Trojaner-Board - Offen Kann manche Sieten nicht mehr laden :(

Trojaner-Board (https://www.trojaner-board.de/)

- Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)

- -

Kann manche Sieten nicht mehr laden :( (https://www.trojaner-board.de/92149-manche-sieten-mehr-laden.html)

Kann manche Sieten nicht mehr laden :(

Hallo Leute,

Ich habe schon länger ein Problem das ich manche seiten nicht mehr laden kann. Seit neuestens kann ich kein www.gameone.de mehr laden. Warum auch immer. Ich habe jetzt schon eine ganze weile im Internet gesucht aber nichts hilfreiches gefunden. Kann sich das bei mir vielleicht jemand ansehen.
Ich weis bloß das ich den MTU Wert richtig eingestellt habe und das ich es mit den Browsern IE 8, Firefox und Goggle Chrome probiert habe die seiten zu laden.

Kann mir jemand weiter helfen.
Danke im Voraus

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hier der Malwarrebyte Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4504

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.10.2010 00:08:06
mbam-log-2010-10-24 (00-08-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132077
Laufzeit: 4 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ok hier ist die OTL LOG FILE:

OTL:
OTL Logfile:

Code:

OTL logfile created on: 23.10.2010 23:57:28 - Run 1

OTL by OldTimer - Version 3.2.17.0     Folder = E:\Dokumente und Einstellungen\Raphael\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme

Drive C: | 19,53 Gb Total Space | 4,81 Gb Free Space | 24,64% Space Free | Partition Type: NTFS

Drive E: | 278,55 Gb Total Space | 244,64 Gb Free Space | 87,83% Space Free | Partition Type: NTFS

Drive F: | 244,04 Gb Total Space | 142,64 Gb Free Space | 58,45% Space Free | Partition Type: NTFS

Drive H: | 687,37 Gb Total Space | 364,28 Gb Free Space | 53,00% Space Free | Partition Type: NTFS

 

Computer Name: RAPHYSPC | User Name: Raphael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe (OldTimer Tools)

PRC - E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - H:\Programme\iTunes\iTunes.exe (Apple Inc.)

PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)

PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe (Apple Inc.)

PRC - F:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - E:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - E:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - F:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - h:\Programme\Warcraft III\war3.exe (Blizzard Entertainment)

PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - E:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - E:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()

PRC - E:\Programme\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)

PRC - E:\Programme\Razer\Arctosa\razertra.exe ()

PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - F:\Programme\RocketDock\RocketDock.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe (OldTimer Tools)

MOD - E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - F:\Programme\RocketDock\RocketDock.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Apple Mobile Device) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (TunngleService) -- F:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (ICQ Service) -- E:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Hamachi2Svc) -- F:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SwitchBoard) -- E:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (DAUpdaterSvc) -- H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (GEST Service) -- E:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()

SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (IDriverT) -- E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (XDva370) -- E:\WINDOWS\System32\XDva370.sys File not found

DRV - (XDva362) -- E:\WINDOWS\System32\XDva362.sys File not found

DRV - (gdrv) -- E:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)

DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (MBAMSwissArmy) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (hamachi) -- E:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (ElbyCDIO) -- E:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (SCREAMINGBDRIVER) -- E:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- E:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (VClone) -- E:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)

DRV - (nv) -- E:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (ArcFltr) -- E:\WINDOWS\system32\drivers\Arctosa.sys (Razer USA Ltd.)

DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (TBPanel) -- E:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)

DRV - (Cardex) -- E:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)

DRV - (SaiH5F0D) -- E:\WINDOWS\system32\drivers\SaiH5F0D.sys (Saitek)

DRV - (SaiU5F0D) -- E:\WINDOWS\system32\drivers\SaiU5F0D.sys (Saitek)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - E:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"

FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6

FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: F:\Programme\Mozilla Firefox\components [2010.09.25 13:21:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: F:\Programme\Mozilla Firefox\plugins [2010.09.25 13:21:51 | 000,000,000 | ---D | M]

 

[2010.06.25 21:37:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Extensions

[2010.10.23 19:00:27 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions

[2010.07.03 16:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.24 17:51:16 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.07.22 22:03:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.07.22 21:23:18 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.09.24 18:19:07 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2010.07.06 17:12:54 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\eafo3fflauncher@ea.com

[2010.10.23 19:00:28 | 000,001,056 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\searchplugins\icqplugin.xml

 

O1 HOSTS File: ([2010.10.23 20:53:47 | 000,424,283 | R--- | M]) - E:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1                                activate.adobe.com

O1 - Hosts: 127.0.0.1                                practivate.adobe.com

O1 - Hosts: 127.0.0.1                                ereg.adobe.com

O1 - Hosts: 127.0.0.1                                activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1                                wip3.adobe.com

O1 - Hosts: 127.0.0.1                                3dns-3.adobe.com

O1 - Hosts: 127.0.0.1                                3dns-2.adobe.com

O1 - Hosts: 127.0.0.1                                adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1                                adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1                                adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1                                ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1                                activate-sea.adobe.com

O1 - Hosts: 127.0.0.1                                wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1                                activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1                               adobe.activate.com

O1 - Hosts: 127.0.0.1                               adobeereg.com                        

O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    

O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           

O1 - Hosts: 127.0.0.1                               125.252.224.90                       

O1 - Hosts: 127.0.0.1                               125.252.224.91

O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 14611 more lines...

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - E:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - E:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - E:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Arctosa] E:\Programme\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)

O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck]  File not found

O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKCU..\Run: [ccleaner] F:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: [RocketDock] F:\Programme\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [Steam] f:\programme\steam\steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell - "" = AutoRun

O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.10.23 23:47:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe

[2010.10.23 19:52:35 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

[2010.10.23 19:19:22 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- E:\WINDOWS\War3Unin.exe

[2010.10.21 18:42:51 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Desktop\S4

[2010.10.20 14:42:53 | 000,258,352 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\unicows.dll

[2010.10.16 16:38:27 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\GetRightToGo

[2010.10.14 18:47:13 | 000,000,000 | ---D | C] -- E:\Programme\Gemeinsame Dateien\Skype

[2010.10.11 20:08:43 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SanDisk

[2010.10.11 20:07:41 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\SanDisk

[2010.10.11 20:07:33 | 000,000,000 | ---D | C] -- E:\WINDOWS\XSxS

[2010.10.11 20:07:33 | 000,000,000 | ---D | C] -- E:\Programme\Xenocode

[2010.10.11 20:07:33 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Xenocode

[2010.10.07 17:02:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Booster

[2010.09.25 13:24:32 | 000,000,000 | ---D | C] -- E:\Programme\iPod

[2010.09.25 13:21:29 | 000,000,000 | ---D | C] -- E:\Programme\QuickTime

[2010.09.25 13:19:58 | 000,000,000 | ---D | C] -- E:\Programme\Bonjour

[2010.09.25 13:14:58 | 000,274,288 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\mucltui.dll

[2010.09.25 13:14:58 | 000,017,776 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\mucltui.dll.mui

[2010.09.24 18:19:11 | 000,000,000 | ---D | C] -- E:\Programme\Gemeinsame Dateien\Windows Live

[2010.09.24 18:19:08 | 000,000,000 | ---D | C] -- E:\Programme\softonic-de3

[2010.09.24 18:19:08 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\softonic-de3

[2010.09.24 18:06:02 | 000,000,000 | ---D | C] -- E:\Programme\MessengerPlus! 3

[2010.09.24 17:51:21 | 000,000,000 | ---D | C] -- E:\Programme\ICQ6Toolbar

[2010.09.24 17:51:16 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2010.09.24 17:50:58 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\ICQ

[2010.09.24 17:50:55 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\AOL

[2010.09.24 17:50:47 | 000,000,000 | ---D | C] -- E:\Programme\ICQ7.2

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.23 23:47:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe

[2010.10.23 23:41:00 | 000,001,216 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003UA.job

[2010.10.23 23:20:00 | 000,001,090 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.10.23 20:53:47 | 000,424,283 | R--- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts

[2010.10.23 19:52:41 | 000,000,773 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Spybot - Search & Destroy.lnk

[2010.10.23 19:46:14 | 000,076,524 | ---- | M] () -- E:\WINDOWS\War3Unin.dat

[2010.10.23 19:31:54 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- E:\WINDOWS\gdrv.sys

[2010.10.23 19:31:34 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\WGASetup.job

[2010.10.23 19:31:33 | 000,235,289 | ---- | M] () -- E:\WINDOWS\System32\NvApps.xml

[2010.10.23 19:31:31 | 000,001,086 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.10.23 19:31:22 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat

[2010.10.23 19:29:27 | 000,000,000 | ---- | M] () -- E:\WINDOWS\System32\Access.dat

[2010.10.23 19:24:08 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- E:\WINDOWS\War3Unin.exe

[2010.10.23 19:24:08 | 000,002,829 | ---- | M] () -- E:\WINDOWS\War3Unin.pif

[2010.10.23 16:41:00 | 000,001,164 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003Core.job

[2010.10.21 19:21:06 | 000,000,276 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.10.20 14:42:46 | 000,258,352 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\unicows.dll

[2010.10.18 13:30:42 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl

[2010.10.17 22:48:06 | 000,013,490 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Mannbärschwein.docx

[2010.10.15 13:30:01 | 003,597,832 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT

[2010.10.14 22:45:12 | 000,001,393 | ---- | M] () -- E:\WINDOWS\imsins.BAK

[2010.10.12 18:46:29 | 000,002,047 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2010.10.11 20:10:34 | 000,000,231 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc

[2010.10.08 17:22:35 | 000,086,701 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Nexus Wars TPZ.SC2Map

[2010.10.07 22:30:40 | 000,452,310 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat

[2010.10.07 22:30:40 | 000,435,396 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat

[2010.10.07 22:30:40 | 000,081,118 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat

[2010.10.07 22:30:40 | 000,068,292 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat

[2010.10.07 17:04:11 | 000,000,350 | ---- | M] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-RAPHYSPC-Raphael.job

[2010.10.06 13:49:46 | 000,139,152 | ---- | M] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010.10.06 13:49:46 | 000,139,152 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\PnkBstrK.sys

[2010.10.06 13:49:20 | 000,794,408 | ---- | M] () -- E:\WINDOWS\System32\pbsvc.exe

[2010.09.29 20:29:37 | 000,000,114 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\SciTE.session

[2010.09.29 13:20:56 | 000,001,887 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

[2010.09.25 13:21:44 | 000,001,584 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk

[2010.09.24 17:51:38 | 000,001,451 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk

 
 ========== Files Created - No Company Name ==========

 

[2010.10.23 19:52:41 | 000,000,773 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Spybot - Search & Destroy.lnk

[2010.10.23 19:19:23 | 000,076,524 | ---- | C] () -- E:\WINDOWS\War3Unin.dat

[2010.10.23 19:19:22 | 000,002,829 | ---- | C] () -- E:\WINDOWS\War3Unin.pif

[2010.10.17 22:48:04 | 000,013,490 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Mannbärschwein.docx

[2010.10.11 20:08:46 | 000,000,231 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc

[2010.10.08 16:36:00 | 000,086,701 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Nexus Wars TPZ.SC2Map

[2010.09.29 20:29:01 | 000,000,114 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\SciTE.session

[2010.09.29 13:20:56 | 000,001,887 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

[2010.09.25 13:25:11 | 000,002,047 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2010.09.25 13:21:44 | 000,001,584 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk

[2010.09.24 17:51:38 | 000,001,451 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk

[2010.08.23 00:44:39 | 001,661,864 | ---- | C] () -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.08.06 14:41:48 | 000,000,002 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\ceville_console_history.txt

[2010.08.04 20:09:45 | 000,000,339 | ---- | C] () -- E:\WINDOWS\CoDUO.INI

[2010.08.04 19:48:23 | 000,000,766 | ---- | C] () -- E:\WINDOWS\CoD.INI

[2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- E:\WINDOWS\System32\xfcodec.dll

[2010.07.06 17:14:36 | 000,139,152 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\PnkBstrK.sys

[2010.07.02 18:03:32 | 000,354,816 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll

[2010.07.01 19:20:22 | 000,000,040 | ---- | C] () -- E:\WINDOWS\System32\Sx5363.ini

[2010.06.30 11:22:19 | 000,697,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys

[2010.06.25 22:45:51 | 000,139,152 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010.06.25 16:26:13 | 000,706,566 | ---- | C] () -- E:\Programme\unins000.exe

[2010.06.25 16:26:13 | 000,035,586 | ---- | C] () -- E:\Programme\unins000.dat

[2010.06.25 00:20:10 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI

[2010.06.24 23:38:09 | 000,007,680 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- E:\WINDOWS\System32\oeminfo.ini

[2009.07.03 05:11:18 | 000,007,756 | ---- | C] () -- E:\WINDOWS\cadx2.ini

[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll

[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll

[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll

[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- E:\WINDOWS\System32\nview.dll

[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat
 

< End of report >

--- --- ---

und hier den Etras Log:
OTL Logfile:

Code:

OTL Extras logfile created on: 23.10.2010 23:57:28 - Run 1

OTL by OldTimer - Version 3.2.17.0     Folder = E:\Dokumente und Einstellungen\Raphael\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme

Drive C: | 19,53 Gb Total Space | 4,81 Gb Free Space | 24,64% Space Free | Partition Type: NTFS

Drive E: | 278,55 Gb Total Space | 244,64 Gb Free Space | 87,83% Space Free | Partition Type: NTFS

Drive F: | 244,04 Gb Total Space | 142,64 Gb Free Space | 58,45% Space Free | Partition Type: NTFS

Drive H: | 687,37 Gb Total Space | 364,28 Gb Free Space | 53,00% Space Free | Partition Type: NTFS

 

Computer Name: RAPHYSPC | User Name: Raphael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"E:\Programme\ICQ7.2\ICQ.exe" = E:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"E:\Programme\ICQ7.2\aolload.exe" = E:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"F:\Programme\Steam\Steam.exe" = F:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"E:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = E:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)

"H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()

"H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)

"H:\Programme\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = H:\Programme\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)

"H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"E:\Programme\TeamViewer\Version5\TeamViewer.exe" = E:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"F:\Programme\BitTorrent\bittorrent.exe" = F:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"H:\Programme\Dragon Age\bin_ship\daorigins.exe" = H:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel -- (BioWare)

"H:\Programme\Dragon Age\DAOriginsLauncher.exe" = H:\Programme\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher -- (BioWare)

"H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe" = H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- (BioWare)

"F:\Programme\Steam\steamapps\common\eve online\bin\ExeFile.exe" = F:\Programme\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)

"H:\Programme\505games\1C\Men of War\mow_mp.exe" = H:\Programme\505games\1C\Men of War\mow_mp.exe:*:Enabled:Main executable -- ("Best Way" Corp)

"H:\Programme\Gameforge4D\AirRivals_EN\Launcher.atm" = H:\Programme\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2 -- File not found

"H:\Programme\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe" = H:\Programme\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found

"H:\Programme\505games\1C\Men of War\outfront_mp.exe" = H:\Programme\505games\1C\Men of War\outfront_mp.exe:*:Enabled:Main executable -- ("Best Way" Corp)

"H:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm" = H:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- ()

"H:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = H:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)

"H:\Programme\EA Sports\FIFA 08\FIFA08.exe" = H:\Programme\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08 -- ()

"F:\Programme\Tunngle\tnglctrl.exe" = F:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"F:\Programme\Tunngle\tunngle.exe" = F:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"H:\Programme\EA Sports\FIFA Online\NFE.exe" = H:\Programme\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online -- (Electronic Arts)

"H:\Programme\Left 4 Dead 2\left4dead2.exe" = H:\Programme\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()

"H:\Programme\Activision\Modern Warfare 2\iw4sp.exe" = H:\Programme\Activision\Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp -- ()

"H:\Programme\Activision\Modern Warfare 2\TCSB.exe" = H:\Programme\Activision\Modern Warfare 2\TCSB.exe:*:Enabled:TC Server Browser for Tunngle -- ()

"H:\Programme\Activision\Modern Warfare 2\IWNetServer.exe" = H:\Programme\Activision\Modern Warfare 2\IWNetServer.exe:*:Enabled:IWNetServer -- (Microsoft)

"H:\Programme\Activision\Modern Warfare 2\iw4mp.exe" = H:\Programme\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:  -- ()

"F:\Programme\BuddyW\BuddyW.exe" = F:\Programme\BuddyW\BuddyW.exe:*:Enabled:BuddyW -- ()

"H:\Programme\Starcraft II Beta\Versions\Base15392\SC2.exe" = H:\Programme\Starcraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)

"H:\Programme\Starcraft II Beta\StarCraft II.exe" = H:\Programme\Starcraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"F:\Programme\Steam\steamapps\common\napoleon total war\Napoleon.exe" = F:\Programme\Steam\steamapps\common\napoleon total war\Napoleon.exe:*:Enabled:Napoleon: Total War -- (The Creative Assembly Ltd)

"F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)

"F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)

"F:\Programme\Steam\steamapps\common\aliens vs predator\AvP.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)

"F:\Programme\Steam\steamapps\common\aliens vs predator dedicated server\AvP_CLI.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator dedicated server\AvP_CLI.exe:*:Enabled:Aliens vs Predator Dedicated Server -- ()

"H:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = H:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- ()

"F:\Programme\Steam\steamapps\common\r.u.s.e. free week end\Ruse.exe" = F:\Programme\Steam\steamapps\common\r.u.s.e. free week end\Ruse.exe:*:Enabled:R.U.S.E. Free Week End -- (Eugen Systems)

"F:\Programme\Steam\steamapps\common\alien swarm\srcds.exe" = F:\Programme\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"F:\Programme\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe" = F:\Programme\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe:*:Enabled:Lead and Gold - Gangs of the Wild West -- ()

"H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- (Electronic Arts Inc.)

"H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat" = H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)

"H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- ()

"H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\patchget.dat" = H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)

"H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™ -- (Electronic Arts Inc.)

"H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\patchget.dat" = H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)

"H:\Programme\Call of Duty - World at War\CoDWaW LanFixed.exe" = H:\Programme\Call of Duty - World at War\CoDWaW LanFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.)

"H:\Programme\Call of Duty - World at War\CoDWaWmp.exe" = H:\Programme\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R): World at War Multiplayer -- (Activision Blizzard, Inc.)

"H:\Programme\Electronic Arts\Der Herr der Ringe® - Die Eroberung™\Conquest.exe" = H:\Programme\Electronic Arts\Der Herr der Ringe® - Die Eroberung™\Conquest.exe:*:Enabled:Game -- (Electronic Arts Inc.)

"H:\Programme\Call of Duty\CoDUOMP.exe" = H:\Programme\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()

"H:\Programme\Call of Duty\CoDMP.exe" = H:\Programme\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()

"H:\Programme\Mass Effect 2 Demo\Binaries\MassEffect2.exe" = H:\Programme\Mass Effect 2 Demo\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Demo -Spiel -- (BioWare)

"H:\Programme\Mass Effect 2 Demo\MassEffect2Launcher.exe" = H:\Programme\Mass Effect 2 Demo\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Demo -Launcher -- (BioWare)

"H:\Programme\tasofro\th123\th123.exe" = H:\Programme\tasofro\th123\th123.exe:*:Enabled:th123 -- ()

"H:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = H:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)

"F:\Programme\Xfire\Xfire.exe" = F:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)

"F:\Programme\Steam\steamapps\common\boostertrooper\BTroopers.exe" = F:\Programme\Steam\steamapps\common\boostertrooper\BTroopers.exe:*:Enabled:Booster Trooper -- (DnS Development)

"H:\Programme\OGPlanet\LostSaga\autoupgrade.exe" = H:\Programme\OGPlanet\LostSaga\autoupgrade.exe:*:Enabled:LostSaga(upgrade) -- (IO Entertainment Co., Ltd.)

"H:\Programme\OGPlanet\LostSaga\lostsaga.exe" = H:\Programme\OGPlanet\LostSaga\lostsaga.exe:*:Enabled:LostSaga(client) -- (IO Entertainment Co., Ltd.)

"E:\Programme\Google\Google Earth\client\googleearth.exe" = E:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"H:\Programme\StarCraft II\StarCraft II.exe" = H:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"H:\Programme\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game" = H:\Programme\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game:*:Enabled:Command & Conquer™ 4 -- (Electronic Arts Inc.)

"H:\Programme\StarCraft II\Versions\Base15405\SC2.exe" = H:\Programme\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"H:\Programme\EA Sports\FIFA 11 Demo\Game\fifa.exe" = H:\Programme\EA Sports\FIFA 11 Demo\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)

"H:\Programme\StarCraft II\Versions\Base16561\SC2.exe" = H:\Programme\StarCraft II\Versions\Base16561\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"F:\Programme\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = F:\Programme\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()

"E:\Programme\ICQ7.2\ICQ.exe" = E:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"E:\Programme\ICQ7.2\aolload.exe" = E:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"H:\Programme\iTunes\iTunes.exe" = H:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"H:\Programme\StarCraft II\Versions\Base16605\SC2.exe" = H:\Programme\StarCraft II\Versions\Base16605\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"F:\Programme\Steam\steamapps\mudo121\counter-strike source\hl2.exe" = F:\Programme\Steam\steamapps\mudo121\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"F:\Programme\Steam\steamapps\common\alien swarm\swarm.exe" = F:\Programme\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"F:\Programme\Steam\steamapps\common\alien swarm\bin\SDKLauncher.exe" = F:\Programme\Steam\steamapps\common\alien swarm\bin\SDKLauncher.exe:*:Enabled:Alien Swarm - SDK -- ()

"F:\Programme\Steam\steamapps\common\eve online\eve.exe" = F:\Programme\Steam\steamapps\common\eve online\eve.exe:*:Enabled:EVE Online Demo -- (CCP hf.)

"F:\Programme\Steam\steamapps\common\mafia ii\pc\mafia2.exe" = F:\Programme\Steam\steamapps\common\mafia ii\pc\mafia2.exe:*:Enabled:Mafia II -- (2K Czech)

"F:\Listchecker\pickup.listchecker.exe" = F:\Listchecker\pickup.listchecker.exe:*:Enabled:pickup.listchecker -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08

"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)

"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update &1 für Spiel Men of War

"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.17.5.0" = Update &1 für Spiel Men of War

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{260CA184-10D9-457F-B106-CF5AE0B624A6}_is1" = Elvenstar Mod

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21

"{29650B4B-3CFE-486D-AE07-9ABE8C9C385F}" = SanDisk ® Media Manager

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}" = Razer Arctosa

"{2F989174-840D-40D0-8130-A7EC36321433}" = S4 League_EU

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 

"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV

"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness

"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B9.0316.1

"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die*Sims™*3 Erstelle einen Sim

"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi

"{8ACE3311-7E11-4D68-BFC8-FC5E2692627B}" = Mass Effect 2 Demo

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader

"{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = “Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo

"{9F7FC1EC-5C07-44A4-8338-22AF90644273}_is1" = German Soldiers Mod Fields of Honor 2

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"2Tox_AppBooster_PRO_is1" = appsmaker AppBooster

"7-Zip" = 7-Zip 4.65

"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"AirRivals_DE_is1" = AirRivals_DE 1.0.0.44

"AutoItv3" = AutoIt v3.3.6.1

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitTorrent" = BitTorrent

"BuddyW_is1" = BuddyW 1.1.10

"Call of Duty" = Call of Duty

"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2

"CCleaner" = CCleaner

"Ceville" = Ceville 1.0

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"DBBD4687DB2530A2F7D7FAB13E7DF67638CCA3B9" = Windows Driver Package - Razer (HidUsb) HIDClass  (01/11/2007 1.0)

"EA Download Manager" = EA Download Manager

"Elvenstar Mod 6.0" = Elvenstar Mod 6.0

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EXPERTool_is1" = EXPERTool 7.5

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"Guild Wars" = GUILD WARS

"Highway Pursuit_is1" = Highway Pursuit v1.1

"Hisoutensoku English" = NSIS Hisoutensoku English

"ICQToolbar" = ICQ Toolbar

"ie8" = Windows Internet Explorer 8

"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive

"LogMeIn Hamachi" = LogMeIn Hamachi

"LostSagaUS" = Lost Saga

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"MsgPlus! Plugin" = Messenger Plus! 3

"NVIDIA Drivers" = NVIDIA Drivers

"OGPlanet Game Launcher US" = OGPlanet Game Launcher

"Patch for "Men of War"_is1" = Patch 1.17.5 for "Men of War"

"PunkBusterSvc" = PunkBuster Services

"RocketDock_is1" = RocketDock 1.3.5

"Seven Remix XP" = Seven Remix XP 2.4

"ShotOnline" = ShotOnline

"softonic-de3 Toolbar" = softonic-de3 Toolbar

"Speccy" = Speccy

"StarCraft II" = StarCraft II

"Steam App 10680" = Aliens vs. Predator

"Steam App 13140" = America's Army 3

"Steam App 27920" = Booster Trooper

"Steam App 33310" = R.U.S.E. Free Week End

"Steam App 34030" = Napoleon: Total War

"Steam App 41010" = Serious Sam HD: The Second Encounter

"Steam App 42120" = Lead and Gold - Gangs of the Wild West

"Steam App 50130" = Mafia II

"Steam App 630" = Alien Swarm

"Steam App 640" = Alien Swarm - SDK

"Steam App 8510" = EVE Online Demo

"TeamViewer 5" = TeamViewer 5

"Tunngle beta_is1" = Tunngle beta

"Uninstall_is1" = Uninstall 1.0.0.1

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 1.1.0

"WinRAR archiver" = WinRAR

"Xfire" = Xfire (remove only)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Warcraft III" = Warcraft III: All Products

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.09.2010 15:47:09 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100

Description = 420: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 04.09.2010 07:55:55 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 04.09.2010 07:55:56 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 04.09.2010 20:07:59 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100

Description = 208: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 04.09.2010 20:07:59 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100

Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 04.09.2010 20:07:59 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100

Description = 424: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 04.09.2010 20:07:59 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100

Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 04.09.2010 20:07:59 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100

Description = 436: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 05.09.2010 06:41:14 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 05.09.2010 06:41:15 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

[ System Events ]

Error - 09.10.2010 08:20:33 | Computer Name = RAPHYSPC | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 7.0.104.53 für die Netzwerkkarte mit der Netzwerkadresse

 00FF98B69C03 wurde durch  den DHCP-Server 7.254.254.254 abgelehnt (der DHCP-Server

 hat eine DHCPNACK-Meldung gesendet).

 

Error - 09.10.2010 15:51:00 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034

Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 09.10.2010 15:51:05 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034

Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 

Mal passiert.

 

Error - 09.10.2010 15:51:08 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034

Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal

 passiert.

 

Error - 23.10.2010 07:49:58 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 23.10.2010 07:50:01 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034

Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 

Mal passiert.

 

Error - 23.10.2010 07:50:05 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034

Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 23.10.2010 13:27:01 | Computer Name = RAPHYSPC | Source = Cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 23.10.2010 13:27:05 | Computer Name = RAPHYSPC | Source = Cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 23.10.2010 15:04:27 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034

Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal

 passiert.

 

 

< End of report >

--- --- ---

Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!

Zitat:

Datenbank Version: 4504

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Also ich hab Malwarebytes geupdatet und hab den voll scan gemaacht dann kam dieser log danach:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4932

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.10.2010 13:26:32
mbam-log-2010-10-24 (13-26-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 550822
Laufzeit: 2 Stunde(n), 33 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
H:\Programme\Crypt Load\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
H:\Programme\Crypt Load\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.

Gibt es noch weitere/ältere Logs von Malwarebytes? Wenn ja bitte alle posten.

Also ich hatte schon mal ein problem das ich automatisch in skype links verschickt habe und da habe ich mich auch an dieses forum gewendet.
Dann habe ich hier ein log von Malwarebytes. Der ist aber schon älter
Also der Log ist von damlas als ich den skype virus hatte.
Das Problem war aber schon voher da.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4504

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.08.2010 23:55:52
mbam-log-2010-08-29 (23-55-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131896
Laufzeit: 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
E:\WINDOWS\jusched.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List\e:\dokumente und einstellungen\raphael\eigene dateien\downloads\picture-8716154.jpg-www.facebook.scr (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\WINDOWS\jusched.exe (Trojan.Agent) -> No action taken.

vielleicht hilft das

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - (XDva370) -- E:\WINDOWS\System32\XDva370.sys File not found

DRV - (XDva362) -- E:\WINDOWS\System32\XDva362.sys File not found

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell - "" = AutoRun

O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Nach dem Neustart kam der Log:

All processes killed
========== OTL ==========
Service XDva370 stopped successfully!
Service XDva370 deleted successfully!
File E:\WINDOWS\System32\XDva370.sys File not found not found.
Service XDva362 stopped successfully!
Service XDva362 deleted successfully!
File E:\WINDOWS\System32\XDva362.sys File not found not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
File J:\autorun.exe not found.
========== COMMANDS ==========
E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Raphael
->Temp folder emptied: 1292739 bytes
->Temporary Internet Files folder emptied: 759101 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25119647 bytes
->Google Chrome cache emptied: 43732995 bytes
->Flash cache emptied: 58528 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 68,00 mb

OTL by OldTimer - Version 3.2.17.0 log created on 10242010_154257

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Kann aber immer noch nicht auf die Seite

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 10-10-23.01 - Raphael 24.10.2010  16:43:41.1.4 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1600 [GMT 2:00]

ausgeführt von:: e:\dokumente und einstellungen\Raphael\Desktop\Confi.exe.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\1.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\a.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\b.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\c.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\d.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\e.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\f.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\g.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\h.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\i.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\J.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\k.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\l.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\m.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\mru.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\n.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\o.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\p.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\q.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\r.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\s.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\t.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\u.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\v.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\w.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\x.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\y.xml

e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PriceGong\Data\z.xml
 

Infizierte Kopie von e:\windows\system32\midimap.dll wurde gefunden und desinfiziert 

Kopie von - e:\windows\NiwradSoft Shell Pack\Backup\midimap.dll wurde wiederhergestellt 
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-09-24 bis 2010-10-24  ))))))))))))))))))))))))))))))

.
 

2010-10-24 13:42 . 2010-10-24 13:42        --------        d-----w-        E:\_OTL

2010-10-23 17:52 . 2010-10-24 08:40        --------        d-----w-        e:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-10-23 17:19 . 2010-10-23 17:24        2829        ----a-w-        e:\windows\War3Unin.pif

2010-10-23 17:19 . 2010-10-23 17:24        139264        ----a-w-        e:\windows\War3Unin.exe

2010-10-20 12:42 . 2010-10-20 12:42        258352        ----a-w-        e:\windows\system32\unicows.dll

2010-10-16 14:38 . 2010-10-20 12:43        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Anwendungsdaten\GetRightToGo

2010-10-14 20:45 . 2008-04-14 05:52        221184        ----a-w-        e:\windows\system32\wmpns.dll

2010-10-14 16:47 . 2010-10-14 16:47        --------        d-----w-        e:\programme\Gemeinsame Dateien\Skype

2010-10-11 18:08 . 2010-10-11 18:08        --------        d-----w-        e:\dokumente und einstellungen\All Users\Anwendungsdaten\SanDisk

2010-10-11 18:07 . 2010-10-11 18:07        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\SanDisk

2010-10-11 18:07 . 2010-10-11 18:07        --------        d-----w-        e:\windows\XSxS

2010-10-11 18:07 . 2010-10-11 18:07        --------        d-----w-        e:\programme\Xenocode

2010-10-11 18:07 . 2010-10-11 18:07        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Xenocode

2010-10-07 15:04 . 2008-04-14 05:52        26624        ----a-w-        e:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-10-07 15:02 . 2010-10-07 15:04        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Anwendungsdaten\Booster

2010-09-25 11:24 . 2010-09-25 11:24        --------        d-----w-        e:\programme\iPod

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin7.dll

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin6.dll

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin5.dll

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin4.dll

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin3.dll

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin2.dll

2010-09-25 11:21 . 2010-09-25 11:21        159744        ----a-w-        e:\programme\Internet Explorer\Plugins\npqtplugin.dll

2010-09-25 11:21 . 2010-09-25 11:21        --------        d-----w-        e:\programme\QuickTime

2010-09-25 11:19 . 2010-09-25 11:19        --------        d-----w-        e:\programme\Bonjour

2010-09-25 11:14 . 2009-08-06 17:23        274288        ----a-w-        e:\windows\system32\mucltui.dll

2010-09-25 11:14 . 2009-08-06 17:23        215920        ----a-w-        e:\windows\system32\muweb.dll

2010-09-24 16:19 . 2010-09-24 16:19        --------        d-----w-        e:\programme\Gemeinsame Dateien\Windows Live

2010-09-24 16:19 . 2010-10-09 10:17        --------        d-----w-        e:\programme\softonic-de3

2010-09-24 16:19 . 2010-10-09 10:17        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\softonic-de3

2010-09-24 16:06 . 2010-09-24 16:06        --------        d-----w-        e:\programme\MessengerPlus! 3

2010-09-24 15:51 . 2010-09-24 15:51        --------        d-----w-        e:\programme\ICQ6Toolbar

2010-09-24 15:51 . 2010-09-24 15:51        --------        d-----w-        e:\dokumente und einstellungen\All Users\Anwendungsdaten\ICQ

2010-09-24 15:50 . 2010-09-24 16:41        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Anwendungsdaten\ICQ

2010-09-24 15:50 . 2010-09-24 15:50        --------        d-----w-        e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\AOL

2010-09-24 15:50 . 2010-09-24 15:52        --------        d-----w-        e:\programme\ICQ7.2
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-24 14:48 . 2010-06-25 11:47        17488        ----a-w-        e:\windows\gdrv.sys

2010-10-06 11:49 . 2010-07-06 15:14        139152        ----a-w-        e:\dokumente und einstellungen\Raphael\Anwendungsdaten\PnkBstrK.sys

2010-10-06 11:49 . 2010-06-25 20:45        139152        ----a-w-        e:\windows\system32\drivers\PnkBstrK.sys

2010-10-06 11:49 . 2010-06-25 20:45        111928        ----a-w-        e:\windows\system32\PnkBstrB.exe

2010-10-06 11:49 . 2010-07-06 15:13        794408        ----a-w-        e:\windows\system32\pbsvc.exe

2010-10-06 11:49 . 2010-06-25 20:44        75064        ----a-w-        e:\windows\system32\PnkBstrA.exe

2010-09-18 10:22 . 2007-04-03 06:44        974848        ----a-w-        e:\windows\system32\mfc42u.dll

2010-09-18 06:52 . 2008-04-14 05:52        974848        ----a-w-        e:\windows\system32\mfc42.dll

2010-09-18 06:52 . 2008-04-14 05:52        953856        ----a-w-        e:\windows\system32\mfc40u.dll

2010-09-18 06:52 . 2001-08-18 12:00        954368        ----a-w-        e:\windows\system32\mfc40.dll

2010-09-10 05:47 . 2008-04-21 06:42        916480        ----a-w-        e:\windows\system32\wininet.dll

2010-09-10 05:47 . 2008-04-14 05:53        1469440        ----a-w-        e:\windows\system32\inetcpl.cpl

2010-09-10 05:47 . 2008-04-14 05:52        43520        ----a-w-        e:\windows\system32\licmgr10.dll

2010-09-08 09:17 . 2010-09-08 09:17        94208        ----a-w-        e:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17        69632        ----a-w-        e:\windows\system32\QuickTime.qts

2010-09-01 11:50 . 2008-04-14 05:50        285824        ----a-w-        e:\windows\system32\atmfd.dll

2010-09-01 07:54 . 2008-04-14 05:23        1852928        ----a-w-        e:\windows\system32\win32k.sys

2010-08-27 08:01 . 2008-04-14 05:52        119808        ----a-w-        e:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 05:52        99840        ----a-w-        e:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25        5632        ----a-w-        e:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2008-04-13 22:45        357248        ----a-w-        e:\windows\system32\drivers\srv.sys

2010-08-23 16:11 . 2008-04-14 05:52        617472        ----a-w-        e:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 05:53        58880        ----a-w-        e:\windows\system32\spoolsv.exe

2010-08-16 08:44 . 2008-04-14 05:52        590848        ----a-w-        e:\windows\system32\rpcrt4.dll

2010-08-10 22:27 . 2010-06-30 09:22        697328        ----a-w-        e:\windows\system32\drivers\sptd.sys

2010-08-01 18:22 . 2010-06-25 20:44        218808        ----a-w-        e:\windows\system32\PnkBstrB.xtr

2010-07-30 19:02 . 2010-07-02 13:15        12168        ----a-w-        e:\windows\system32\ealregsnapshot1.reg

2010-07-27 16:44 . 2010-07-27 16:44        91424        ----a-w-        e:\windows\system32\dnssd.dll

2010-07-27 16:44 . 2010-07-27 16:44        75040        ----a-w-        e:\windows\system32\jdns_sd.dll

2010-07-27 16:44 . 2010-07-27 16:44        197920        ----a-w-        e:\windows\system32\dnssdX.dll

2010-07-27 16:44 . 2010-07-27 16:44        107808        ----a-w-        e:\windows\system32\dns-sd.exe

2010-06-30 15:00 . 2010-06-25 14:26        706566        ----a-w-        e:\programme\unins000.exe

.
 

------- Sigcheck -------
 

[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . e:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . e:\windows\system32\winlogon.exe

[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . e:\windows\system32\dllcache\winlogon.exe
 

[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . e:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . e:\windows\system32\user32.dll

[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . e:\windows\system32\dllcache\user32.dll
 

[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . e:\windows\explorer.exe

[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . e:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . e:\windows\system32\dllcache\explorer.exe
 

[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . e:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . e:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . e:\windows\system32\dllcache\ctfmon.exe
 

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . e:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . e:\windows\system32\dllcache\iexplore.exe

[7] 2008-04-14 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512] . . e:\windows\ie8\iexplore.exe

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "e:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

2010-06-03 16:24        2736736        ----a-w-        e:\programme\softonic-de3\tbsoft.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "e:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "e:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
 

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="f:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Steam"="f:\programme\steam\steam.exe" [2010-08-23 1242448]

"ccleaner"="f:\programme\CCleaner\CCleaner.exe" [2010-09-24 1786168]

"Skype"="e:\programme\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 40448]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]

"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"Arctosa"="e:\programme\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]

"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"GrooveMonitor"="e:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"iTunesHelper"="h:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
 

[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SanDisk Media Manager.lnk]

path=e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SanDisk Media Manager.lnk

backup=e:\windows\pss\SanDisk Media Manager.lnkCommon Startup
 

[HKLM\~\startupfolder\E:^Dokumente und Einstellungen^Raphael^Startmenü^Programme^Autostart^FIFA 10 Registration.lnk]

path=e:\dokumente und einstellungen\Raphael\Startmenü\Programme\Autostart\FIFA 10 Registration.lnk

backup=e:\windows\pss\FIFA 10 Registration.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37        932288        ----a-w-        e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04        35760        ----a-w-        f:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 01:44        500208        ------w-        e:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2010-03-09 02:28        11989960        ----a-w-        e:\programme\Adobe\Adobe Bridge CS5\Bridge.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 02:57        406992        ----a-w-        e:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-06-25 20:25        136176        ----atw-        e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2010-09-24 15:50        133432        ----a-w-        e:\programme\ICQ7.2\ICQ.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2010-03-30 09:16        1820040        ----a-w-        f:\programme\LogMeIn Hamachi\hamachi-2-ui.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

2010-09-24 16:06        190024        ----a-w-        e:\programme\MessengerPlus! 3\MsgPlus.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 05:52        1695232        ------w-        e:\programme\Messenger\msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17        421888        ----a-w-        e:\programme\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44        248552        ----a-w-        e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 11:37        517096        ----a-w-        e:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"f:\\Programme\\Steam\\Steam.exe"=

"e:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=

"e:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"e:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"h:\\Programme\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=

"h:\\Programme\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=

"h:\\Programme\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=

"h:\\Programme\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

"e:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=

"f:\\Programme\\BitTorrent\\bittorrent.exe"=

"h:\\Programme\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=

"h:\\Programme\\Dragon Age\\bin_ship\\daorigins.exe"=

"h:\\Programme\\Dragon Age\\DAOriginsLauncher.exe"=

"h:\\Programme\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\eve online\\bin\\ExeFile.exe"=

"h:\\Programme\\505games\\1C\\Men of War\\mow_mp.exe"=

"h:\\Programme\\505games\\1C\\Men of War\\outfront_mp.exe"=

"h:\programme\Gameforge4D\AirRivals_DE\Launcher.atm"= h:\programme\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2

"h:\programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe"= h:\programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

"h:\\Programme\\EA Sports\\FIFA 08\\FIFA08.exe"=

"f:\\Programme\\Tunngle\\tnglctrl.exe"=

"f:\\Programme\\Tunngle\\tunngle.exe"=

"e:\\WINDOWS\\system32\\PnkBstrA.exe"=

"e:\\WINDOWS\\system32\\PnkBstrB.exe"=

"h:\\Programme\\EA Sports\\FIFA Online\\NFE.exe"=

"h:\\Programme\\Left 4 Dead 2\\left4dead2.exe"=

"h:\\Programme\\Activision\\Modern Warfare 2\\iw4sp.exe"=

"h:\\Programme\\Activision\\Modern Warfare 2\\TCSB.exe"=

"h:\\Programme\\Activision\\Modern Warfare 2\\IWNetServer.exe"=

"h:\\Programme\\Activision\\Modern Warfare 2\\iw4mp.exe"=

"f:\\Programme\\BuddyW\\BuddyW.exe"=

"h:\\Programme\\Starcraft II Beta\\Versions\\Base15392\\SC2.exe"=

"h:\\Programme\\Starcraft II Beta\\StarCraft II.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\napoleon total war\\Napoleon.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\aliens vs predator dedicated server\\AvP_CLI.exe"=

"h:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\r.u.s.e. free week end\\Ruse.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\lead and gold gangs of the wild west\\lag_win32_public_dev.exe"=

"h:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=

"h:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat"=

"h:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=

"h:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\patchget.dat"=

"h:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\game.dat"=

"h:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\patchget.dat"=

"h:\\Programme\\Call of Duty - World at War\\CoDWaW LanFixed.exe"=

"h:\\Programme\\Call of Duty - World at War\\CoDWaWmp.exe"=

"h:\\Programme\\Electronic Arts\\Der Herr der Ringe® - Die Eroberung™\\Conquest.exe"=

"h:\\Programme\\Call of Duty\\CoDUOMP.exe"=

"h:\\Programme\\Call of Duty\\CoDMP.exe"=

"h:\\Programme\\Mass Effect 2 Demo\\Binaries\\MassEffect2.exe"=

"h:\\Programme\\Mass Effect 2 Demo\\MassEffect2Launcher.exe"=

"h:\\Programme\\tasofro\\th123\\th123.exe"=

"h:\\Programme\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"f:\\Programme\\Xfire\\Xfire.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\boostertrooper\\BTroopers.exe"=

"h:\\Programme\\OGPlanet\\LostSaga\\autoupgrade.exe"=

"h:\\Programme\\OGPlanet\\LostSaga\\lostsaga.exe"=

"e:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=

"h:\\Programme\\StarCraft II\\StarCraft II.exe"=

"h:\\Programme\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=

"h:\\Programme\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

"h:\\Programme\\EA Sports\\FIFA 11 Demo\\Game\\fifa.exe"=

"h:\\Programme\\StarCraft II\\Versions\\Base16561\\SC2.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=

"e:\\Programme\\ICQ7.2\\ICQ.exe"=

"e:\\Programme\\ICQ7.2\\aolload.exe"=

"e:\\Programme\\Messenger\\msmsgs.exe"=

"e:\\Programme\\Bonjour\\mDNSResponder.exe"=

"h:\\Programme\\iTunes\\iTunes.exe"=

"h:\\Programme\\StarCraft II\\Versions\\Base16605\\SC2.exe"=

"f:\\Programme\\Steam\\steamapps\\mudo121\\counter-strike source\\hl2.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=

"e:\\Programme\\Skype\\Phone\\Skype.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\eve online\\eve.exe"=

"f:\\Programme\\Steam\\steamapps\\common\\mafia ii\\pc\\mafia2.exe"=

"f:\\Listchecker\\pickup.listchecker.exe"=
 

R2 AntiVirSchedulerService;Avira AntiVir Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [25.06.2010 14:03 135336]

R2 GEST Service;GEST Service for program management.;e:\programme\GIGABYTE\EnergySaver\GSvr.exe [25.06.2010 13:40 68136]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]

R2 ICQ Service;ICQ Service;e:\programme\ICQ6Toolbar\ICQ Service.exe [24.09.2010 17:51 246520]

R2 TunngleService;TunngleService;f:\programme\Tunngle\TnglCtrl.exe [25.06.2010 14:34 716024]

R3 ArcFltr;Arctosa Keyboard;e:\windows\system32\drivers\Arctosa.sys [25.06.2010 13:57 16896]

R3 SaiH5F0D;SaiH5F0D;e:\windows\system32\drivers\SaiH5F0D.sys [25.06.2010 14:01 176640]

R3 SaiU5F0D;SaiU5F0D;e:\windows\system32\drivers\SaiU5F0D.sys [25.06.2010 14:01 27264]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);e:\windows\system32\drivers\tap0901t.sys [25.06.2010 14:34 27136]

S2 gupdate;Google Update Service (gupdate);e:\programme\Google\Update\GoogleUpdate.exe [19.08.2010 16:09 136176]

S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;h:\programme\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 22:07 25832]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;e:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 00:06 34384]

S3 SwitchBoard;SwitchBoard;e:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 13:37 517096]

S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [30.06.2010 11:22 697328]

.

Inhalt des "geplante Tasks" Ordners
 

2010-10-07 e:\windows\Tasks\AdobeAAMUpdater-1.0-RAPHYSPC-Raphael.job

- e:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-01 01:44]
 

2010-10-21 e:\windows\Tasks\AppleSoftwareUpdate.job

- e:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
 

2010-10-24 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\programme\Google\Update\GoogleUpdate.exe [2010-08-19 14:09]
 

2010-10-24 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\programme\Google\Update\GoogleUpdate.exe [2010-08-19 14:09]
 

2010-10-23 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003Core.job

- e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-06-25 20:25]
 

2010-10-24 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003UA.job

- e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-06-25 20:25]
 

2010-10-24 e:\windows\Tasks\WGASetup.job

- e:\windows\system32\KB905474\wgasetup.exe [2010-06-25 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to Mp3 Converter - e:\dokumente und einstellungen\Raphael\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

FF - ProfilePath - e:\dokumente und einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13

FF - component: e:\dokumente und einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: e:\dokumente und einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: e:\dokumente und einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll

FF - component: e:\dokumente und einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll

FF - plugin: e:\dokumente und einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\programme\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: e:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: e:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\windows\system32\npOGPPlugin.dll

FF - plugin: f:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: f:\programme\Mozilla Firefox\plugins\npOGPPlugin.dll

FF - plugin: h:\programme\iTunes\Mozilla Plugins\npitunes.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

f:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-10-24 16:50

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-583907252-796845957-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\0 ©**¨*’t*’*’ ’e*’B*’A*\ R" û* ê* z* V*]

"Order"=hex:08,00,00,00,02,00,00,00,36,01,00,00,01,00,00,00,02,00,00,00,7e,00,

   00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,32,\
 

[HKEY_USERS\S-1-5-21-583907252-796845957-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\0 ©**¨*’t*’*’ ’e*’B*’A*\ R" û* ñ* z* V* ¥*]

"Order"=hex:08,00,00,00,02,00,00,00,3e,01,00,00,01,00,00,00,02,00,00,00,82,00,

   00,00,00,00,00,00,74,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,62,00,32,\
 

[HKEY_USERS\S-1-5-21-583907252-796845957-1547161642-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:d1,7b,01,99,50,df,c7,84,e6,19,aa,ca,03,1e,85,de,77,78,56,2f,34,a1,c9,

   79,70,6b,9b,84,16,7c,31,30,02,c6,ea,2c,27,b6,13,b7,6a,ff,87,80,db,75,d4,f8,\

"??"=hex:56,20,a1,2a,5d,8f,0a,10,8c,a0,35,b4,70,c3,a5,1e
 

[HKEY_USERS\S-1-5-21-583907252-796845957-1547161642-1003\Software\SecuROM\License information*]

"datasecu"=hex:0c,77,cb,f2,ce,55,c7,09,a5,e2,37,d4,90,92,d1,8d,12,e0,0a,1b,79,

   dc,ae,b6,f3,f6,95,bd,b9,5e,35,b1,80,a3,b6,b5,2f,3a,99,9d,b5,5f,59,1e,c0,a6,\

"rkeysecu"=hex:f7,7f,74,db,01,ed,c2,6a,2d,20,44,cb,8e,aa,d8,b9
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1032)

e:\windows\system32\SETUPAPI.dll

e:\windows\system32\sfc_os.dll

e:\windows\system32\cscui.dll
 

- - - - - - - > 'lsass.exe'(1096)

e:\windows\system32\setupapi.dll

e:\windows\system32\psbase.dll
 

- - - - - - - > 'explorer.exe'(2072)

f:\programme\RocketDock\RocketDock.dll

e:\windows\system32\COMRes.dll

e:\windows\System32\cscui.dll

h:\programme\iTunes\iTunesMiniPlayer.dll

h:\programme\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll

h:\programme\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

e:\windows\system32\LINKINFO.dll

e:\windows\system32\ntshrui.dll

e:\windows\system32\SETUPAPI.dll

e:\windows\system32\NETSHELL.dll

e:\windows\system32\credui.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\stobject.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

e:\programme\Avira\AntiVir Desktop\avguard.exe

e:\programme\Avira\AntiVir Desktop\avshadow.exe

e:\windows\system32\nvsvc32.exe

e:\windows\RTHDCPL.EXE

e:\windows\system32\RUNDLL32.EXE

e:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

e:\programme\Bonjour\mDNSResponder.exe

e:\programme\Java\jre6\bin\jqs.exe

e:\programme\Razer\Arctosa\razertra.exe

e:\windows\system32\PnkBstrA.exe

e:\programme\Skype\Plugin Manager\skypePM.exe

e:\programme\iPod\bin\iPodService.exe

e:\windows\system32\wbem\wmiapsrv.exe

e:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-10-24  16:54:17 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-10-24 14:54
 

Vor Suchlauf: 7 Verzeichnis(se), 262.764.064.768 Bytes frei

Nach Suchlauf: 9 Verzeichnis(se), 262.760.095.744 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=09UDJU /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=09UDJU-BAK
 

- - End Of File - - 2ACDB8F410933BA8608DF511250724B6

--- --- ---

ok hier ist es ^^

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

ok hier ist der Log von GMER

GMER Logfile:

Code:

GMER 1.0.15.15477 - hxxp://www.gmer.net

Rootkit scan 2010-10-24 20:55:30

Windows 5.1.2600 Service Pack 3

Running: iecwdrvj.exe; Driver: E:\DOKUME~1\Raphael\LOKALE~1\Temp\fwdorpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   B86AF23E                                                                                              ZwCreateKey

SSDT   B86AF234                                                                                              ZwCreateThread

SSDT   B86AF243                                                                                              ZwDeleteKey

SSDT   B86AF24D                                                                                              ZwDeleteValueKey

SSDT   B86AF252                                                                                              ZwLoadKey

SSDT   B86AF220                                                                                              ZwOpenProcess

SSDT   B86AF225                                                                                              ZwOpenThread

SSDT   B86AF25C                                                                                              ZwReplaceKey

SSDT   B86AF257                                                                                              ZwRestoreKey

SSDT   B86AF248                                                                                              ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  E:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                              section is writeable [0xB6F09360, 0x3D46A5, 0xE8000020]

?      E:\DOKUME~1\Raphael\LOKALE~1\Temp\mbr.sys                                                             Das System kann die angegebene Datei nicht finden. !

?      E:\Confi.exe\catchme.sys                                                                              Das System kann den angegebenen Pfad nicht finden. !

?      E:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                            Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text  F:\Programme\Tunngle\TnglCtrl.exe[4080] ntdll.dll!DbgBreakPoint                                       7C91120E 1 Byte  [90]
 

---- Registry - GMER 1.0.15 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   0

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x50 0x1A 0x7A 0x6F ...

Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  

Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       0

Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x50 0x1A 0x7A 0x6F ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Und hier des LOG von OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:01:47 on 24.10.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Google Inc. Google Chrome 0.0.0.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AdobeAAMUpdater-1.0-RAPHYSPC-Raphael.job" - "Adobe Systems Incorporated" - E:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

"AppleSoftwareUpdate.job" - "Apple Inc." - E:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003Core.job" - "Google Inc." - E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003UA.job" - "Google Inc." - E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

"WGASetup.job" - "Microsoft Corporation" - E:\WINDOWS\system32\KB905474\wgasetup.exe

-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----

"CScript" - "Microsoft Corporation" - E:\WINDOWS\System32\cscript.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"access.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\access.cpl

"Arctosa.cpl" - "Razer Inc." - E:\WINDOWS\system32\Arctosa.cpl

"desk.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\desk.cpl

"hdwwiz.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\hdwwiz.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\infocardcpl.cpl

"intl.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\intl.cpl

"irprops.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\irprops.cpl

"javacpl.cpl" - "Oracle" - E:\WINDOWS\system32\javacpl.cpl

"joy.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\joy.cpl

"main.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\main.cpl

"mmsys.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\mmsys.cpl

"ncpa.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\ncpa.cpl

"nusrmgr.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\nusrmgr.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvtuicpl.cpl

"odbccp32.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\odbccp32.cpl

"powercfg.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\powercfg.cpl

"sysdm.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\sysdm.cpl

"telephon.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\telephon.cpl

"timedate.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\timedate.cpl

"wscui.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\wscui.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal" - "Avira GmbH" - E:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"mlcfg32.cpl" - "Microsoft Corporation" - E:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - E:\Programme\QuickTime\QTSystem\QuickTime.cpl

"Speech" - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avipbb.sys

"Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - E:\WINDOWS\system32\drivers\TBPANEL.SYS

"catchme" (catchme) - ? - E:\Confi.exe\catchme.sys  (File not found)

"Changer" (Changer) - ? - E:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - E:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"fwdorpow" (fwdorpow) - ? - E:\DOKUME~1\Raphael\LOKALE~1\Temp\fwdorpow.sys  (Hidden registry entry, rootkit activity | File not found)

"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - E:\WINDOWS\gdrv.sys

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - E:\WINDOWS\System32\DRIVERS\hamachi.sys

"i2omgmt" (i2omgmt) - ? - E:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - E:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - E:\DOKUME~1\Raphael\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCIDump" (PCIDump) - ? - E:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - E:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - E:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - E:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - E:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - E:\WINDOWS\System32\DRIVERS\tap0901t.sys

"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - E:\WINDOWS\system32\drivers\TBPanel.sys

"VClone" (VClone) - "Elaborate Bytes AG" - E:\WINDOWS\System32\DRIVERS\VClone.sys

"WDICA" (WDICA) - ? - E:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll

{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - E:\WINDOWS\system32\itss.dll

{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - E:\WINDOWS\system32\itss.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----

{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - E:\Programme\Outlook Express\wabfind.dll

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - F:\Programme\7-Zip\7-zip.dll

{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - E:\WINDOWS\system32\syncui.dll

{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - E:\WINDOWS\system32\netplwiz.dll

{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - E:\WINDOWS\system32\netplwiz.dll

{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - E:\WINDOWS\system32\zipfldr.dll

{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - E:\WINDOWS\system32\zipfldr.dll

{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - E:\WINDOWS\system32\zipfldr.dll

{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - E:\WINDOWS\system32\deskmon.dll

{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - E:\WINDOWS\system32\deskadp.dll

{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvcpl.dll

{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - E:\WINDOWS\system32\dsuiext.dll

{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - E:\WINDOWS\system32\dsquery.dll

{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - E:\WINDOWS\system32\dsuiext.dll

{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - E:\WINDOWS\system32\dsquery.dll

{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - E:\WINDOWS\system32\dsquery.dll

{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - E:\WINDOWS\system32\deskperf.dll

{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - E:\WINDOWS\system32\photowiz.dll

{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - E:\WINDOWS\system32\mmsys.cpl

{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - E:\WINDOWS\system32\diskcopy.dll

{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - E:\WINDOWS\System32\mmcshext.dll

{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - E:\WINDOWS\system32\mstask.dll

{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{EFA24E62-B078-11d0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - E:\WINDOWS\system32\hticons.dll

{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - E:\WINDOWS\system32\icmui.dll

{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - E:\WINDOWS\system32\icmui.dll

{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - E:\WINDOWS\System32\icmui.dll

{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - E:\WINDOWS\system32\icmui.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll

{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - E:\WINDOWS\system32\cabview.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - E:\WINDOWS\system32\msieftp.dll

{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - E:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - E:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - E:\WINDOWS\system32\mydocs.dll

{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - E:\WINDOWS\system32\mydocs.dll

{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - E:\WINDOWS\system32\mydocs.dll

{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - E:\WINDOWS\system32\NETSHELL.dll

{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - E:\WINDOWS\system32\NETSHELL.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - E:\WINDOWS\system32\nvshell.dll

{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - E:\WINDOWS\System32\cscui.dll

{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - E:\WINDOWS\System32\cscui.dll

{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - E:\WINDOWS\System32\cscui.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - E:\WINDOWS\system32\netplwiz.dll

{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - E:\WINDOWS\system32\themeui.dll

{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - E:\WINDOWS\system32\remotepg.dll

{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - E:\WINDOWS\system32\wiashext.dll

{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - E:\WINDOWS\system32\wiashext.dll

{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - E:\WINDOWS\system32\wiashext.dll

{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - E:\WINDOWS\system32\wiashext.dll

{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - E:\WINDOWS\system32\wiashext.dll

{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - E:\WINDOWS\system32\mstask.dll

{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - E:\WINDOWS\system32\mstask.dll

{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - E:\WINDOWS\system32\fontext.dll

{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - E:\WINDOWS\system32\sendmail.dll

{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - E:\WINDOWS\system32\sendmail.dll

{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - E:\WINDOWS\system32\dfshim.dll

{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

{00BB2763-6A77-11D0-A535-00C04FD7D062} "Shell Microsoft AutoComplete" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - E:\WINDOWS\system32\dsquery.dll

{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - E:\WINDOWS\system32\shscrap.dll

{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - E:\WINDOWS\system32\printui.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - E:\WINDOWS\system32\ntshrui.dll

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - E:\WINDOWS\system32\ntshrui.dll

{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - E:\WINDOWS\system32\ntlanui2.dll

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - E:\WINDOWS\system32\dfshim.dll

{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - E:\WINDOWS\system32\netplwiz.dll

{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - F:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - E:\WINDOWS\system32\browseui.dll

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll

{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - E:\WINDOWS\system32\netplwiz.dll

{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - E:\WINDOWS\system32\shdocvw.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Programme\WinRAR\rarext.dll

{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - E:\WINDOWS\system32\shimgvw.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - E:\WINDOWS\system32\stobject.dll

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - E:\WINDOWS\system32\webcheck.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - E:\Programme\softonic-de3\tbsoft.dll

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - E:\Programme\ICQ6Toolbar\ICQToolBar.dll

{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - E:\Programme\softonic-de3\tbsoft.dll

 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"ICQ7.2" - "ICQ, LLC." - E:\Programme\ICQ7.2\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - E:\Programme\ICQ6Toolbar\ICQToolBar.dll

{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - E:\Programme\softonic-de3\tbsoft.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - E:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - E:\Programme\softonic-de3\tbsoft.dll
 

[Known DLLs]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----

"comdlg32" - "Microsoft Corporation" - E:\WINDOWS\system32\comdlg32.dll

"url" - "Microsoft Corporation" - E:\WINDOWS\system32\url.dll

"user32" - "Microsoft Corporation" - E:\WINDOWS\system32\user32.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----

"SecurityProviders" - "Microsoft Corporation" - E:\WINDOWS\system32\digest.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - E:\Dokumente und Einstellungen\Raphael\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ccleaner" - "Piriform Ltd" - "F:\Programme\CCleaner\CCleaner.exe" /AUTO

"RocketDock" - ? - "F:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)

"Skype" - "Skype Technologies S.A." - "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

"Steam" - "Valve Corporation" - "f:\programme\steam\steam.exe" -silent

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"Shell" - "Microsoft Corporation" - E:\WINDOWS\Explorer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Arctosa" - "Razer USA Ltd." - "E:\Programme\Razer\Arctosa\razerhid.exe"

"avgnt" - "Avira GmbH" - "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"GrooveMonitor" - "Microsoft Corporation" - "E:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

"iTunesHelper" - "Apple Inc." - "H:\Programme\iTunes\iTunesHelper.exe"

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - E:\WINDOWS\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - E:\WINDOWS\system32\clipsrv.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - E:\Programme\Bonjour\mDNSResponder.exe

"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - H:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

"GEST Service for program management." (GEST Service) - ? - E:\Programme\GIGABYTE\EnergySaver\GSvr.exe  (File found, but it contains no detailed information)

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - E:\Programme\Google\Update\GoogleUpdate.exe

"ICQ Service" (ICQ Service) - ? - E:\Programme\ICQ6Toolbar\ICQ Service.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - E:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - E:\Programme\Java\jre6\bin\jqs.exe

"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - F:\Programme\LogMeIn Hamachi\hamachi-2.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - E:\Programme\Microsoft Office\Office12\GrooveAuditService.exe

"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - E:\WINDOWS\system32\mnmsrvc.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - E:\WINDOWS\system32\nvsvc32.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - E:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - E:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe

"TunngleService" (TunngleService) - "Tunngle.net GmbH" - F:\Programme\Tunngle\TnglCtrl.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Installer" (MSIServer) - "Microsoft Corporation" - E:\WINDOWS\system32\msiexec.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - ? - E:\WINDOWS\system32\NIWRAD~1.SCR  (File found, but it contains no detailed information)

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"UIHost" - "Microsoft Corporation" - E:\WINDOWS\system32\logonui.exe

"VmApplet" - "Microsoft Corporation" - E:\WINDOWS\system32\sysdm.cpl

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - E:\WINDOWS\system32\gptext.dll

{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - E:\WINDOWS\system32\gptext.dll

{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - E:\WINDOWS\System32\cscui.dll

{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - E:\WINDOWS\system32\gptext.dll

{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - E:\WINDOWS\system32\gptext.dll

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"cscdll" - "Microsoft Corporation" - E:\WINDOWS\system32\cscdll.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - E:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und hier der MBR Check Log File:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F78000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F67000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F48000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F22000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F0A000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEA000 fltMgr.sys
0xB7ED8000 sr.sys
0xB7EC1000 KSecDD.sys
0xB7E34000 Ntfs.sys
0xB7E07000 NDIS.sys
0xB7DED000 Mup.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6F09000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6EF5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8438000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6ED1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8440000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6EA9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6E86000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB6E69000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8450000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8570000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6E55000 \SystemRoot\system32\DRIVERS\parport.sys
0xB86D4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E3E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8308000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8458000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6E2D000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8318000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8118000 \SystemRoot\system32\DRIVERS\tap0901t.sys
0xB8470000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB6DFD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8128000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8138000 \SystemRoot\system32\DRIVERS\VClone.sys
0xB6DE5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xB85C6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6D87000 \SystemRoot\system32\DRIVERS\update.sys
0xB8590000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8168000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB43AB000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4387000 \SystemRoot\system32\drivers\portcls.sys
0xB8178000 \SystemRoot\system32\drivers\drmk.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8694000 \SystemRoot\System32\Drivers\Null.SYS
0xB85CE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB84B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8350000 \SystemRoot\System32\drivers\vga.sys
0xB85D0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85D2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8390000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8398000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB69D4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4264000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB420B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB41E3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB41BD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB419B000 \SystemRoot\System32\drivers\afd.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB4170000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4100000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB81D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB83A8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB40B6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB85D6000 \??\E:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB58A0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8218000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83B8000 \SystemRoot\System32\Drivers\Arctosa.sys
0xB42E3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB42D7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\SaiU5F0D.sys
0xB4012000 \SystemRoot\system32\DRIVERS\SaiH5F0D.sys
0xB8238000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3FFA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85DE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB42BB000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83D0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8766000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3C05000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3D16000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3948000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3DBA000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3805000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8642000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8644000 \SystemRoot\System32\Drivers\TBPanel.SYS
0xB2682000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4086000 \??\E:\DOKUME~1\Raphael\LOKALE~1\Temp\mbr.sys
0xB203B000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3A71000 \??\E:\WINDOWS\gdrv.sys
0xB8430000 \??\E:\Confi.exe\catchme.sys
0xB8656000 \??\E:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x9A9A8000 \??\E:\DOKUME~1\Raphael\LOKALE~1\Temp\fwdorpow.sys
0x9A97D000 \SystemRoot\system32\drivers\kmixer.sys
0xAB22F000 \SystemRoot\system32\drivers\splitter.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
944 E:\WINDOWS\system32\smss.exe
1008 csrss.exe
1032 E:\WINDOWS\system32\winlogon.exe
1084 E:\WINDOWS\system32\services.exe
1096 E:\WINDOWS\system32\lsass.exe
1272 E:\Programme\Avira\AntiVir Desktop\avguard.exe
1604 E:\Programme\Avira\AntiVir Desktop\avshadow.exe
1772 E:\WINDOWS\system32\nvsvc32.exe
1804 E:\WINDOWS\system32\svchost.exe
1876 svchost.exe
480 E:\WINDOWS\system32\svchost.exe
656 svchost.exe
836 svchost.exe
1052 E:\WINDOWS\system32\spoolsv.exe
1296 E:\Programme\Avira\AntiVir Desktop\sched.exe
1540 svchost.exe
1564 E:\WINDOWS\RTHDCPL.EXE
1828 E:\WINDOWS\system32\rundll32.exe
1952 E:\Programme\Razer\Arctosa\razerhid.exe
1960 E:\Programme\Avira\AntiVir Desktop\avgnt.exe
1984 E:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
124 H:\Programme\iTunes\iTunesHelper.exe
828 F:\Programme\RocketDock\RocketDock.exe
312 E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
740 E:\Programme\Bonjour\mDNSResponder.exe
316 E:\Programme\GIGABYTE\EnergySaver\GSvr.exe
268 F:\Programme\LogMeIn Hamachi\hamachi-2.exe
2304 E:\Programme\ICQ6Toolbar\ICQ Service.exe
2732 E:\Programme\Java\jre6\bin\jqs.exe
2952 E:\Programme\Razer\Arctosa\razertra.exe
3468 E:\WINDOWS\system32\PnkBstrA.exe
4080 F:\Programme\Tunngle\TnglCtrl.exe
3868 E:\WINDOWS\system32\ctfmon.exe
4032 E:\Programme\iPod\bin\iPodService.exe
3056 E:\WINDOWS\system32\wbem\wmiapsrv.exe
744 alg.exe
1560 E:\WINDOWS\system32\svchost.exe
2072 E:\WINDOWS\explorer.exe
3828 E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
2324 H:\Programme\iTunes\iTunes.exe
2972 E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
4036 E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe
1484 E:\Programme\Skype\Phone\Skype.exe
308 E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
2556 E:\Programme\Skype\Plugin Manager\skypePM.exe
2584 E:\WINDOWS\system32\notepad.exe
3348 E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000003d`09100000 (NTFS)

PhysicalDrive1 Model Number: WDCWD3200AAJS-00L7A0, Rev: 01.03E01
PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA31B

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!