Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 24.10.2010, 21:07   #16
victimripper
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



GMER LOG FILE
-------------------------------------------
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-24 20:55:51
Windows 5.1.2600 Service Pack 2
Running: vmrv41ue.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\kgediaob.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                        ZwCreateThread [0xF2C86C60]
SSDT            \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                        ZwMapViewOfSection [0xF2C868F0]
SSDT            \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                        ZwShutdownSystem [0xF2C86E90]
SSDT            \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)                        ZwTerminateProcess [0xF2C86E20]

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                 section is writeable [0xF5EDF360, 0x22678D, 0xE8000020]
init            C:\Programme\BullGuard Software\BullGuard\reconn.sys                                                     entry point in "init" section [0xF7DB7100]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                      [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                       [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                  [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                 [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                      [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                     [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                               [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                 [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                   [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                        [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                       [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                  [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                      [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                       [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                        [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                         [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                    [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                 [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                   [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                        [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                       [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                      [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                       [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                  [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                  [F75D8B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                [F75D8C80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                      [F75D8D80] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                       [F75D8D20] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Devices - GMER 1.0.15 ----

Device          \Driver\Tcpip \Device\Ip                                                                                 wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Tcpip \Device\Tcp                                                                                wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                reconn.sys

Device          \Driver\Tcpip \Device\Udp                                                                                wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device          \Driver\Tcpip \Device\RawIp                                                                              wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                        wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y!  71230

---- EOF - GMER 1.0.15 ----
         
--- --- ---



-------------------------------------------------------------------------
OSAM LOG FILE
-------------------------------------------------------------------------
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:02:27 on 24.10.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Microsoft Corporation" - C:\WINDOWS\system32\autochk.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
"CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe
"WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl
"ALSndMgr.Cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSndMgr.Cpl
"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
"bthprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\bthprops.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl
"firewall.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\firewall.cpl
"GtmNicApp.cpl" - ? - C:\WINDOWS\system32\GtmNicApp.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl
"inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl
"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl
"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl
"netsetup.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\netsetup.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"nwc.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nwc.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl
"prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl
"RTSndMgr.Cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.Cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
"xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl  (File not found)
"Internet Connection Firewall" - "Microsoft Corporation" - C:\WINDOWS\system32\Firewall.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"NetSetupWizard" - "Microsoft Corporation" - C:\WINDOWS\system32\NetSetup.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl
"Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"1394-ARP-Clientprotokoll" (Arp1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\arp1394.sys
"1394-Netzwerktreiber" (NIC1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nic1394.sys
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"AFD" (AFD) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\afd.sys
"Apple Mobile Device Ethernet Service" (Netaapl) - "Apple Inc." - C:\WINDOWS\System32\DRIVERS\netaapl.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
"ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys
"ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys  (File not found)
"Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
"ATWPKT2" (ATWPKT2) - "America Online" - C:\Programme\Gemeinsame Dateien\AOL\ACS\ATWPKT2.SYS
"Audiostubtreiber" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys
"avgio" (avgio) - ? - C:\Programme\Avira\AntiVir Desktop\avgio.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"AVM FRITZ!Box" (AVMUNET) - "AVM GmbH" - C:\WINDOWS\System32\DRIVERS\avmunet.sys
"BDA MPE-Filter" (MPE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\MPE.sys
"BDA Slip De-Framer" (SLIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\SLIP.sys
"BDA-IPSink" (streamip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\StreamIP.sys
"Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys
"BullGuard Email Monitor" (Reconn) - ? - C:\Programme\BullGuard Software\BullGuard\reconn.sys  (File found, but it contains no detailed information)
"BullGuard File Monitor" (FileSpy5) - "BullGuard Ltd." - C:\Programme\BullGuard Software\BullGuard\filespy5.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Michael\LOKALE~1\Temp\catchme.sys  (File not found)
"CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys
"Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys
"Cdfs" (Cdfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdfs.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dmload" (dmload) - "Microsoft Corp., Veritas Software." - C:\WINDOWS\System32\drivers\dmload.sys
"Fastfat" (Fastfat) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fastfat.sys
"Fdc" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fdc.sys
"Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys
"Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys
"Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
"Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
"Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys
"Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys
"Flpydisk" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Flpydisk.sys
"FltMgr" (FltMgr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fltMgr.sys
"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
"Grand Tech GT680x NT" (GT680x) - "   " - C:\WINDOWS\System32\DRIVERS\GT680x.SYS
"HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
"Intel AHCI Controller" (iaStor) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\iaStor.sys
"Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit" (NETw3x32) - "Intel® Corporation" - C:\WINDOWS\System32\DRIVERS\NETw3x32.sys
"Intel-Prozessortreiber" (intelppm) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\intelppm.sys
"IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys
"IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys
"IPv6-Windows-Firewalltreiber" (Ip6Fw) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys
"IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys
"kgediaob" (kgediaob) - ? - C:\DOKUME~1\Michael\LOKALE~1\Temp\kgediaob.sys  (Hidden registry entry, rootkit activity | File not found)
"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\KSecDD.sys
"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouhid.sys
"Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Microcode Updatetreiber" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys
"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys
"Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\compbatt.sys
"Microsoft Embedded Controllertreiber" (ACPIEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPIEC.sys
"Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidusb.sys
"Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\swmidi.sys
"Microsoft Kernel-Audiosplitter" (splitter) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\splitter.sys
"Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\DMusic.sys
"Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\drmkaud.sys
"Microsoft Kernel-Echounterdrückung" (aec) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\aec.sys
"Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\sysaudio.sys
"Microsoft Kernel-Waveaudiomixer" (kmixer) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\kmixer.sys
"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPCLOCK.sys
"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPQM.sys
"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccgp.sys
"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSKSSRV.sys
"Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSTEE.sys
"Microsoft TV-/Videoverbindung" (NdisIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NdisIP.sys
"Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbprint.sys
"Microsoft Windows-Verwaltungsschnittstelle für ACPI" (WmiAcpi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
"Microsoft-Netzteiltreiber" (CmBatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CmBatt.sys
"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbehci.sys
"Miniporttreiber für universellen Microsoft USB-Hostcontroller" (usbuhci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbuhci.sys
"mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys
"Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys
"MountMgr" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys
"MRXSMB" (MRxSmb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
"Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys
"Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys
"NABTS/FEC VBI-Codec" (NABTSFEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
"NDIS-Benutzermodus-E/A-Protokoll" (Ndisuio) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
"NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys
"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys
"NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys
"NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys
"Novatel Wireless USB Modem Driver" (NWUSBModem) - "Novatel Wireless Inc." - C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys
"Novatel Wireless USB Status Port Driver" (NWUSBPort) - "Novatel Wireless Inc." - C:\WINDOWS\System32\DRIVERS\nwusbser.sys
"Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys
"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Ntfs.sys
"Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"OHCI-konformer IEEE 1394-Hostcontroller" (ohci1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ohci1394.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys
"Parport" (Parport) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Parport.sys
"PartMgr" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys
"PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCIIde" (PCIIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pciide.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PhilCap service" (PhilCap) - "Philips Semiconductors GmbH" - C:\WINDOWS\System32\DRIVERS\PhilCap.sys
"PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys
"Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QoS-Paketplaner" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys
"RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys
"RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
"RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
"Rdbss" (Rdbss) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdbss.sys
"RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
"RDPWD" (RDPWD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\RDPWD.sys
"Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver" (RTLE8023xp) - "Realtek Semiconductor Corporation                           " - C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys
"Redirector für WebDav-Client" (MRxDAV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
"Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
"Ricoh xD-Picture Card Driver" (rismxdp) - "REDC" - C:\WINDOWS\System32\DRIVERS\rixdptsk.sys
"rimmptsk" (rimmptsk) - "REDC" - C:\WINDOWS\System32\DRIVERS\rimmptsk.sys
"rimsptsk" (rimsptsk) - "REDC" - C:\WINDOWS\System32\DRIVERS\rimsptsk.sys
"sdbus" (sdbus) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sdbus.sys
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File found, but it contains no detailed information)
"Serial" (Serial) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Serial.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys
"SFF-Speicherklassentreiber" (sffdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sffdisk.sys
"SFF-Speicherprotokolltreiber für SDBus" (sffp_sd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sffp_sd.sys
"Sfloppy" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Sfloppy.sys
"smserial" (smserial) - "Motorola Inc." - C:\WINDOWS\System32\DRIVERS\smserial.sys
"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys
"Srv" (Srv) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\srv.sys
"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys
"Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys
"SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
"Synaptics TouchPad Driver" (SynTP) - "Synaptics, Inc." - C:\WINDOWS\System32\DRIVERS\SynTP.sys
"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdhid.sys
"Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys
"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys
"Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys
"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys
"Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys
"Treiber für die Verwaltung logischer Datenträger" (dmio) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmio.sys
"Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys
"Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
"Treiber für Microsoft WINMM-WDM-Audiokompatibilität" (wdmaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\wdmaud.sys
"Treiber für Terminalserver-Geräteumleitung" (rdpdr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdpdr.sys
"Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys
"Untertiteldecoder" (CCDECODE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
"USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbscan.sys
"USB2-aktivierter Hub" (usbhub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbhub.sys
"VgaSave" (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys
"VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys
"WAN Miniport (ATW)" (wanatw) - "America Online, Inc." - C:\WINDOWS\System32\DRIVERS\wanatw4.sys
"WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
"WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys
"Wdf01000" (Wdf01000) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\Wdf01000.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"World Standard Teletext-Codec" (WSTCODEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
"wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
"X10 Hid Device" (X10Hid) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10hid.sys
"X10 USB Wireless Transceiver" (XUIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10ufx2.sys
"Übersetzer für IP-Netzwerkadressen" (IpNat) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipnat.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
{8b15971b-5355-4c82-8c07-7e181ea07608} "Fax" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
KB910393 "KB910393" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
{407408d4-94ed-4d86-ab69-a7f649d112ee} "Media Center" - "Microsoft Corporation" - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
{5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcomm.dll
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD0.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{00000000-0000-0000-0000-000000000000}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD0.dll
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_09" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "Java Plug-in 1.5.0_09" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_09" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{BF3CD111-6278-11D2-9EA3-00A0C9251384} "O2C-Player Version 1.x" - "Eleco plc" - C:\WINDOWS\system32\O2CPLA~1.OCX / hxxp://www.o2c.de/download/O2CPlayer.CAB
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"ICQ7.1" - "ICQ, LLC." - C:\Programme\ICQ7.1\ICQ.exe
"Messenger" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} "Real.com" - "Microsoft Corporation" - C:\WINDOWS\system32\Shdocvw.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD0.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD0.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\WINDOWS\system32\advapi32.dll
"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll
"gdi32" - "Microsoft Corporation" - C:\WINDOWS\system32\gdi32.dll
"imagehlp" - "Microsoft Corporation" - C:\WINDOWS\system32\imagehlp.dll
"kernel32" - "Microsoft Corporation" - C:\WINDOWS\system32\kernel32.dll
"lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll
"ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll
"oleaut32" - "Microsoft Corporation" - C:\WINDOWS\system32\oleaut32.dll
"olecli32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecli32.dll
"olecnv32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecnv32.dll
"olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll
"olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll
"rpcrt4" - "Microsoft Corporation" - C:\WINDOWS\system32\rpcrt4.dll
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll
"urlmon" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
"user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll
"version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll
"wininet" - "Microsoft Corporation" - C:\WINDOWS\system32\wininet.dll
"wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Notification packages" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\kerberos.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\wdigest.dll
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msapsspc.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msnsspc.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"AOL 9.0 Tray-Symbol.lnk" - "America Online, Inc." - C:\Programme\AOL 9.0\aoltray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"Ulead Photo Express SE Calendar Checker.lnk" - "Ulead Systems, Inc." - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe  (Shortcut exists | File exists)
"Watch.lnk" - "Common Group" - C:\WINDOWS\twain_32\S6U12BX\WATCH.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BullGuard" - "BullGuard Software" - "C:\Programme\BullGuard Software\BullGuard\BullGuard.exe"
"ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\system32\ctfmon.exe
"ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.1\ICQ.exe" silent loginmode=4
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"BullGuard" - "BullGuard Software" - "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot
"ehTray" - "Microsoft Corporation" - C:\WINDOWS\ehome\ehtray.exe
"Gtwatch" - ? - C:\WINDOWS\gtwatch.exe  (File not found)
"InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "  (File not found)
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
"Microsoft Works Update Detection" - "Microsoft® Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"RTHDCPL" - "Realtek Semiconductor Corp." - RTHDCPL.EXE
"SkyTel" - "Realtek Semiconductor Corp." - SkyTel.EXE
"SMSERIAL" - "Motorola Inc." - C:\WINDOWS\sm56hlpr.exe
"STAMPIT-Tray" - "Deutsche Post AG" - C:\PROGRA~1\STAMPIT\BINARY\STRAY.EXE
"TVBroadcast" - "ODSoft multimedia" - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Microsoft Windows-Netzwerk" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll
"Microsoft-Terminaldienste" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll
"Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\cnbjmon.dll
"Local Port" - "Microsoft Corporation" - C:\WINDOWS\system32\localspl.dll
"Microsoft Shared Fax Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\FXSMON.DLL
"PJL Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\pjlmon.dll
"Standard TCP/IP Port" - "Microsoft Corporation" - C:\WINDOWS\system32\tcpmon.dll
"USB Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\usbmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe
"Anmeldedienst" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Anwendungsverwaltung" (AppMgmt) - "Microsoft Corporation" - C:\WINDOWS\System32\appmgmts.dll
"AOL Connectivity Service" (AOL ACS) - "America Online, Inc." - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Arbeitsstationsdienst" (lanmanworkstation) - "Microsoft Corporation" - C:\WINDOWS\System32\wkssvc.dll
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll
"Avira AntiVir Guard" (AntiVirService) - ? - "C:\Programme\Avira\AntiVir Desktop\avguard.exe"  (File not found)
"Avira AntiVir Planer" (AntiVirSchedulerService) - ? - "C:\Programme\Avira\AntiVir Desktop\sched.exe"  (File not found)
"BullGuard Email Monitoring Service" (BsMailProxy) - "BullGuard Ltd." - C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll
"BullGuard File Monitoring Service" (BsFileSpy) - "BullGuard Ltd." - C:\Programme\BullGuard Software\BullGuard\BsFileSpy.dll
"BullGuard Firewall Service" (BsFirewall) - "BullGuard Ltd." - C:\Programme\BullGuard Software\BullGuard\BsFirewall.dll
"BullGuard LiveUpdate" (BGLiveSvc) - "BullGuard Software" - C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe
"BullGuard Main Service" (BGMainSvc) - "BullGuard, Ltd." - C:\Programme\BullGuard Software\BullGuard\BsMain.dll
"COM+-Ereignissystem" (EventSystem) - "Microsoft Corporation" - C:\WINDOWS\system32\es.dll
"COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"Computerbrowser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll
"CryptSvc" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"DCOM-Server-Prozessstart" (DcomLaunch) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll
"Designs" (Themes) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"DHCP-Client" (Dhcp) - "Microsoft Corporation" - C:\WINDOWS\System32\dhcpcsvc.dll
"Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\MsPMSNSv.dll
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe
"DNS-Client" (Dnscache) - "Microsoft Corporation" - C:\WINDOWS\System32\dnsrslvr.dll
"Druckwarteschlange" (Spooler) - "Microsoft Corporation" - C:\WINDOWS\system32\spoolsv.exe
"Ereignisprotokoll" (Eventlog) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"Fax" (Fax) - "Microsoft Corporation" - C:\WINDOWS\system32\fxssvc.exe
"Fehlerberichterstattungsdienst" (ERSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\ersvc.dll
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Gatewaydienst auf Anwendungsebene" (ALG) - "Microsoft Corporation" - C:\WINDOWS\System32\alg.exe
"Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"Hilfe und Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
"HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\w3ssl.dll
"IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\system32\imapi.exe
"Indexdienst" (CiSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\cisvc.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - C:\WINDOWS\system32\qmgr.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Kompatibilität für schnelle Benutzerumschaltung" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Konfigurationsfreie drahtlose Verbindung" (WZCSVC) - "Microsoft Corporation" - C:\WINDOWS\System32\wzcsvc.dll
"Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Media Center Extender Service" (McrdSvc) - "Microsoft Corporation" - C:\WINDOWS\ehome\mcrdsvc.exe
"Media Center Receiver Service" (ehRecvr) - "Microsoft Corporation" - C:\WINDOWS\eHome\ehRecvr.exe
"Media Center-Planerdienst" (ehSched) - "Microsoft Corporation" - C:\WINDOWS\eHome\ehSched.exe
"Messenger Sharing USN Journal Reader-Service" (usnsvc) - "Microsoft Corporation" - C:\Programme\MSN Messenger\usnsvc.dll
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe
"Netzwerkverbindungen" (Netman) - "Microsoft Corporation" - C:\WINDOWS\System32\netman.dll
"Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - C:\WINDOWS\System32\xmlprov.dll
"NLA (Network Location Awareness)" (Nla) - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Plug & Play" (PlugPlay) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"QoS-RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\system32\rsvp.exe
"RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll
"Remote-Registrierung" (RemoteRegistry) - "Microsoft Corporation" - C:\WINDOWS\system32\regsvc.dll
"Remoteprozeduraufruf (RPC)" (RpcSs) - "Microsoft Corporation" - C:\WINDOWS\System32\rpcss.dll
"RPC-Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\system32\locator.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
"Secondary Logon" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll
"Server" (lanmanserver) - "Microsoft Corporation" - C:\WINDOWS\System32\srvsvc.dll
"Shellhardwareerkennung" (ShellHWDetection) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Sicherheitscenter" (wscsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wscsvc.dll
"Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe
"Smartcard" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe
"SSDP Discovery Service" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll
"Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll
"Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - C:\WINDOWS\system32\srsvc.dll
"Taskplaner" (Schedule) - "Microsoft Corporation" - C:\WINDOWS\system32\schedsvc.dll
"TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll
"Telefonie" (TapiSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\tapisrv.dll
"Telnet" (TlntSvr) - "Microsoft Corporation" - C:\WINDOWS\system32\tlntsvr.exe
"Terminaldienste" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv.dll
"Treibererweiterungen für Windows-Verwaltungsinstrumentation" (Wmi) - "Microsoft Corporation" - C:\WINDOWS\System32\advapi32.dll
"Universeller Plug & Play-Gerätehost" (upnphost) - "Microsoft Corporation" - C:\WINDOWS\System32\upnphost.dll
"Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe
"Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll
"Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll
"Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe
"Volumeschattenkopie" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe
"Webclient" (WebClient) - "Microsoft Corporation" - C:\WINDOWS\System32\webclnt.dll
"Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll
"Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows User Mode Driver Framework" (UMWdf) - "Microsoft Corporation" - C:\WINDOWS\system32\wdfmgr.exe
"Windows-Bilderfassung (WIA)" (stisvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wiaservc.dll
"Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll
"Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll
"Windows-Zeitgeber" (W32Time) - "Microsoft Corporation" - C:\WINDOWS\system32\w32time.dll
"WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\wmiapsrv.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
"Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\WINDOW~1.SCR  (File found, but it contains no detailed information)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\WINDOWS\system32\fdeploy.dll
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - "Microsoft Corporation" - C:\WINDOWS\system32\appmgmts.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll
"TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{027050F1-EB69-465E-8798-B374E0A8E402}] DATAGRAM 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{027050F1-EB69-465E-8798-B374E0A8E402}] SEQPACKET 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AED25AD-5430-4DF5-9D67-AFF8022EC634}] DATAGRAM 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AED25AD-5430-4DF5-9D67-AFF8022EC634}] SEQPACKET 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{249BBDDA-0CE6-44EB-8D5B-A38FC23B7464}] DATAGRAM 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{249BBDDA-0CE6-44EB-8D5B-A38FC23B7464}] SEQPACKET 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{24DF07A1-FA2E-453B-978B-6734E5D189A6}] DATAGRAM 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{24DF07A1-FA2E-453B-978B-6734E5D189A6}] SEQPACKET 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{791D8E08-3721-48B2-9895-334866CAE0AB}] DATAGRAM 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{791D8E08-3721-48B2-9895-334866CAE0AB}] SEQPACKET 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{85FB4951-0954-40E2-92C6-5877D680DB01}] DATAGRAM 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{85FB4951-0954-40E2-92C6-5877D680DB01}] SEQPACKET 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{875F837D-4785-4D43-9D46-D9312AC8C7B6}] DATAGRAM 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{875F837D-4785-4D43-9D46-D9312AC8C7B6}] SEQPACKET 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{93FE5ED5-D4B3-433A-83ED-EF82CD432BCA}] DATAGRAM 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{93FE5ED5-D4B3-433A-83ED-EF82CD432BCA}] SEQPACKET 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE913F80-3F8E-495E-AD3B-CCEE8FE80F14}] DATAGRAM 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE913F80-3F8E-495E-AD3B-CCEE8FE80F14}] SEQPACKET 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
"RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru



--------------------------------------------------------------------------
MBRCECK
--------------------------------------------------------------------------
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FE000 \WINDOWS\system32\hal.dll
0xF7D64000 \WINDOWS\system32\KDCOM.DLL
0xF7C74000 \WINDOWS\system32\BOOTVID.dll
0xF7814000 ACPI.sys
0xF7D66000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7803000 pci.sys
0xF7864000 isapnp.sys
0xF7874000 ohci1394.sys
0xF7884000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7C78000 compbatt.sys
0xF7C7C000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7E2C000 pciide.sys
0xF7AE4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7894000 MountMgr.sys
0xF77E4000 ftdisk.sys
0xF7D68000 dmload.sys
0xF77BE000 dmio.sys
0xF7AEC000 PartMgr.sys
0xF7C80000 ACPIEC.sys
0xF7E2D000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF78A4000 VolSnap.sys
0xF77A6000 atapi.sys
0xF76EF000 iaStor.sys
0xF78B4000 disk.sys
0xF78C4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF76CF000 fltMgr.sys
0xF76BD000 sr.sys
0xF7AF4000 PxHelp20.sys
0xF76A6000 KSecDD.sys
0xF7619000 Ntfs.sys
0xF75EC000 NDIS.sys
0xF75D0000 Teefer.sys
0xF75B5000 Mup.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6E9A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7520000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF5EDF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5ECB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5EA6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5E91000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF5CEF000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF7BD4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5CCC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7BDC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5CBB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7BE4000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF6E8A000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF5C6F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7D20000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7BEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5C3F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7D98000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7BF4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79E4000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7D24000 \SystemRoot\system32\drivers\pfc.sys
0xF79F4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7A04000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5C1C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7BFC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7D9A000 \SystemRoot\System32\Drivers\x10hid.sys
0xF7A14000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF7C04000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7E76000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7D2C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5C05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A84000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7C0C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5BF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A44000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7C14000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7C1C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7C24000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF5BC3000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7A54000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D9C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5B67000 \SystemRoot\system32\DRIVERS\update.sys
0xF7D48000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6285000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7AA4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3269000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3247000 \SystemRoot\system32\drivers\portcls.sys
0xF7944000 \SystemRoot\system32\drivers\drmk.sys
0xF30CD000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF7C64000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A94000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D7C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF08CF000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D7E000 \SystemRoot\System32\Drivers\Beep.SYS
0xED5D5000 \SystemRoot\System32\drivers\vga.sys
0xF063A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7DC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF2CA5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF2C9D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4A85000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB257A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2522000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7BBC000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xF0972000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF2C85000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xB24D9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB24B1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF0962000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB248F000 \SystemRoot\System32\drivers\afd.sys
0xF0952000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2464000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB23F5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF0942000 \SystemRoot\System32\Drivers\Fips.SYS
0xB23D2000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB2F31000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB231B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB29B6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF2948000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB298F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB0009000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEB702000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB299E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xF3ABF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF199C000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
0xAF73C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF0630000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAF65B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAF5B4000 \SystemRoot\system32\DRIVERS\srv.sys
0xAE787000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE8BC000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7DB6000 \??\C:\Programme\BullGuard Software\BullGuard\reconn.sys
0xB6FD5000 \??\C:\Programme\BullGuard Software\BullGuard\filespy5.sys
0xAF2B0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAF1E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA81F8000 \??\C:\DOKUME~1\Michael\LOKALE~1\Temp\kgediaob.sys
0xAF771000 \SystemRoot\system32\DRIVERS\avmunet.sys
0xA6913000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
1040 C:\WINDOWS\system32\smss.exe
1124 csrss.exe
1152 C:\WINDOWS\system32\winlogon.exe
1196 C:\WINDOWS\system32\services.exe
1208 C:\WINDOWS\system32\lsass.exe
1400 C:\WINDOWS\system32\svchost.exe
1448 svchost.exe
1592 C:\WINDOWS\system32\svchost.exe
1640 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1752 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1864 svchost.exe
2004 svchost.exe
556 C:\WINDOWS\system32\spoolsv.exe
628 svchost.exe
664 C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
676 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
716 C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe
744 C:\WINDOWS\system32\svchost.exe
788 C:\WINDOWS\ehome\ehrecvr.exe
804 C:\WINDOWS\ehome\ehSched.exe
828 C:\Programme\Gemeinsame Dateien\Gnab\Service\ServiceController.exe
1004 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
1052 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
1244 C:\WINDOWS\system32\nvsvc32.exe
1508 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
1632 C:\Programme\CyberLink\Shared Files\RichVideo.exe
1848 C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe
228 svchost.exe
300 C:\WINDOWS\system32\svchost.exe
712 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
580 mcrdsvc.exe
2956 C:\WINDOWS\system32\dllhost.exe
3224 alg.exe
3104 C:\Programme\iPod\bin\iPodService.exe
1200 C:\WINDOWS\explorer.exe
3644 C:\WINDOWS\ehome\ehtray.exe
852 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
3632 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
4052 C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
1724 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
3956 C:\Programme\iTunes\iTunesHelper.exe
2772 C:\PROGRA~1\STAMPIT\Binary\STRAY.EXE
4032 C:\WINDOWS\ehome\ehmsas.exe
1560 C:\WINDOWS\system32\ctfmon.exe
3100 C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
2660 C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
3488 C:\WINDOWS\system32\wuauclt.exe
3092 C:\Programme\Internet Explorer\iexplore.exe
2540 C:\Programme\Internet Explorer\iexplore.exe
3148 C:\Programme\Internet Explorer\iexplore.exe
184 C:\Dokumente und Einstellungen\Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`5b6f9200 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS545016B9A300, Rev: PBBOC64G

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: ABEDD6AEC53D00E889C94F298CDB4674EB303E31


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

--------------------------------------------------------------------------


jezt?
__________________
Spittfaia & Rebina - Doppelt aufs Maul
DIE FREEDOWNLOAD EP
12 Tracks direkt auf http://spittfaia.lima-city.de/spiitload.html
währe cool wenn sie jemand lädt

Alt 24.10.2010, 21:21   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus.

Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen)

Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den Bootkit Remover nochmals aus und poste das neue Log.
__________________

__________________

Alt 28.10.2010, 14:55   #18
victimripper
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



hä? was fürn Bootkit Remover (nochmal)
ich hab noch nie nen "bootkit remover" ausgeführt ?:P
__________________
__________________

Alt 28.10.2010, 18:42   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Sry ich meinte mbrcheck
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.10.2010, 12:16   #20
victimripper
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Okkay, hier der neue MBR Check Log:
-----------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FE000 \WINDOWS\system32\hal.dll
0xF7D64000 \WINDOWS\system32\KDCOM.DLL
0xF7C74000 \WINDOWS\system32\BOOTVID.dll
0xF7814000 ACPI.sys
0xF7D66000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7803000 pci.sys
0xF7864000 isapnp.sys
0xF7874000 ohci1394.sys
0xF7884000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7C78000 compbatt.sys
0xF7C7C000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7E2C000 pciide.sys
0xF7AE4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7894000 MountMgr.sys
0xF77E4000 ftdisk.sys
0xF7D68000 dmload.sys
0xF77BE000 dmio.sys
0xF7AEC000 PartMgr.sys
0xF7C80000 ACPIEC.sys
0xF7E2D000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF78A4000 VolSnap.sys
0xF77A6000 atapi.sys
0xF76EF000 iaStor.sys
0xF78B4000 disk.sys
0xF78C4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF76CF000 fltMgr.sys
0xF76BD000 sr.sys
0xF7AF4000 PxHelp20.sys
0xF76A6000 KSecDD.sys
0xF7619000 Ntfs.sys
0xF75EC000 NDIS.sys
0xF75D0000 Teefer.sys
0xF75B5000 Mup.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7A54000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7514000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6273000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF625F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF623A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6225000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6083000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF7BBC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6060000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7BC4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF604F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7BCC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7A64000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF6003000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7D2C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7A74000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7BD4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5FD3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7DA0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7BDC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7934000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7D30000 \SystemRoot\system32\drivers\pfc.sys
0xF7A94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7AA4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5FB0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7BE4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7DA2000 \SystemRoot\System32\Drivers\x10hid.sys
0xF7AB4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF7BEC000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7F10000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7AC4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7D38000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5F99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7AD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7BF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5F88000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6689000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7BFC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7C04000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7C0C000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF5F57000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6679000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7DA4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5EFB000 \SystemRoot\system32\DRIVERS\update.sys
0xF6D13000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7D5C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7914000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF351A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF34F8000 \SystemRoot\system32\drivers\portcls.sys
0xF79D4000 \SystemRoot\system32\drivers\drmk.sys
0xF341E000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF7C54000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5B82000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D80000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF0CDE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D82000 \SystemRoot\System32\Drivers\Beep.SYS
0xF18B6000 \SystemRoot\System32\drivers\vga.sys
0xF7D84000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D86000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF18AE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF18A6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF1CF9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF977000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF91F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0F0C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF189E000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xEF8FE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEF8D6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF0EFC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEF8B4000 \SystemRoot\System32\drivers\afd.sys
0xF0EEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEF889000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF81A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF08D6000 \SystemRoot\System32\Drivers\Fips.SYS
0xEB048000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF068B000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xEB044000 \SystemRoot\system32\DRIVERS\avmunet.sys
0xEB040000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEB019000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEC5B0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF0746000 \SystemRoot\System32\drivers\Dxapi.sys
0xF0673000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF10D5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB85E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF7B24000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xECAC7000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xF0FA2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF18EA000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
0xB7D8C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7D90000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB7C83000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7C04000 \SystemRoot\system32\DRIVERS\srv.sys
0xB6CBF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF13CD000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6C71000 \SystemRoot\system32\drivers\kmixer.sys
0xB68E2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7D74000 \??\C:\Programme\BullGuard Software\BullGuard\reconn.sys
0xF7C1C000 \??\C:\Programme\BullGuard Software\BullGuard\filespy5.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
1044 C:\WINDOWS\system32\smss.exe
1116 csrss.exe
1152 C:\WINDOWS\system32\winlogon.exe
1196 C:\WINDOWS\system32\services.exe
1208 C:\WINDOWS\system32\lsass.exe
1396 C:\WINDOWS\system32\svchost.exe
1444 svchost.exe
1588 C:\WINDOWS\system32\svchost.exe
1644 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1748 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1960 svchost.exe
2032 svchost.exe
552 C:\WINDOWS\system32\spoolsv.exe
628 svchost.exe
664 C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
676 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
716 C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe
744 C:\WINDOWS\system32\svchost.exe
780 C:\WINDOWS\ehome\ehrecvr.exe
808 C:\WINDOWS\ehome\ehSched.exe
836 C:\Programme\Gemeinsame Dateien\Gnab\Service\ServiceController.exe
1012 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
1036 C:\Programme\Medion\MEDIONbox\Program\GCS.exe
1064 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
1100 C:\WINDOWS\system32\nvsvc32.exe
1536 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
1688 C:\Programme\CyberLink\Shared Files\RichVideo.exe
1856 C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe
216 svchost.exe
320 C:\WINDOWS\system32\svchost.exe
584 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
1636 mcrdsvc.exe
2576 C:\WINDOWS\system32\dllhost.exe
2940 alg.exe
3208 C:\WINDOWS\system32\wscntfy.exe
3252 C:\WINDOWS\explorer.exe
3384 C:\WINDOWS\ehome\ehtray.exe
3416 C:\WINDOWS\RTHDCPL.exe
3440 C:\WINDOWS\sm56hlpr.exe
3448 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
3456 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
3488 C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
3496 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
2392 C:\Programme\iTunes\iTunesHelper.exe
3508 C:\PROGRA~1\STAMPIT\Binary\STRAY.EXE
3512 C:\Programme\BullGuard Software\BullGuard\BullGuard.exe
1552 C:\WINDOWS\ehome\ehmsas.exe
1836 C:\WINDOWS\system32\ctfmon.exe
1728 C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
2364 C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
1264 C:\WINDOWS\system32\wuauclt.exe
1260 C:\Programme\iPod\bin\iPodService.exe
2424 C:\Programme\Internet Explorer\iexplore.exe
3320 C:\WINDOWS\system32\rundll32.exe
2508 C:\Dokumente und Einstellungen\Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`5b6f9200 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS545016B9A300, Rev: PBBOC64G

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



jetz?

__________________
Spittfaia & Rebina - Doppelt aufs Maul
DIE FREEDOWNLOAD EP
12 Tracks direkt auf http://spittfaia.lima-city.de/spiitload.html
währe cool wenn sie jemand lädt

Alt 29.10.2010, 12:48   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
--> TR/Crypt.XPACK.Gen3

Alt 25.02.2011, 00:41   #22
xlexusx
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Hallo das Board team.

Seit heute abend habe ich das gleiche problem versuche euch wneig arbeit zu machen daher mache ich einfach das was ihr den einen User gepostet habt


Zuerst möchte ich dieses OTL Programm Logs hier reinfügen hoffe ich mach nix falsch ;(


Mit freundliche grüßeOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.02.2011 00:24:13 - Run 1
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 392,19 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2011 06:17:15 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: SSCORE.DLL,
 Version: 6.1.7600.16385, Zeitstempel: 0x4a5be092  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000000170d  ID des fehlerhaften Prozesses: 0x1e4  Startzeit der fehlerhaften
 Anwendung: 0x01cbc9d4b74b7460  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL  Berichtskennung: 18838011-35c8-11e0-bf1d-00ff01000001
 
Error - 13.02.2011 15:59:15 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1670    Startzeit:
 01cbcba6b3f6ed9c    Endzeit: 75    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 b7e88a74-37ab-11e0-9c43-88ae1d9948ab  
 
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit: 
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit: 
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
         
--- --- ---
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 25.02.2011, 00:44   #23
xlexusx
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.02.2011 00:24:13 - Run 1
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 392,19 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\eren\AppData\Local\Temp\Bqn.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.24 22:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.25 00:22:15 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.25 00:30:04 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 00:26:25 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 00:26:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 00:25:48 | 039,964,404 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar.part
[2011.02.25 00:25:48 | 000,000,000 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:22:08 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 00:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.25 00:17:02 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.02.25 00:15:52 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.02.25 00:15:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.25 00:15:42 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.02.25 00:15:28 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\Cdywisplur.job
[2011.02.25 00:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.25 00:15:16 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.25 00:05:00 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
[2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.26 06:26:12 | 000,228,769 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt.PNG
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.25 00:25:48 | 000,000,000 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:25:45 | 007,098,100 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar.part
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:26:56 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\Cdywisplur.job
[2011.02.24 23:26:51 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.02.24 23:26:49 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.02.24 23:26:48 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2011.01.26 06:26:12 | 000,228,769 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
         
--- --- ---
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 25.02.2011, 03:00   #24
xlexusx
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Es ist grade schon 2:59 immernoch wach bin ich und versuche bzw suche nach lösungen ;(

Das 2. teil habe ich auch gemacht von OTL fixxen jetzt habe ich auf mein desktop
2 dateien die heissen desktop.ini was ist nun wa smuss ichn machen
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 25.02.2011, 09:20   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Bitte mach - wie jeder andere hier auch - für Dein Anliegen einen eigenen Strang auf! Nur so ist sichergestellt, dass jedem übersichtlich und indivuell geholfen werden werden!
__________________
Logfiles bitte immer in CODE-Tags posten

Thema geschlossen

Themen zu TR/Crypt.XPACK.Gen3
antivir, gefunde, malwarebytes, meldung, namens, scan, stunde, taucht, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, troja, trojaner, verdammte




Ähnliche Themen: TR/Crypt.XPACK.Gen3


  1. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  2. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (24)
  3. TR/CRYPT.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (1)
  4. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  5. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (4)
  6. Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  7. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (31)
  8. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (3)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (6)
  11. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (14)
  12. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  13. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  14. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (11)
  15. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  16. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  17. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)

Zum Thema TR/Crypt.XPACK.Gen3 - GMER LOG FILE ------------------------------------------- GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net Rootkit scan 2010-10-24 20:55:51 Windows 5.1.2600 Service Pack 2 Running: vmrv41ue.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\kgediaob.sys ---- System - TR/Crypt.XPACK.Gen3...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.