23:31:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010.07.17 23:31:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010.07.17 23:31:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010.07.17 23:31:06 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010.07.17 23:31:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010.07.17 23:31:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010.07.17 23:31:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010.07.17 23:30:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010.07.17 23:30:56 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010.07.17 23:30:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010.07.17 23:30:54 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010.07.17 23:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.07.17 22:49:40 | 000,000,000 | ---D | C] -- C:\Programme\WB Games
[2010.07.13 20:49:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.11 23:29:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Imperium Romanum
[2010.07.11 20:36:18 | 000,000,000 | ---D | C] -- C:\Programme\Kalypso
[2005.01.19 07:02:21 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005.01.19 06:51:56 | 000,566,256 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005.01.19 06:51:56 | 000,087,656 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2005.01.19 06:51:56 | 000,015,712 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2005.01.19 06:51:55 | 001,299,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005.01.19 06:51:55 | 000,226,288 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005.01.19 06:51:55 | 000,180,368 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2005.01.19 06:51:55 | 000,014,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2003.03.30 21:38:18 | 000,102,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axsaki.sys
[2003.03.28 11:58:42 | 000,008,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axskbus.sys
[2003.03.09 18:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll
[2003.03.09 18:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys
[2003.03.09 18:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.08 16:26:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.08 16:26:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.08 16:24:22 | 014,417,920 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\ntuser.dat
[2010.08.08 16:24:22 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sascha\ntuser.ini
[2010.08.08 16:01:06 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.08.08 13:44:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sascha\Desktop\OTL.exe
[2010.08.08 12:54:51 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 01:04:32 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010.08.07 22:49:04 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.08.07 22:49:04 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.08.07 22:18:52 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.08.06 17:52:12 | 000,004,267 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\.recently-used.xbel
[2010.08.05 18:17:16 | 000,001,984 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Harry Potter und der Halbblut-Prinz™.lnk
[2010.08.04 12:28:20 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.02 00:12:54 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.26 18:29:52 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.07.18 22:42:10 | 000,000,224 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.07.18 21:53:57 | 000,010,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Eigene Dateien\Essensplan.xlr
[2010.07.18 21:53:57 | 000,004,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\wklnhst.dat
[2010.07.17 23:25:57 | 000,001,813 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LEGO® Harry Potter™ starten.lnk
[2010.07.11 20:36:22 | 000,000,860 | ---- | M] () -- C:\Dokumente und Einstellungen\Sascha\Desktop\Imperium Romanum.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.08 12:54:51 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.07 21:56:54 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.08.07 21:56:53 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.08.06 17:52:12 | 000,004,267 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\.recently-used.xbel
[2010.07.26 18:29:52 | 000,001,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.07.17 23:25:57 | 000,001,813 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LEGO® Harry Potter™ starten.lnk
[2010.07.11 20:36:22 | 000,000,860 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Desktop\Imperium Romanum.lnk
[2010.05.13 12:53:53 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.09.29 22:33:19 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.03.28 14:35:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2008.08.31 16:02:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2008.08.31 14:15:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008.08.15 16:26:07 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.08.15 16:26:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.08.05 19:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2008.08.05 19:51:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008.08.05 19:45:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2008.08.05 01:43:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2008.06.26 22:10:46 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008.05.25 16:37:45 | 000,165,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atjsgt.sys
[2008.05.25 16:37:44 | 000,016,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\linsgt.sys
[2007.11.14 20:18:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007.10.12 23:20:06 | 000,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.08.12 18:23:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.06.19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.06.12 13:33:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007.06.03 20:16:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.05.25 12:37:29 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclcmg32.dll
[2007.05.24 12:56:04 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.05.24 12:56:04 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd1037.sys
[2007.04.20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.12.09 16:18:35 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\MOUSEWD.SYS
[2006.06.26 12:31:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.04.29 19:51:39 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2006.04.23 12:49:51 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Rally.INI
[2006.04.23 12:27:38 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.04.23 12:27:37 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006.02.13 07:37:19 | 000,000,320 | ---- | C] () -- C:\WINDOWS\Sfc3ng.ini
[2005.09.14 12:46:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005.09.14 12:46:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005.09.14 12:46:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005.09.14 12:41:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.08.11 20:21:58 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2005.07.18 14:34:22 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys
[2005.07.18 14:34:20 | 000,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys
[2005.07.17 20:38:27 | 000,000,641 | ---- | C] () -- C:\WINDOWS\GCAINSTX.INI
[2005.07.17 20:38:02 | 000,000,159 | ---- | C] () -- C:\WINDOWS\EP24.INI
[2005.07.08 23:37:13 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Sta2.INI
[2005.07.06 20:21:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\StationRipper.INI
[2005.06.17 20:08:51 | 000,032,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\STK013W1.sys
[2005.05.24 22:12:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\mlcrs0ft.dll
[2005.05.10 11:46:22 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SCNDRVP.INI
[2005.05.04 21:39:40 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.04.10 11:37:07 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005.03.19 12:58:05 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005.03.07 21:59:29 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV56.sys
[2005.03.06 14:30:21 | 000,000,119 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2005.03.01 13:47:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.03.01 13:43:14 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.02.28 08:04:12 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV58.sys
[2005.02.27 13:32:15 | 000,000,224 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.02.26 21:53:14 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.02.24 20:50:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.02.24 20:50:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.02.24 20:50:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.02.24 20:50:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.02.24 20:50:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.02.24 20:50:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.01.19 07:05:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.01.19 07:02:21 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005.01.19 07:02:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005.01.19 07:02:21 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005.01.19 06:51:57 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.01.19 06:51:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005.01.19 06:51:56 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005.01.19 06:51:55 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004.11.03 12:20:24 | 000,013,332 | ---- | C] () -- C:\WINDOWS\System32\drivers\MWhid.sys
[2004.10.09 08:42:35 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasacd.sys
[2004.10.09 08:42:33 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2004.10.09 08:40:49 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.10.09 08:40:30 | 001,868,868 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL
[2004.10.09 08:40:23 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.10.09 08:36:35 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.05.10 10:47:24 | 000,072,840 | ---- | C] () -- C:\WINDOWS\System32\GS_ActiveReg.dll
[2004.02.11 12:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BlackKey.dll
[2004.01.22 13:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003.03.27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002.07.17 09:21:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VDIError.dll
[2002.07.17 09:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VCkNFS.dll
[2002.07.16 15:11:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Chkmes.dll
[2001.09.24 11:00:00 | 000,000,018 | ---- | C] () -- C:\WINDOWS\bcm.ini
[1999.04.23 22:22:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:FE0200471BEF66C3
@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:466F9D5D
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 08.08.2010 16:30:23 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Sascha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 616,00 Mb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 8,63 Gb Free Space | 11,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SASCHA-GABI
Current User Name: Sascha
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Programme\Git\bin\wish.exe" "C:\Programme\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\WINDOWS\system32\cmd.exe" /c "pushd "%1" && "C:\Programme\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Westwood\SUN\game.exe" = C:\Westwood\SUN\game.exe:*:Disabled:Main executable for Tiberian Sun -- File not found
"C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- File not found
"C:\Programme\FarStone\VirtualDrive\MGR.exe" = C:\Programme\FarStone\VirtualDrive\MGR.exe:*:Disabled:VirtualDrive MGR -- File not found
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- File not found
"C:\Programme\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Programme\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Computer, Inc.)
"C:\Programme\Anno 1701\Anno1701.exe" = C:\Programme\Anno 1701\Anno1701.exe:*:Disabled:Anno 1701 -- File not found
"C:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = C:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Sega\Universe At War Earth Assault\UAWEA.exe" = C:\Programme\Sega\Universe At War Earth Assault\UAWEA.exe:*:Enabled:Universe at War Earth Assault -- File not found
"C:\Programme\Battlestations Midway\Battlestationsmidway.exe" = C:\Programme\Battlestations Midway\Battlestationsmidway.exe:*:Disabled:Battlestationsmidway -- File not found
"C:\Programme\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = C:\Programme\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne -- File not found
"C:\Programme\EA Games\MOHAA\MOHAA.exe" = C:\Programme\EA Games\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm) -- File not found
"C:\Programme\VMware\VMware Workstation\vmware-authd.exe" = C:\Programme\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{04659CB9-7B98-4381-8774-B023304B0A04}" = Maximum Copy
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1198DF3B-9322-11D5-8EE9-0050DACFBEBC}" = Dominion Wars
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{286C22B5-F75E-420D-81B8-983D95B9F100}" = Odyssey Client for Fujitsu Siemens Computers
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{2F777846-187B-4674-B3D6-B286A9CD84F9}" = Battlecruiser Millennium FREEWARE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E0053BC-AFF6-4AD9-81DA-01209648465E}" = X2 Modder v0.2
"{3E8EDCF6-4B62-42CF-A4DD-49700E93134F}" = AMD CPUInfo
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{40A0ED36-C895-4783-87AD-85ABB7FB6B2A}" = Preispiraten
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5FF50E1A-4E6D-454B-BA00-6E15D6216BFB}" = Wildlife Park Gold
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{664FF9A8-7E44-4E17-AD40-D10E15504C49}" = Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6BC0CDD6-E0C2-434D-9365-23E79E42DA95}" = Battlestations: Midway
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7268EDA7-6165-11D8-B095-009027EC0701}" = X6-38V Dual Analog Rumble Pad
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CC4631-B04D-4AD2-BA55-05EA00BD73B1}" = STK013_V2.01
"{78FAAF25-07DA-11D9-B095-009027EC0701}" = MegaStore
"{7CEE2BFB-5F6B-48C9-9348-D2C9D46ADDD7}" = Lauras Tierklinik
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{858EBD47-9C14-4158-8D2A-1E3B78E7CD17}" = O2Micro MemoryCardBus Windows Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33654D9-1D8C-4213-A10F-98690B6F10B6}" = AotR 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A758BE2B-BF83-4769-8800-3B7408A226C1}" = Minigolf One Shot
"{A918DE8A-98C8-0920-0000-000000270014}" = Siemens C72 USB - Handset Manager V9.2
"{A918DE8A-98C8-0920-0000-000000270015}" = Siemens S75-SL75 USB - Handset Manager V9.2
"{A963F2D0-62A3-4EA7-950E-B35C152091E4}" = Breakball
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B8C4417A-1CB7-4EB1-A668-F96BACD2F1C9}" = X² Archiver
"{C0271B80-4B2F-480D-BBFC-1217EDAA3BF6}" = 12024SC Mouse Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C154195A-42FD-4C4D-8F65-79521C3AE0FE}" = Puzzle
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4
"{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D2BFA6FC-1997-4971-AA5A-069546572C7F}" = Guild 2 Patch 1.4
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{E1AA0062-5EB2-4ECE-8408-ADB88C5F34A7}" = Marine Park Empire
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E6A0986D-3244-4AB7-BE29-11500E68EF46}" = MPEG2 Video Encoder
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB66C774-5CFC-41F6-9C03-CE4F9037150A}" = TortoiseGit 0.5.1.0 (32 bit)
"{ECB4D56B-E365-4922-AC0F-70CF770443A3}" = EAWMapEditor
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter und der Halbblut-Prinz™
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"2M Tetrix Collection" = 2M Tetrix Collection
"3E9-bQu-f_-y1L" = LoudMo Contextual Ad Assistant
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online de" = AOL Deutschland
"AOL Connectivity Services" = AOL Optimized Dial-In
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"Caterpillar_is1" = Caterpillar
"Civilization4 Caesium Modifikation_is1" = Caesium Mod 1.29 for 1.61 beta v.c Uninstall
"CloneCD" = CloneCD
"EasyEclipse for Ruby and Rails 1.2.2.2" = EasyEclipse for Ruby and Rails 1.2.2.2
"EaW Addon_is1" = EaW Space Addon Version 1.0
"Edges_is1" = Edges 1.1
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps
"gamedata" = gamedata
"GameSpy Arcade" = GameSpy Arcade
"Git_is1" = Git 1.6.2.2-preview20090408
"GreenRibbon_is1" = GreenRibbon 1.2 (build 1.2.1.87)
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imperium Romanum" = Imperium Romanum 1.04 Gold Edition
"Indeo® software" = Indeo® software
"InfraRecorder" = InfraRecorder
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{7268EDA7-6165-11D8-B095-009027EC0701}" = X6-38V Dual Analog Rumble Pad
"InstallShield_{78FAAF25-07DA-11D9-B095-009027EC0701}" = MegaStore
"InstallShield_{858EBD47-9C14-4158-8D2A-1E3B78E7CD17}" = O2Micro MemoryCardBus Windows Driver
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"InstallShield_{C0271B80-4B2F-480D-BBFC-1217EDAA3BF6}" = 12024SC Mouse Driver
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"InterActual Player" = InterActual Player
"Lemmings Revolution" = Lemmings Revolution
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LucasArts' Balance of Power" = LucasArts' Balance of Power
"LucasArts' Star Wars Rebellion" = LucasArts' Star Wars Rebellion
"LucasArts' The Phantom Menace" = LucasArts Die Dunkle Bedrohung
"LucasArts' X-Wing vs. TIE Fighter" = LucasArts' X-Wing vs. TIE Fighter
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MAGIX Digital Foto Maker (2005) SE" = MAGIX Digital Foto Maker (2005) SE
"MAGIX Media Suite - Standard Edition" = MAGIX Media Suite - Standard Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MC60 USB-Handset Manager" = MC60 USB-Handset Manager
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Meine Tierarztpraxis" = Meine Tierarztpraxis (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP3 V2.611" = MP3 V2.611
"MSNINST" = MSN
"MultiRes (remove only)" = MultiRes (remove only)
"National Geographic - Herod's Lost Tomb/DE-German_is1" = National Geographic: Herod's Lost Tomb
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2 SE
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDFCreator Toolbar" = PDFCreator Toolbar
"PipeFun 2_is1" = PipeFun 2 v1.0
"Puzzle Blast_is1" = Puzzle Blast ver 1.3
"Radeon Omega Drivers for Windows 2k/XPv2.6.75a" = Radeon Omega Drivers v2.6.75a Setup Files and Tools
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"RealPlayer 6.0" = RealPlayer Basic
"Rolling Marbles" = Rolling Marbles
"RotoBlox_is1" = RotoBlox version 1.7
"Samantha Swift and the Mystery From Atlantis" = Samantha Swift and the Mystery From Atlantis
"SDvdCopy" = Super DVD Copy (remove only)
"Seasons_is1" = Seasons 1.2
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SL55 USB-Handset Manager" = SL55 USB-Handset Manager
"SLAMRNTV" = Smart Link 56K Modem
"Solitaire Quest 450_is1" = Solitaire Quest 450
"Star Wars - Empire at War - Space AddOn_is1" = Version 2.0
"StationRipper" = StationRipper 2.23
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Tarr Chronicles_is1" = Tarr Chronicles
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"tetristation_is1" = TetriStation v1.0
"Tetrix Collection_is1" = Tetrix Collection
"Trillian" = Trillian
"Uninstaller_B27D0000_DATA BECKER Maximum Copy" = DATA BECKER Maximum Copy (Shared Components)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VMCoolumns_is1" = VMCoolumns version 3.50
"VMware_Workstation" = VMware Workstation
"WIC" = Windows Imaging Component
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR Archivierer
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WOLAPI" = Westwood Shared Internet Components
"X Plugin Manager" = X Plugin Manager 2.12
"X Script Manager" = X Script Manager 1.75
"X2 Editor" = X2 Editor
"x2_allinone_bonus_package_is1" = X² All In One Bonuspaket 1.04
"X3 Editor" = X3 Editor
"X3TerranConflict_is1" = X3 Terran Conflict v2.0
"X3TerranConflictRDemo_is1" = X3 Terran Conflict Rolling Demo
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2792CBEF-15D2-4E2E-8A0F-4D896DBE9607}" = WISO Sparbuch 2009
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2010 03:56:44 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.08.2010 03:56:44 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 08.08.2010 03:57:45 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.08.2010 03:57:45 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.08.2010 03:57:45 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server returned an invalid or unrecognized
 response  .
 
Error - 08.08.2010 07:42:01 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.08.2010 07:42:01 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.08.2010 07:42:03 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 08.08.2010 07:42:03 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.08.2010 07:42:03 | Computer Name = SASCHA-GABI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
[ System Events ]
Error - 08.08.2010 07:19:43 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   gagp30kx
 
Error - 08.08.2010 09:32:52 | Computer Name = SASCHA-GABI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 08.08.2010 09:33:11 | Computer Name = SASCHA-GABI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 08.08.2010 09:33:21 | Computer Name = SASCHA-GABI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 08.08.2010 10:27:39 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AOL Connectivity Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 08.08.2010 10:27:39 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVir Update" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%3
 
Error - 08.08.2010 10:27:39 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Creative Service for CDROM Access" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 08.08.2010 10:27:39 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PfModNT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.08.2010 10:28:48 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   gagp30kx
 
Error - 08.08.2010 10:29:31 | Computer Name = SASCHA-GABI | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
 
< End of report >

--- --- ---

StLB · 08.08.2010, 19:14

Hi und

!

Top Vorarbeit

Bitte mal folgende Schritte abarbeiten:

1.) Ask-Toolbar deinstallieren

Klicke auf Start -> Systemsteuerung -> Software
Suche AskBarDis auf der Liste und klicke auf Entfernen

Entferne noch folgenden Ordner:
C:\Programme\AskBarDis

2.) Rootkitscan mit GMER

Rootkit – Was ist das?

Vor/Während des Scans bitte:

alle Verbindungen trennen (LAN, WLAN, etc.)
alle anderen Virenscanner temporär deaktivieren
die Maus sollte nicht bewegen.

GMER anwenden:

Lade Dir GMER von hier herunter.

Schliesse alle Programme!
Starte GMER (Programm hat einen zufälligen Dateinamen, s.o.)
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Wichtig: Bitte alle offenen programme schließen!
1. Starte den Scan mit "Scan".
Wenn der Scan beendet wurde, klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "OK" wird GMER beendet.
Füge (STRG+V) das Log aus der Zwischenablage in Deine Antwort hier in Deinem Thema ein.
Nach dem Scan: Antiviren-Programm und sonstige Scanner wieder einschalten!

Poste mir bitte dann das GMER-Log.

Darklord · 08.08.2010, 20:55

ASK Toolbar gelöscht.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-08 21:52:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\Sascha\LOKALE~1\Temp\uwryrpoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwAdjustPrivilegesToken [0xAFDE458C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwClose [0xAFDE4E0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwConnectPort [0xAFDE5922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateEvent [0xAFDE5E94]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateFile [0xAFDE50EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateKey [0xAFDE3436]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateMutant [0xAFDE5D6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateNamedPipeFile [0xAFDE4192]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreatePort [0xAFDE5C28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateSection [0xAFDE434E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateSemaphore [0xAFDE5FC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateSymbolicLinkObject [0xAFDE7C08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateThread [0xAFDE4AAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwCreateWaitablePort [0xAFDE5CCA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwDebugActiveProcess [0xAFDE75FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwDeleteKey [0xAFDE39FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwDeleteValueKey [0xAFDE3D88]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwDeviceIoControlFile [0xAFDE5576]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwDuplicateObject [0xAFDE85CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwEnumerateKey [0xAFDE3ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwEnumerateValueKey [0xAFDE3F74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwFsControlFile [0xAFDE5382]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwLoadDriver [0xAFDE768C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwLoadKey [0xAFDE3412]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwLoadKey2 [0xAFDE3424]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwMapViewOfSection [0xAFDE7CBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwNotifyChangeKey [0xAFDE40C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenEvent [0xAFDE5F36]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenFile [0xAFDE4E8E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenKey [0xAFDE35DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenMutant [0xAFDE5E04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenProcess [0xAFDE4792]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenSection [0xAFDE7C32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenSemaphore [0xAFDE6068]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwOpenThread [0xAFDE46B6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwQueryKey [0xAFDE401E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwQueryMultipleValueKey [0xAFDE3C46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwQuerySection [0xAFDE7FD4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwQueryValueKey [0xAFDE3896]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwQueueApcThread [0xAFDE7922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwRenameKey [0xAFDE3B0E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwReplaceKey [0xAFDE32B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwReplyPort [0xAFDE63F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwReplyWaitReceivePort [0xAFDE62B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwRequestWaitReplyPort [0xAFDE739A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwRestoreKey [0xAFDEAE2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwResumeThread [0xAFDE84AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSaveKey [0xAFDE3248]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSecureConnectPort [0xAFDE565C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSetContextThread [0xAFDE4CC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSetInformationToken [0xAFDE6C4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSetSecurityObject [0xAFDE7786]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSetSystemInformation [0xAFDE8114]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSetValueKey [0xAFDE371E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSuspendProcess [0xAFDE81F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSuspendThread [0xAFDE8320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwSystemDebugControl [0xAFDE7526]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwTerminateProcess [0xAFDE490A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwTerminateThread [0xAFDE4860]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwUnmapViewOfSection [0xAFDE7E8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             ZwWriteVirtualMemory [0xAFDE49EA]

INT 0x01        \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)                            F63704F6
INT 0x03        \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)                            F637059C

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                             IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                                          804E9FA0 5 Bytes  JMP AFDD94DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                                             804EE87E 5 Bytes  JMP AFDD98B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!ZwCallbackReturn + 2434                                                                                              80501C6C 16 Bytes  [4E, 43, DE, AF, C6, 5F, DE, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 24F0                                                                                              80501D28 12 Bytes  [8C, 76, DE, AF, 12, 34, DE, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 266C                                                                                              80501EA4 16 Bytes  [0E, 3B, DE, AF, B0, 32, DE, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2760                                                                                              80501F98 12 Bytes  [F8, 81, DE, AF, 20, 83, DE, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 27C0                                                                                              80501FF8 4 Bytes  JMP 44AFDE49 
?               nyamjebr.sys                                                                                                                      Das System kann die angegebene Datei nicht finden. !
?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                              Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
?               C:\WINDOWS\System32\Drivers\SPTD1037.SYS                                                                                          Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                          section is writeable [0xF61FA000, 0x175176, 0xE8000020]
init            C:\WINDOWS\system32\drivers\o2mmb.sys                                                                                             entry point in "init" section [0xF370A320]
.text           C:\WINDOWS\system32\drivers\ACEDRV06.sys                                                                                          section is writeable [0xAD43C000, 0x319AA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV06.sys                                                                                          entry point in ".pklstb" section [0xAD47F000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV06.sys                                                                                          unknown last section [0xAD49A000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                                          section is writeable [0xAD3DA000, 0x328BA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                                          entry point in ".pklstb" section [0xAD41E000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                                          unknown last section [0xAD43A000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\DRIVERS\atjsgt.sys                                                                                            section is writeable [0xAC1AA300, 0x220A0, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\linsgt.sys                                                                                            section is writeable [0xAC4EC300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                [F744CA32] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                        [F744CB6E] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                               [F744CAF6] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                       [F744D6CC] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                               [F744D5A2] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                [F746EC82] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                           [AF8B6D50] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                           [AF8B6D50] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                            87388E30

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                          kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                           VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{6BB11B00-C25D-4105-BB58-1CA799A83DC1}                                                          86F712F0
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                  hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                  hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                  hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-3                                                                                                   hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                            873D34F0
Device          \Driver\Cdrom \Device\CdRom0                                                                                                      8719E0E8
Device          \FileSystem\Rdbss \Device\FsWrap                                                                                                  86FBFD30
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                       [F73A7B40] atapi.sys[unknown section] {MOV EAX, 0x873d3158; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7461442; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                [F73A7B40] atapi.sys[unknown section] {MOV EAX, 0x873d3158; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7461442; RET }
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                [F73A7B40] atapi.sys[unknown section] {MOV EAX, 0x873d3158; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7461442; RET }
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                                       [F73A7B40] atapi.sys[unknown section] {MOV EAX, 0x873d3158; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7461442; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                           86F712F0
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                  86F712F0
Device          \Driver\usbhub \Device\000000b8                                                                                                   hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000b9                                                                                                   hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\Disk \Device\Harddisk0\DR0                                                                                                873880E8

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                       kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                  hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                  hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                 86FFC878
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                  hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                       86FFC878
Device          \Driver\usbhub \Device\000000ba                                                                                                   hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                                86F6D0E8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                  873D34F0
Device          \FileSystem\Msfs \Device\Mailslot                                                                                                 86FE40E8
Device          \FileSystem\Cdfs \Cdfs                                                                                                            86DE10E8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0                                                                                93464410
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                411757862
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                -1371461225
Reg             HKLM\SOFTWARE\Classes\CLSID\{55F14934-4041-C398-8B4A-1CA3DA4C102D}\InprocServer32@                                                C:\WINDOWS\system32\dxtmsft.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{55F14934-4041-C398-8B4A-1CA3DA4C102D}\InprocServer32@ThreadingModel                                  Both
Reg             HKLM\SOFTWARE\Classes\CLSID\{55F14934-4041-C398-8B4A-1CA3DA4C102D}\ProgID@                                                        DXImageTransform.Microsoft.CrBlinds.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{55F14934-4041-C398-8B4A-1CA3DA4C102D}\ToolBoxBitmap32@                                               C:\WINDOWS\system32\dxtmsft.dll,235
Reg             HKLM\SOFTWARE\Classes\CLSID\{55F14934-4041-C398-8B4A-1CA3DA4C102D}\VersionIndependentProgID@                                      DXImageTransform.Microsoft.CrBlinds
Reg             HKLM\SOFTWARE\Classes\CLSID\{62B8F99B-9995-1F2B-0104-B4384B2A91E7}\InprocServer32@                                                C:\WINDOWS\system32\quartz.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{62B8F99B-9995-1F2B-0104-B4384B2A91E7}\InprocServer32@ThreadingModel                                  Both
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\InprocServer32@ThreadingModel                                  Both
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\InprocServer32@                                                mscoree.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\InprocServer32\1.1.4322                                        
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\InprocServer32\1.1.4322@ImplementedInThisVersion               
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\InprocServer32\1.1.4322@                                       1.1.4322
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\ProgID@                                                        SymWriter.pdb
Reg             HKLM\SOFTWARE\Classes\CLSID\{68FB691C-BCFE-EC79-B26A-F74DBAA8A719}\Server@                                                        diasymreader.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC7B7CEA-0923-22B4-890D-B08AEFA777EF}\InprocServer32@                                                C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientControl.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC7B7CEA-0923-22B4-890D-B08AEFA777EF}\InprocServer32@InprocServer32                                  ?,A~0ybU794ihl7j]lA!DefaultProgram>1c7vfr]m+?c[F=(({8B(?
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC7B7CEA-0923-22B4-890D-B08AEFA777EF}\InprocServer32@ThreadingModel                                  Both
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC7B7CEA-0923-22B4-890D-B08AEFA777EF}\ProgID@                                                        OdClientControl.OdClientEngine.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC7B7CEA-0923-22B4-890D-B08AEFA777EF}\TypeLib@                                                       {17689671-9839-463D-9DAC-2800AA4D74F5}
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC7B7CEA-0923-22B4-890D-B08AEFA777EF}\VersionIndependentProgID@                                      OdClientControl.OdClientEngine
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1018-b94a-8f10fa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1018-b94a-8f10fa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1018-b94a-8f10fa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1018-b94a-8f10fa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-16dd-00fd-b5dbfa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-16dd-00fd-b5dbfa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-16dd-00fd-b5dbfa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-16dd-00fd-b5dbfa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2569-a67b-a395fa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2569-a67b-a395fa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2569-a67b-a395fa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2569-a67b-a395fa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3035-8a52-05c5fa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3035-8a52-05c5fa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3035-8a52-05c5fa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3035-8a52-05c5fa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-6d5f-c409-a1a2fa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-6d5f-c409-a1a2fa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-6d5f-c409-a1a2fa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-6d5f-c409-a1a2fa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9af0-87d1-5a83fa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9af0-87d1-5a83fa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9af0-87d1-5a83fa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9af0-87d1-5a83fa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d3ee-6f98-0694fa7f045f}\InprocServer32                                                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d3ee-6f98-0694fa7f045f}\InprocServer32@Class                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d3ee-6f98-0694fa7f045f}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d3ee-6f98-0694fa7f045f}\InprocServer32@                                                C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\InprocServer32@                                                C:\WINDOWS\system32\msvidctl.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\ProgID@                                                        MSVidCtl.MSVidAnalogTunerDevice.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\TypeLib@                                                       {B0EDF154-910A-11D2-B632-00C04F79498E}
Reg             HKLM\SOFTWARE\Classes\CLSID\{E7D5F225-A45F-2BBC-12AA-A5B5B09DE6C2}\VersionIndependentProgID@                                      MSVidCtl.MSVidAnalogTunerDevice
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cat\OpenWithProgids@X\xb2 Archive                               

---- EOF - GMER 1.0.15 ----

--- --- ---

Windows Security Alert

Plagegeister aller Art und deren Bekämpfung: Windows Security Alert