Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: antivir funktioniert nicht mehr! langsamer systemstart! trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 27.03.2011, 01:05   #1
styles2001
 
antivir funktioniert nicht mehr! langsamer systemstart! trojaner? - Standard

antivir funktioniert nicht mehr! langsamer systemstart! trojaner?



hallo,
ich habe mir gestern mittag aus versehen, durch anklicken eines linkes, einen trojaner(?) heruntergeladen. seit dem funktioniert meine anti viren software nicht mehr bzw ich kann mein pc nicht mehr scanen oder die software aktualisieren. außerdem zeigt antivir folgendes an, "Antivir Guard - Dienst gestoppt".
desweiteren ist mein pc beim systemstart, sehr langsam.

hier sind wie in der anleitung beschrieben, meine logs



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.03.2011 15:44:50 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\...\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 16,42 Gb Free Space | 16,42% Space Free | Partition Type: NTFS
Drive D: | 265,75 Gb Total Space | 133,49 Gb Free Space | 50,23% Space Free | Partition Type: NTFS
Drive E: | 100,01 Gb Total Space | 99,94 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ... | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.26 15:33:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\...\Desktop\OTL.exe
PRC - [2011.03.01 17:49:34 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.01 17:49:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.04.18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S30RP1.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.26 15:33:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\...\Desktop\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.07.11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008.07.25 10:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.03.01 17:49:34 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 17:49:29 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.25 18:17:08 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.06.24 15:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.01 17:49:35 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.03.01 17:49:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.11 22:02:42 | 004,525,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.07.13 19:23:19 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.13 19:23:19 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.29 21:27:49 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.12 15:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.21 00:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.05.19 08:46:30 | 000,150,568 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.02.02 16:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007.12.17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: ""
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.26 15:09:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.26 15:09:53 | 000,000,000 | ---D | M]
 
[2008.07.23 19:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Mozilla\Extensions
[2011.03.26 15:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Mozilla\Firefox\Profiles\ladnqeme.default\extensions
[2010.04.30 21:24:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Mozilla\Firefox\Profiles\ladnqeme.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.26 15:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.11.22 08:50:49 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv41629.dll
[2008.08.07 14:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll
[2010.01.05 16:26:40 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv530.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.03.10 18:25:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.10 18:25:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.10 18:25:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.10 18:25:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.10 18:25:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.07.28 00:16:27 | 000,255,845 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 8896 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKCU..\Run: [Automatisch EPSON Stylus DX5000 Series auf STEPHAN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.23 17:54:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{01a0da02-64a2-11dd-b863-00221512f2da}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{01a0da02-64a2-11dd-b863-00221512f2da}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NCProTray.lnk - C:\Programme\SEC\Natural Color Pro\NCProTray.exe - (Samsung)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Matthias^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: ATICustomerCare - hkey= - key= - C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: AutoRun - hkey= - key= -  File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON Stylus DX5000 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: OSSelectorReinstall - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Six Engine - hkey= - key= - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.26 15:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.03.26 15:40:54 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.26 15:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.03.26 15:33:20 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\...\Desktop\Erunt-setup.exe
[2011.03.26 15:33:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\...\Desktop\OTL.exe
[2011.03.26 15:33:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\...\Desktop\TFC.exe
[2011.03.26 14:44:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\PCFix
[2011.03.24 23:11:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.03.24 23:11:15 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\...\Eigene Dateien\DVDVideoSoft
[2011.03.24 23:11:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.26 15:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.26 15:33:32 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\...\Desktop\g2m3e4r.exe
[2011.03.26 15:33:31 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\...\Desktop\Erunt-setup.exe
[2011.03.26 15:33:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\...\Desktop\OTL.exe
[2011.03.26 15:33:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\...\Desktop\TFC.exe
[2011.03.26 14:37:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.26 13:59:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.26 13:33:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{45CDC5D3-CB85-4C4E-B028-A6625FF6EDA0}.job
[2011.03.25 10:03:09 | 002,211,713 | ---- | M] () -- D:\Dokumente und Einstellungen\...\Eigene Dateien\Unbenannt-1.psd
[2011.03.24 23:54:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.03.14 17:45:13 | 000,453,240 | ---- | M] () -- C:\Dokumente und Einstellungen\...\Desktop\26_Bochum_21.jpg
[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Dokumente und Einstellungen\...\Desktop\Anleitung.html
[2011.03.03 17:42:31 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.03 17:42:30 | 000,451,980 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.03 17:42:30 | 000,080,920 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.03 17:42:30 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.01 17:49:35 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.03.01 17:49:34 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.03.26 15:33:20 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\...\Desktop\g2m3e4r.exe
[2011.03.22 12:45:08 | 002,211,713 | ---- | C] () -- D:\Dokumente und Einstellungen\...\Eigene Dateien\Unbenannt-1.psd
[2011.03.14 17:45:13 | 000,453,240 | ---- | C] () -- C:\Dokumente und Einstellungen\...\Desktop\26_Bochum_21.jpg
[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Dokumente und Einstellungen\...\Desktop\Anleitung.html
[2010.04.12 17:38:20 | 000,185,092 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
[2010.04.12 17:38:20 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
[2010.04.12 17:31:36 | 000,185,459 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010.04.12 17:31:36 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010.02.06 18:57:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.07.13 19:23:19 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.07.13 19:23:19 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.07.02 20:48:17 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009.01.31 15:51:24 | 000,000,173 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\default.pls
[2009.01.27 17:26:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.01.27 17:21:13 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008.12.25 15:39:59 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\$_hpcst$.hpc
[2008.12.10 21:58:24 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.12.01 21:11:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.12.01 21:11:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.12.01 21:11:21 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.10.30 15:45:42 | 000,197,982 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.10.21 18:40:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008.10.21 18:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.10.18 15:01:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.22 14:52:19 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.08.01 14:44:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008.08.01 14:44:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008.08.01 14:44:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008.08.01 14:44:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008.08.01 14:44:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008.08.01 14:44:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008.08.01 14:44:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008.08.01 14:44:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008.08.01 14:44:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008.08.01 14:44:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008.08.01 14:44:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008.08.01 14:44:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008.08.01 14:44:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008.08.01 14:44:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008.08.01 14:44:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008.08.01 14:44:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008.08.01 14:44:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008.08.01 14:44:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008.08.01 14:44:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.08.01 14:42:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2008.07.27 21:32:15 | 000,076,800 | ---- | C] () -- C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.26 12:32:33 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.07.26 12:18:09 | 000,001,935 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008.07.23 19:49:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.07.23 19:23:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.07.23 19:17:32 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.07.23 19:16:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.07.23 18:56:48 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008.07.23 18:56:48 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008.07.23 18:56:46 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008.07.23 18:56:46 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008.07.23 18:54:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.07.23 18:44:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.23 18:43:01 | 000,036,432 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.07.23 18:42:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.07.23 18:42:12 | 000,036,394 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.07.23 18:42:12 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.07.23 18:42:04 | 002,262,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.23 17:56:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.23 17:52:01 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.05 11:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.07.05 11:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.07.05 11:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.06.22 17:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.06.13 11:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.06.12 18:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,451,980 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 13:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,080,920 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 13:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.02.10 00:00:00 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
 
========== LOP Check ==========
 
[2008.09.04 13:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2008.08.01 14:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2008.07.28 22:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FlashFXP
[2010.06.10 17:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.08.01 14:47:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.03.26 15:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2008.07.27 14:43:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2010.08.06 13:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Canon
[2009.06.03 08:58:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\com.adobe.ExMan
[2008.07.28 12:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2008.09.04 13:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\DAEMON Tools
[2011.03.24 23:11:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\DVDVideoSoftIEHelpers
[2008.10.14 19:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\EPSON
[2010.03.16 18:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Flatcast
[2010.07.18 00:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\OpenCandy
[2008.11.24 23:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Opera
[2011.03.26 14:56:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\PCFix
[2009.06.22 13:39:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\temp
[2009.07.13 22:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Ubisoft
[2010.07.18 00:48:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\...\Anwendungsdaten\Uniblue
[2011.03.26 13:33:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{45CDC5D3-CB85-4C4E-B028-A6625FF6EDA0}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.01.29 19:22:05 | 000,000,000 | ---D | M] -- C:\ATI
[2011.03.26 15:20:30 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2008.07.23 18:01:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.08.06 15:40:43 | 000,000,000 | ---D | M] -- C:\Intel
[2008.07.27 22:31:41 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.07.23 18:56:46 | 000,000,000 | ---D | M] -- C:\Program Files
[2008.12.10 22:08:36 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.03.26 15:40:54 | 000,000,000 | R--D | M] -- C:\Programme
[2008.09.04 13:00:13 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2008.07.23 17:58:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.26 15:42:08 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-26 14:28:39
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD

< End of report >
         
--- --- ---



extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.03.2011 15:44:50 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\...\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 16,42 Gb Free Space | 16,42% Space Free | Partition Type: NTFS
Drive D: | 265,75 Gb Total Space | 133,49 Gb Free Space | 50,23% Space Free | Partition Type: NTFS
Drive E: | 100,01 Gb Total Space | 99,94 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ... | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Programme\Anno 1701\Anno1701.exe" = C:\Programme\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701
"C:\Programme\MagicTune Premium\MagicTune.exe" = C:\Programme\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player 
"C:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D64B341F-50C6-7AD8-64FE-F1E96D76EA4F}" = ATI Catalyst Install Manager
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Eraser" = Eraser
"ERUNT_is1" = ERUNT 1.1j
"Flatcast_is1" = Flatcast Viewer Plugin 5.3.0.525
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars" = PokerStars
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2011 09:33:47 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 09:34:04 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 09:58:44 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:01:53 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:07:11 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:08:01 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:08:36 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:13:16 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:38:48 | Computer Name = ... | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 26.03.2011 10:39:00 | Computer Name = ... | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Der Verzeichnisname ist ungültig.  .
 
[ System Events ]
Error - 26.03.2011 10:20:42 | Computer Name = ... | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2011 10:20:42 | Computer Name = ... | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2011 10:20:42 | Computer Name = ... | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2011 10:33:48 | Computer Name = ... | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.03.2011 10:33:49 | Computer Name = ... | Source = Service Control Manager | ID = 7034
Description = Dienst "Nero BackItUp Scheduler 3" wurde unerwartet beendet. Dies 
ist bereits 1 Mal passiert.
 
Error - 26.03.2011 10:33:49 | Computer Name = ... | Source = Service Control Manager | ID = 7034
Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 26.03.2011 10:33:49 | Computer Name = ... | Source = Service Control Manager | ID = 7034
Description = Dienst "EPSON V3 Service4(01)" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 26.03.2011 10:33:49 | Computer Name = ... | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.03.2011 10:38:51 | Computer Name = ... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.03.2011 10:38:54 | Computer Name = ... | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   NCPro
 
 
< End of report >
         
--- --- ---



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-27 00:39:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500320AS rev.SD15
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Matthias\LOKALE~1\Temp\fxryypow.sys


---- System - GMER 1.0.15 ----

SSDT      BA7BF18E                                                                                                              ZwCreateKey
SSDT      BA7BF184                                                                                                              ZwCreateThread
SSDT      BA7BF193                                                                                                              ZwDeleteKey
SSDT      BA7BF19D                                                                                                              ZwDeleteValueKey
SSDT      spxj.sys                                                                                                              ZwEnumerateKey [0xB9EC6CA2]
SSDT      spxj.sys                                                                                                              ZwEnumerateValueKey [0xB9EC7030]
SSDT      BA7BF1A2                                                                                                              ZwLoadKey
SSDT      spxj.sys                                                                                                              ZwOpenKey [0xB9EA80C0]
SSDT      BA7BF170                                                                                                              ZwOpenProcess
SSDT      BA7BF175                                                                                                              ZwOpenThread
SSDT      spxj.sys                                                                                                              ZwQueryKey [0xB9EC7108]
SSDT      spxj.sys                                                                                                              ZwQueryValueKey [0xB9EC6F88]
SSDT      BA7BF1AC                                                                                                              ZwReplaceKey
SSDT      BA7BF1A7                                                                                                              ZwRestoreKey
SSDT      BA7BF198                                                                                                              ZwSetValueKey

INT 0x63  ?                                                                                                                     8A70BBF8
INT 0x63  ?                                                                                                                     8A70BBF8
INT 0x63  ?                                                                                                                     8A70BBF8
INT 0x63  ?                                                                                                                     8A70BBF8
INT 0x63  ?                                                                                                                     897C9F00
INT 0x83  ?                                                                                                                     8A69BBF8
INT 0x83  ?                                                                                                                     897C9F00
INT 0x83  ?                                                                                                                     8A69BBF8
INT 0x84  ?                                                                                                                     897C9F00
INT 0xA4  ?                                                                                                                     897C9F00
INT 0xA4  ?                                                                                                                     897C9F00
INT 0xA4  ?                                                                                                                     897C9F00
INT 0xA4  ?                                                                                                                     897C9F00
INT 0xB4  ?                                                                                                                     897C9F00

---- Kernel code sections - GMER 1.0.15 ----

?         spxj.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text     C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                              section is writeable [0xB97BF000, 0x223937, 0xE8000020]
.text     USBPORT.SYS!DllUnload                                                                                                 B97768AC 5 Bytes  JMP 897C94E0 
.text     auizzkro.SYS                                                                                                          B96D4384 1 Byte  [20]
.text     auizzkro.SYS                                                                                                          B96D4384 37 Bytes  [20, 00, 00, 68, 00, 00, 00, ...]
.text     auizzkro.SYS                                                                                                          B96D43AA 24 Bytes  [00, 00, 20, 00, 00, E0, 00, ...]
.text     auizzkro.SYS                                                                                                          B96D43C4 3 Bytes  [00, 00, 00]
.text     auizzkro.SYS                                                                                                          B96D43C9 1 Byte  [00]
.text     ...                                                                                                                   
.text     C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xA99D7300, 0x3B6D8, 0xE8000020]
.text     C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xBA3A0300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!DialogBoxParamW                                          7E3747AB 5 Bytes  JMP 41195501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!CreateWindowExW                                          7E37D0A3 5 Bytes  JMP 4126DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!DialogBoxIndirectParamW                                  7E382072 5 Bytes  JMP 4136502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!MessageBoxIndirectA                                      7E38A082 5 Bytes  JMP 41364F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!DialogBoxParamA                                          7E38B144 5 Bytes  JMP 41364FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!MessageBoxExW                                            7E3A0838 5 Bytes  JMP 41364E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!MessageBoxExA                                            7E3A085C 5 Bytes  JMP 41364E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!DialogBoxIndirectParamA                                  7E3A6D7D 5 Bytes  JMP 41365092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2720] USER32.dll!MessageBoxIndirectW                                      7E3B64D5 5 Bytes  JMP 41364EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!DialogBoxParamW                                          7E3747AB 5 Bytes  JMP 41195501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!SetWindowsHookExW                                        7E37820F 5 Bytes  JMP 41269B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!CallNextHookEx                                           7E37B3C6 5 Bytes  JMP 4125D16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!CreateWindowExW                                          7E37D0A3 5 Bytes  JMP 4126DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!UnhookWindowsHookEx                                      7E37D5F3 5 Bytes  JMP 411D4666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!DialogBoxIndirectParamW                                  7E382072 5 Bytes  JMP 4136502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!MessageBoxIndirectA                                      7E38A082 5 Bytes  JMP 41364F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!DialogBoxParamA                                          7E38B144 5 Bytes  JMP 41364FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!MessageBoxExW                                            7E3A0838 5 Bytes  JMP 41364E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!MessageBoxExA                                            7E3A085C 5 Bytes  JMP 41364E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!DialogBoxIndirectParamA                                  7E3A6D7D 5 Bytes  JMP 41365092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] USER32.dll!MessageBoxIndirectW                                      7E3B64D5 5 Bytes  JMP 41364EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] ole32.dll!CoCreateInstance                                          774CF1AC 5 Bytes  JMP 4126DBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text     C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] ole32.dll!OleLoadFromStream                                         774F981B 5 Bytes  JMP 413653B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [B9EA9040] spxj.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [B9EA913C] spxj.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                   [B9EA90BE] spxj.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                           [B9EA97FC] spxj.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                   [B9EA96D2] spxj.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [B9EB9048] spxj.sys
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!KfAcquireSpinLock]                                                  00000034
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!READ_PORT_UCHAR]                                                    0000008E
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!KeGetCurrentIrql]                                                   00000043
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!KfRaiseIrql]                                                        00000044
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!KfLowerIrql]                                                        000000C4
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!HalGetInterruptVector]                                              000000DE
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!HalTranslateBusAddress]                                             000000E9
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!KeStallExecutionProcessor]                                          000000CB
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!KfReleaseSpinLock]                                                  00000054
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                            0000007B
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!READ_PORT_USHORT]                                                   00000094
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                           00000032
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                   000000A6
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[WMILIB.SYS!WmiSystemControl]                                                00000023
IAT       \SystemRoot\System32\Drivers\auizzkro.SYS[WMILIB.SYS!WmiCompleteRequest]                                              0000003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT       C:\Programme\Internet Explorer\IEXPLORE.EXE[2760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]       [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                8A6971F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                      8979A1F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                      8979A1F8
Device    \Driver\PCI_PNP1316 \Device\00000045                                                                                  spxj.sys
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                      8979A1F8
Device    \Driver\sptd \Device\1655221316                                                                                       spxj.sys
Device    \Driver\usbehci \Device\USBPDO-3                                                                                      897781F8
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                      8979A1F8
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                      8979A1F8
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                      8979A1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                                8A6991F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                      897781F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                                8A6991F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                          8976C1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                    [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                    [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                    [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                    [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Ftdisk \Device\HarddiskVolume3                                                                                8A6991F8
Device    \Driver\Cdrom \Device\CdRom1                                                                                          8976C1F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                               88851500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                      88851500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                      8979A1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{8D0D1006-4997-41AA-A719-7733A4BB4638}                                              88851500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                      8979A1F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                     888281F8
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                      8979A1F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                           888281F8
Device    \Driver\usbehci \Device\USBFDO-3                                                                                      897781F8
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                      8979A1F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                      8A6991F8
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                      8979A1F8
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                      8979A1F8
Device    \Driver\usbehci \Device\USBFDO-7                                                                                      897781F8
Device    \Driver\auizzkro \Device\Scsi\auizzkro1Port5Path0Target0Lun0                                                          8972C1F8
Device    \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0                                                             8A6981F8
Device    \Driver\mv61xx \Device\Scsi\mv61xx1                                                                                   8A6981F8
Device    \Driver\auizzkro \Device\Scsi\auizzkro1                                                                               8972C1F8
Device    \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0                                                              8A6981F8
Device    \FileSystem\Cdfs \Cdfs                                                                                                887E91F8

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060abf047                                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060abf047@00124737b15b                              0xD2 0x9E 0xF4 0x9A ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060abf047@001813c3ca2f                              0xAB 0xB5 0x52 0x66 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060abf047@1886ac3e9fae                              0xB2 0x3D 0xF0 0x5C ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    2
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x09 0x83 0xAA 0x48 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Programme\Alcohol Soft\Alcohol 120\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x5A 0x51 0x63 0x19 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x4F 0x77 0xCB 0x2F ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0xDE 0xC2 0xB3 0x9D ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060abf047 (not active ControlSet)                       
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060abf047@00124737b15b                                  0xD2 0x9E 0xF4 0x9A ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060abf047@001813c3ca2f                                  0xAB 0xB5 0x52 0x66 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060abf047@1886ac3e9fae                                  0xB2 0x3D 0xF0 0x5C ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x09 0x83 0xAA 0x48 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x5A 0x51 0x63 0x19 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x4F 0x77 0xCB 0x2F ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xDE 0xC2 0xB3 0x9D ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Ich hoffe das mir hier jemand helfen kann. danke schonmal im vorraus

Geändert von styles2001 (27.03.2011 um 01:10 Uhr)

 

Themen zu antivir funktioniert nicht mehr! langsamer systemstart! trojaner?
0x00000001, 32 bit, alternate, antivir, antivir guard, avgntflt.sys, avira, bho, einstellungen, eraser, error, excel, firefox, flash player, format, funktioniert nicht mehr, google, grand theft auto, hal.dll, home, iexplore.exe, location, logfile, microsoft office word, mozilla, object, office 2007, oldtimer, plug-in, realtek, registry, rundll, safer networking, saver, searchplugins, security, security update, shell32.dll, software, sptd.sys, trojaner, trojaner?, udp, usbport.sys, viren, windows internet




Ähnliche Themen: antivir funktioniert nicht mehr! langsamer systemstart! trojaner?


  1. ADWARE - Trojaner - Internet funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (3)
  2. Tastertur funktioniert nicht richtig nach Systemstart
    Netzwerk und Hardware - 29.08.2014 (1)
  3. AntiVir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (21)
  4. internet funktioniert nicht mehr ... aufgrund von trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2014 (11)
  5. BKA-Trojaner - Optimus funktioniert nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (10)
  6. Antivir Live CD meldet 36 Funde, dies und das funktioniert nicht mehr. Bin ratlos.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (15)
  7. ANtivir: Yontoo.Gen2-Spotify funktioniert nicht mehr-Vista
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (26)
  8. Trojaner eingefangen, Firewall funktioniert nicht mehr!
    Log-Analyse und Auswertung - 04.09.2012 (26)
  9. nach UKASH Trojaner startet windows nicht mehr, kaspersky rescue disc funktioniert nicht
    Log-Analyse und Auswertung - 26.03.2012 (3)
  10. Avira Antivir funktioniert nicht mehr - updated auch nicht - sowie Windows Warnung
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (7)
  11. Nach Antimalware Doctor weiterhin Probleme: 1. AntiVir funktioniert nicht mehr 2. Explorer und Mozil
    Log-Analyse und Auswertung - 01.08.2010 (28)
  12. Trojaner auf Festplatte, Internetzugang funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (3)
  13. TR/Fraud.pack macht pc langsamer und antivir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (14)
  14. Intel Atom Laptop - IE Funktioniert nicht, Antivir Programm funktioniert nicht.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (1)
  15. antivir & internet funktioniert nicht mehr trotz scheinbarer "bereinigung"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (5)
  16. Trojaner gelöscht, Internet funktioniert nicht mehr!!!
    Plagegeister aller Art und deren Bekämpfung - 07.01.2007 (3)
  17. artm_new.dll infiziert + AntiVir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 25.08.2006 (1)

Zum Thema antivir funktioniert nicht mehr! langsamer systemstart! trojaner? - hallo, ich habe mir gestern mittag aus versehen, durch anklicken eines linkes, einen trojaner(?) heruntergeladen. seit dem funktioniert meine anti viren software nicht mehr bzw ich kann mein pc nicht - antivir funktioniert nicht mehr! langsamer systemstart! trojaner?...
Archiv
Du betrachtest: antivir funktioniert nicht mehr! langsamer systemstart! trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.