Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mein Trojan.Generic 3580153 (https://www.trojaner-board.de/84947-trojan-generic-3580153-a.html)

Sashlyrics 15.04.2010 18:53
Mein Trojan.Generic 3580153
 
Hallo, bin bezüglich Viren, Trojanern etc. noch ein ziemlicher Neuling, doch seit ca. 1 Woche nervt mich und mein Internet (laut Bitdefender) der Trojan.Generic 3580153, da mein Virenprogramm ausgelaufen ist und ich nicht sofort reagiert habe.
Laut Bitdefender befindet er sich im system 32, genauer Pfad der Datei:

C:\WINDOWS\system32\cfqrufu.dll
Weiters existiert neben dieser cfqrufu.dll Datei eine cfqrufu.bak Datei,
die sich beide nicht manuell, sowie auch nicht mit dem Bitdefender, AdAware und dem McAffee Stinger löschen oder wenigstens in Quarantäne befördern lassen.
Hab mir also den HiJackThis runtergeladen, hier der Log:

--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:18, on 15.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\DOKUME~1\sascha\LOKALE~1\Temp\Lsr.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\Llozia.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search13.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F754FF01-84BC-40F7-B262-A66BCD5D133C} - c:\windows\system32\cfqrufu.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [StartServiceFTFDHFHP] "C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [CursorFX] "C:\Programme\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [StartServiceFTFDHFHP] "C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe"
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOKUME~1\sascha\LOKALE~1\Temp\Lsr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Search - hxxp://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000343&p=ZKfox000&si=&a=ZN9rs7RLuz3WSG2i26Dvwg&n=2010040909
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxxp://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A86B0AF-47F0-44D5-BD21-C76CF655C07C}: NameServer = 195.3.96.67,195.3.96.68
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: 1226230772 (.1226230772) - Unknown owner - C:\Programme\1226230772\sash1226230772L.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. hxxp://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 12922 bytes

------------------

Ich hoffe mir kann jemand helfen, brauche den PC dringend für die Schule und möchte weitgehendst ein neu aufsetzen vermeiden aufgrund der vielen Daten die es zu verschieben gäbe.
Wäre nett, Danke!

Sion 15.04.2010 21:32
1. http://www.trojaner-board.de/51187-a...i-malware.html
Log posten.

2. http://www.trojaner-board.de/74908-a...t-scanner.html
Log posten.

3. Hol dir OTL
Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt

Sashlyrics 17.04.2010 14:21
Scanne mit GMER nun seit fast 24 Stunden - ist das normal?

Die Logs folgen noch.

Sion 17.04.2010 16:38
Zitat:
Scanne mit GMER nun seit fast 24 Stunden - ist das normal?
Nein. Brich es ab und poste erstmal die anderen Logs.

Sashlyrics 17.04.2010 20:47
ok,
OTL
Code:
OOTL Extras logfile created on: 17.04.2010 21:20:08 - Run 1
OTL by OldTimer - Version 3.2.1.1    Folder = C:\Dokumente und Einstellungen\sascha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3069 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 17,54 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 46,21 Gb Free Space | 19,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 233,75 Gb Total Space | 19,83 Gb Free Space | 8,48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SASH
Current User Name: sascha
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\EA Sports\FIFA 09\FIFA09.exe" = C:\Programme\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09 -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\StreamTorrent 1.0\StreamTorrent.exe" = C:\Programme\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player -- (StreamTorrent)
"C:\Programme\EA Sports\FIFA 10\FIFA10.exe" = C:\Programme\EA Sports\FIFA 10\FIFA10.exe:*:Enabled:FIFA10 -- ()
"C:\Dokumente und Einstellungen\sascha\Desktop\u96\u96.exe" = C:\Dokumente und Einstellungen\sascha\Desktop\u96\u96.exe:*:Enabled:u96 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}" = Skins
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}" = CCC Help English
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4816702A-0879-4499-0085-ACFC0F65E811}" = NHL 2004
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}" = ccc-core-preinstall
"{5073A543-C332-45DA-B1E8-01C84574F790}_is1" = Fussball Manager Editor 1.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{568161BB-4D77-4534-AB92-55040CD92798}" = Panda Internet Security 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}" = Catalyst Control Center Graphics Full New
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{853456BB-0205-11D6-AC30-0020E06CCE77}" = Desktop Dreamscapes
"{88F92798-59AB-474F-B40D-1EC5F782F7EE}" = Ulead VideoStudio 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{8D6EC7D6-E71D-8743-1396-591F4195F347}" = Catalyst Control Center Graphics Light
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}" = ccc-core-static
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8C8EF21-88F1-4845-A0BF-5B2D66B5DD33}_is1" = Texas Hold'em Poker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B38C3184-F573-CDC2-9452-FA9C576AB010}" = ccc-utility
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}" = Catalyst Control Center Graphics Previews Common
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}" = Catalyst Control Center Core Implementation
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E601665F-7D55-4983-AA72-43551164FC03}" = ActiveDolls
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F58A58EB-3BD6-48A6-0096-1928C5A9DAE7}" = NHL® 2003
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"auxilium 3.1 light_is1" = auxilium 3.1 light
"Creation Master 10_is1" = Creation Master 10 Beta 4
"CursorFX" = CursorFX
"DF CrcSfv_is1" = DF CrcSfv 1.3
"EA Download Manager" = EA Download Manager
"Easy GIF Animator_is1" = Easy GIF Animator 5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FIFA 09 FAT Rebuilder" = FIFA 09 FAT Rebuilder
"FIFA RTWC 98" = FIFA RTWC 98
"FLV Player" = FLV Player 2.0 (build 25)
"Folder Access 2.1 Free Version" = Folder Access 2.1 Free Version
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IsoBuster_is1" = IsoBuster 2.5.5
"LastFM_is1" = Last.fm 1.5.4.24567
"LEGO Racers" = LEGO Racers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MetallicShades" = Metallic Shades 2.0 Visual Style
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MultiRes (remove only)" = MultiRes (remove only)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"Quest3DVirtual Hottie 2" = Virtual Hottie 2
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"Skispringen 2007_0001" = Skispringen 2007
"SopCast" = SopCast 3.0.3
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"UCL Popups by CJD 17(Fifa-Evolution)" = UCL Popups by CJD 17(Fifa-Evolution)
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.16
"VexcastPlayer2.0" = VexcastPlayer2.0
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zatacka_is1" = Zatacka 0.1.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"gso-ORF_MAIN" = Das Rennen - GSO
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"Sky Patch 10" = Sky Patch 10
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2010 10:10:57 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 17.04.2010 10:20:11 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 17.04.2010 11:43:24 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 17.04.2010 12:06:30 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 17.04.2010 13:35:59 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 17.04.2010 13:45:00 | Computer Name = SASH | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 17.04.2010 14:45:11 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
 
Error - 17.04.2010 14:45:11 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
 
Error - 17.04.2010 14:51:01 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
 
Error - 17.04.2010 14:51:01 | Computer Name = SASH | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung startservice.exe, Version 6.35.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x011517ee.
 
[ OSession Events ]
Error - 15.07.2009 13:24:38 | Computer Name = SASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.04.2010 18:48:51 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session  - Failed to load the library
 
Error - 08.04.2010 18:48:58 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session  - Failed to load the library
 
Error - 08.04.2010 18:49:07 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session  - Failed to load the library
 
Error - 08.04.2010 18:49:31 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session  - Failed to load the library
 
Error - 08.04.2010 18:49:33 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session  - Failed to load the library
 
Error - 08.04.2010 18:53:23 | Computer Name = SASH | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session  - Failed to load the library
 
Error - 10.04.2010 23:45:38 | Computer Name = SASH | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RENE",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9A86B0AF-47F0-44D5-BD21-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 11.04.2010 03:03:08 | Computer Name = SASH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "1226230772" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 11.04.2010 03:03:08 | Computer Name = SASH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRSDRV" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 11.04.2010 10:00:00 | Computer Name = SASH | Source = Schedule | ID = 7901
Description = Der Befehl "At41.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
 werden:  %%2147942402
 
 
< End of report >
Mbam log:

Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3993

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15.04.2010 23:52:55
mbam-log-2010-04-15 (23-52-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115702
Laufzeit: 18 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 1
Infizierte Dateien: 18

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Llozia.exe (Trojan.FraudPack.Gen) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f754ff01-84bc-40f7-b262-a66bcd5d133c} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f754ff01-84bc-40f7-b262-a66bcd5d133c} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search13.net/) Good: (hxxp://www.Google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infizierte Dateien:
c:\WINDOWS\system32\cfqrufu.dll (Trojan.BHO.H) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Llozia.exe (Trojan.FraudPack.Gen) -> No action taken.
C:\Programme\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsp.exe (Trojan.Fraudpack) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsq.exe (Trojan.FraudPack.Gen) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\40.tmp (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\32.tmp (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\39.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\34.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\3A.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\42.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\svye.tmp\svchost.exe (Trojan.Zbot) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Sion 17.04.2010 20:54
Hast du die Funde von Malwarebytes entfernen lassen? Wenn nicht - nachholen.
Es fehlt außerdem die OTL.txt (OTL erstellt zwei Logs).

Sashlyrics 17.04.2010 21:54
Sorry, hab vergessen den zu posten:

Code:
OTL logfile created on: 17.04.2010 21:20:08 - Run 1
OTL by OldTimer - Version 3.2.1.1    Folder = C:\Dokumente und Einstellungen\sascha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3069 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 17,54 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 46,21 Gb Free Space | 19,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 233,75 Gb Total Space | 19,83 Gb Free Space | 8,48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SASH
Current User Name: sascha
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.04.15 23:24:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe
PRC - [2010.04.14 14:53:54 | 000,154,624 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe
PRC - [2010.04.14 14:53:52 | 000,160,256 | ---- | M] () -- C:\WINDOWS\Llozia.exe
PRC - [2010.04.12 23:55:58 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2010.04.12 23:55:51 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2010.04.12 23:55:23 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2010.03.18 09:12:20 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009.12.22 19:43:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006.07.03 16:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.04.15 23:24:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (SpyHunter 4 Service)
SRV - File not found [Auto | Stopped] --  -- (LckFldService)
SRV - File not found [Auto | Stopped] --  -- (.1226230772)
SRV - [2010.04.14 19:14:01 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.04.12 23:55:58 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2010.04.12 23:55:51 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2010.04.12 23:54:26 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010.01.25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.09.24 04:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.07.17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006.07.03 16:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Running] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004.08.10 21:00:00 | 000,112,128 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\cfqrufu.dll -- (jxhbwamg)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search13.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search13.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search13.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C CA 50 16 3B 77 FC 43 84 B7 1E D2 96 0B EC EE  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search13.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search13.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search13.net/search.php?clid=486&q="
FF - prefs.js..browser.search.selectedEngine: "Google (Language: DE)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA81}:1.0.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {D249FD00-4DF9-11D9-9FDC-0080481ADA61}:1.2.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.22
FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.ftp: "216.114.194.18"
FF - prefs.js..network.proxy.ftp_port: 7212
FF - prefs.js..network.proxy.http: "216.114.194.18"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.ssl: "216.114.194.18"
FF - prefs.js..network.proxy.ssl_port: 7212
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\FFToolbar\ [2010.04.13 00:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.12 18:46:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.02.12 15:52:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\tbextension\ [2010.04.12 18:46:00 | 000,000,000 | ---D | M]
 
[2008.11.09 20:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Extensions
[2010.04.17 20:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions
[2010.01.23 13:30:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.02.11 17:59:29 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009.11.22 20:54:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.01.23 13:30:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.01.23 13:30:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.01.23 13:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA81}
[2010.03.20 21:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2009.10.06 17:14:30 | 000,000,000 | ---D | M] (FBFan) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010.02.09 10:57:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.03.21 09:28:32 | 000,000,000 | ---D | M] (U Flv) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2009.07.25 20:48:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.08.20 16:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{bf591015-b599-4125-9428-3cb746ddca31}
[2009.11.22 20:54:01 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.12.27 21:28:06 | 000,000,000 | ---D | M] (MetaProducts Integration) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
[2010.02.09 05:10:48 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.01.23 22:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\firefox@facebook.com
[2009.03.28 14:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\moveplayer@movenetworks.com
[2010.03.20 21:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\extensions\staged-xpis
[2010.01.30 21:28:27 | 000,001,805 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\google-language-de.xml
[2009.09.11 04:11:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-2.xml
[2009.10.29 19:09:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-3.xml
[2009.12.17 17:39:48 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-4.xml
[2010.01.07 02:08:42 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-5.xml
[2010.01.07 18:55:19 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin-6.xml
[2009.07.27 09:54:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\kkokuipl.default\searchplugins\icqplugin.xml
[2010.04.12 19:16:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.12 23:55:37 | 000,065,536 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\FFComm.dll
[2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.15 18:36:11 | 000,000,164 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: () - {F754FF01-84BC-40F7-B262-A66BCD5D133C} - C:\WINDOWS\system32\cfqrufu.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe File not found
O4 - HKLM..\Run: [AtiPTA]  File not found
O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [ccApp]  File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask    .exe (Apple Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe File not found
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
O4 - HKLM..\Run: [StartServiceFTFDHFHP] C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe File not found
O4 - HKCU..\Run: [CursorFX] C:\Programme\Stardock\CursorFX\CursorFX.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [QZAIB7KITK] C:\WINDOWS\Llozia.exe ()
O4 - HKCU..\Run: [StartServiceFTFDHFHP] C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP\StartService.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Temp\Lsr.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\sascha\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\Stylish Profile\ct.htm File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.09 13:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.06.25 13:40:39 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{57d47600-3fac-11de-a937-00195b76e5f1}\Shell\AutoRun\command - "" = F:\.\dth_player.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004.08.04 00:58:20 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: jxhbwamg - C:\WINDOWS\system32\cfqrufu.dll ()
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.11.09 14:01:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010.04.15 23:33:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Malwarebytes
[2010.04.15 23:32:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.15 23:32:12 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.15 23:32:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.15 23:32:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.15 23:24:41 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe
[2010.04.15 19:30:02 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.15 19:20:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.14 19:15:02 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.04.14 19:14:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.04.14 19:10:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.14 19:10:07 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.04.14 19:10:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2010.04.14 15:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.04.14 15:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.04.14 15:16:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2010.04.14 15:13:57 | 000,487,320 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\sascha\Desktop\SpyHunter-Installer.exe
[2010.04.14 14:53:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\FTFDHFHP
[2010.04.13 18:37:26 | 007,975,431 | ---- | C] (McAfee Inc.) -- C:\Dokumente und Einstellungen\sascha\Desktop\stinger1010838.exe
[2010.04.12 23:56:55 | 000,228,672 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.bak
[2010.04.12 23:56:55 | 000,108,864 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.bak
[2010.04.12 23:56:55 | 000,102,208 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
[2010.04.12 23:56:54 | 000,082,568 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys.bak
[2010.04.12 20:59:31 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010.04.12 18:46:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\BitDefender
[2010.04.11 23:15:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2010.04.11 23:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.04.11 20:08:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\NHL 2004
[2010.04.11 20:07:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\nhl2004-nocd-1_0-ENG
[2010.04.11 19:36:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\Symantec
[2010.04.11 18:47:42 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Pro
[2010.04.11 18:47:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\DAEMON Tools Pro
[2010.04.11 18:47:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010.04.11 15:55:12 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.04.11 15:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.04.11 15:23:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\nhl2004key
[2010.04.11 10:49:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\NHL 2003
[2010.04.11 10:49:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\NO-CD_Crack_NHL_2003_Deutsch_by_Flash
[2010.04.11 09:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.04.11 09:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.04.10 22:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\NH03
[2010.04.10 20:49:34 | 000,000,000 | ---D | C] -- C:\Programme\Intelore
[2010.04.09 15:06:01 | 000,759,288 | ---- | C] (MyWebSearch.com) -- C:\Programme\Uninstall Fun Web Products.dll
[2010.04.09 14:48:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\Vice City stuff
[2010.04.09 00:54:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Desktop\NHL
[2010.04.08 23:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\Ulead VideoStudio
[2010.04.08 23:26:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Ulead Systems
[2010.04.08 20:49:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SONY Digital Images
[2010.04.08 20:48:45 | 000,000,000 | ---D | C] -- C:\SmartSound Software
[2010.04.08 20:47:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Quicktime
[2010.04.08 20:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2010.04.08 20:47:21 | 000,000,000 | ---D | C] -- C:\Programme\SmartSound Software
[2010.04.08 20:46:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010.04.08 20:46:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010.04.08 20:45:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime
[2010.04.08 20:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media-Komponenten
[2010.04.08 20:42:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Ulead Systems
[2010.04.08 20:42:06 | 000,000,000 | ---D | C] -- C:\Programme\Ulead Systems
[2010.04.08 20:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010.04.07 17:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys
[2010.01.06 07:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.01.06 07:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.12.24 14:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\nagasoft
[2008.11.27 18:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Rapidbar
[2008.11.13 18:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2008.11.10 22:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.11.09 13:49:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[35 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2010.12.15 21:04:36 | 000,022,150 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\_Organik
[2010.04.17 21:17:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.17 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010.04.17 20:55:21 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{9A86B0AF-47F0-44D5-BD21-C76CF655C07C}
[2010.04.17 20:54:05 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.17 20:51:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.17 20:50:24 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.04.17 20:50:16 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.17 20:50:11 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.17 20:50:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.17 20:49:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.17 20:44:54 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for sascha.job
[2010.04.17 07:47:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.04.17 07:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010.04.17 06:47:36 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.04.17 06:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010.04.17 05:47:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.04.17 05:03:54 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010.04.17 04:47:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.04.17 04:03:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010.04.17 03:47:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.04.17 03:27:26 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010.04.17 03:21:43 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.04.17 03:10:28 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010.04.17 03:04:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.04.17 02:43:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010.04.17 02:36:26 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.04.17 02:30:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010.04.17 00:05:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.04.16 23:56:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010.04.16 23:42:23 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.04.16 23:26:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010.04.16 23:13:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.04.16 20:50:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.04.16 20:06:21 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010.04.16 19:53:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.04.16 19:19:57 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010.04.16 19:02:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.04.16 18:27:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010.04.16 18:07:48 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.04.16 17:39:15 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010.04.16 17:02:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.04.16 16:02:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010.04.16 15:46:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.04.16 14:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.04.16 00:17:01 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\sascha\NTUSER.DAT
[2010.04.16 00:00:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.16 00:00:34 | 000,051,200 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 23:32:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.15 23:25:15 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\ztfmh2mu.exe
[2010.04.15 23:24:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sascha\Desktop\OTL.exe
[2010.04.15 19:30:03 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\HijackThis.lnk
[2010.04.15 18:36:11 | 000,000,164 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.15 09:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010.04.15 08:44:01 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\sascha\ntuser.ini
[2010.04.14 19:15:57 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010.04.14 19:14:55 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.04.14 19:14:49 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.14 19:10:21 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.04.14 15:13:57 | 000,487,320 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\sascha\Desktop\SpyHunter-Installer.exe
[2010.04.14 15:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010.04.14 14:53:52 | 000,160,256 | ---- | M] () -- C:\WINDOWS\Llozia.exe
[2010.04.14 14:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010.04.14 13:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.04.14 13:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010.04.14 12:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.04.14 12:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010.04.14 11:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.04.14 11:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010.04.14 10:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.04.14 10:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010.04.14 09:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.04.14 08:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.04.13 18:27:04 | 007,975,431 | ---- | M] (McAfee Inc.) -- C:\Dokumente und Einstellungen\sascha\Desktop\stinger1010838.exe
[2010.04.13 18:17:41 | 002,128,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.12 23:55:54 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010.04.12 23:55:54 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\txmlutil.dll
[2010.04.12 23:55:53 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2010.04.12 23:55:53 | 000,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010.04.12 23:55:53 | 000,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys
[2010.04.12 23:26:28 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vx1266MA.dat
[2010.04.12 18:46:22 | 000,001,833 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BitDefender Total Security 2009.lnk
[2010.04.12 00:21:14 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.11 22:33:37 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010.04.11 19:12:13 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL 2004.lnk
[2010.04.11 19:05:34 | 000,000,654 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010.04.11 18:47:48 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.11 15:54:50 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010.04.11 09:38:20 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL® 2003.lnk
[2010.04.11 09:02:51 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.09 15:02:46 | 000,759,288 | ---- | M] (MyWebSearch.com) -- C:\Programme\Uninstall Fun Web Products.dll
[2010.04.08 22:23:15 | 000,085,240 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.04.08 21:22:58 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.08 20:44:30 | 000,001,794 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ulead VideoStudio 9.lnk
[2010.04.08 17:27:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.05 23:05:17 | 000,044,297 | ---- | M] () -- C:\Dokumente und Einstellungen\sascha\Desktop\Elektrochemie_Rechenuebung1.pdf
[2010.04.05 20:04:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[35 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.15 21:04:36 | 000,022,150 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Eigene Dateien\_Organik
[2010.04.15 23:32:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.15 23:25:14 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Desktop\ztfmh2mu.exe
[2010.04.15 19:30:03 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Desktop\HijackThis.lnk
[2010.04.14 22:55:37 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.14 19:15:55 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.14 19:10:21 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.04.14 14:53:57 | 000,160,256 | ---- | C] () -- C:\WINDOWS\Llozia.exe
[2010.04.14 14:53:56 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.14 14:53:53 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.12 23:26:34 | 000,071,170 | ---- | C] () -- C:\WINDOWS\Fonts\aAYrks.com_
[2010.04.12 18:46:22 | 000,001,833 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BitDefender Total Security 2009.lnk
[2010.04.12 05:57:13 | 000,003,822 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\F754FF01-84BC-40F7-B262-A66BCD5D133C.txt
[2010.04.11 19:12:13 | 000,001,639 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL 2004.lnk
[2010.04.11 15:55:53 | 000,003,822 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\F754FF01-84BC-40F7-B262-A66BCD5D133C.txt
[2010.04.11 15:54:51 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vx1266MA.dat
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.04.11 15:49:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.04.11 15:49:15 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.04.11 10:26:02 | 000,005,076 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\F754FF01-84BC-40F7-B262-A66BCD5D133C.txt
[2010.04.11 09:38:19 | 000,001,639 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NHL® 2003.lnk
[2010.04.11 09:33:31 | 000,000,654 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.04.08 20:44:29 | 000,001,794 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ulead VideoStudio 9.lnk
[2010.04.05 23:05:16 | 000,044,297 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Desktop\Elektrochemie_Rechenuebung1.pdf
[2010.03.26 16:15:18 | 000,708,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.03.19 22:17:58 | 000,002,300 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\.recently-used.xbel
[2010.01.27 00:08:10 | 000,008,627 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\PAV_FOG.OPC
[2010.01.24 15:43:02 | 000,000,376 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdatenprivacy.xml
[2009.11.24 05:20:33 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\PUTTY.RND
[2009.11.01 01:39:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Mlkf.dll
[2009.10.28 15:10:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.08.20 13:32:10 | 000,000,259 | ---- | C] () -- C:\WINDOWS\WET.INI
[2009.08.07 01:49:50 | 000,000,059 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\GoodnightTimer.ini
[2009.07.14 10:55:04 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.06.14 22:53:33 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.06.14 22:53:32 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.05.29 23:29:38 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SK STURM-PowerWorld.ini
[2009.01.27 23:04:14 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2008.12.15 00:04:44 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.11.30 19:27:51 | 000,000,110 | ---- | C] () -- C:\WINDOWS\csmash.ini
[2008.11.17 01:12:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.14 02:14:05 | 000,051,200 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.11 01:08:31 | 000,021,691 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\CCCInstall_200811110008314531.log
[2008.11.09 15:37:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.11.09 15:03:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.11.09 15:03:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.11.09 15:03:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.11.09 15:03:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.11.09 15:03:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.11.09 15:03:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.11.09 15:02:51 | 000,000,180 | R--- | C] () -- C:\WINDOWS\Option.ini
[2008.11.09 14:58:46 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008.11.09 14:57:11 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008.11.09 14:04:01 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\sascha\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.11.09 14:03:13 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\sascha\ntuser.ini
[2008.11.09 14:03:12 | 000,016,384 | -H-- | C] () -- C:\Dokumente und Einstellungen\sascha\ntuser.dat.LOG
[2008.11.09 14:03:11 | 009,437,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\sascha\NTUSER.DAT
[2008.11.09 13:36:04 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.10.07 11:04:32 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2008.04.23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.10 21:00:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\zcmpqciq.dll
[2004.08.10 21:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\icdqctv.dll
[2004.08.10 21:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\cfqrufu.dll.bak
[2004.08.10 21:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\cfqrufu.dll
[2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
 
========== LOP Check ==========
 
[2008.12.08 21:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup
[2010.01.24 15:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2010.04.11 18:47:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010.01.24 04:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2008.11.09 22:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.09.09 19:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2009.03.22 19:49:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.04.08 20:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2008.11.20 21:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.11.18 18:59:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2010.04.08 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.03.19 18:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.04.14 19:10:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009.09.21 01:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.08 09:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.01.26 23:14:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DE032019-B933-4DF4-9174-48C52613DA13}
[2009.04.09 09:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\2K Sports
[2010.04.12 18:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\BitDefender
[2009.08.09 12:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Command & Conquer 3 Kanes Rache
[2009.08.02 14:43:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2010.03.29 20:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Command and Conquer 4
[2010.04.11 19:33:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\DAEMON Tools Pro
[2010.03.13 22:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Facebook
[2009.06.14 23:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Games
[2010.03.19 21:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\gtk-2.0
[2010.01.29 19:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\ICQ
[2008.12.14 01:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\InterVideo
[2008.11.16 23:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Leadertech
[2008.12.03 11:45:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Red Alert 3
[2008.11.30 22:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Red Alert 3 Demo
[2009.10.27 04:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\StreamTorrent
[2008.11.20 21:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Teleca
[2009.07.27 12:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\temp
[2009.11.15 21:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Tific
[2010.04.08 23:26:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sascha\Anwendungsdaten\Ulead Systems
[2010.04.17 20:54:05 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010.04.17 02:36:26 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010.04.14 09:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010.04.14 10:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010.04.14 11:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010.04.14 12:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010.04.14 13:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010.04.16 14:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010.04.16 15:46:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010.04.16 17:02:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010.04.16 18:07:48 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010.04.16 19:02:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010.04.17 03:04:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010.04.16 19:53:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010.04.16 20:50:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010.04.16 23:13:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010.04.16 23:42:23 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010.04.17 00:05:07 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010.04.17 02:30:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010.04.17 02:43:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010.04.17 03:10:28 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010.04.17 03:27:26 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010.04.17 04:03:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010.04.17 03:21:43 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010.04.17 05:03:54 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010.04.17 06:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010.04.17 07:03:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010.04.11 15:54:50 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010.04.15 09:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010.04.14 10:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010.04.14 11:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010.04.14 12:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010.04.14 13:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010.04.14 14:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010.04.17 03:47:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010.04.14 15:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010.04.16 16:02:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010.04.16 17:39:15 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010.04.16 18:27:56 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010.04.16 19:19:57 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010.04.16 20:06:21 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010.04.17 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010.04.16 23:26:53 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010.04.16 23:56:27 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010.04.17 04:47:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010.04.17 05:47:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010.04.17 06:47:36 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010.04.17 07:47:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010.04.14 08:44:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010.04.17 20:51:01 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.17 20:50:16 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.03.08 03:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-10_xp32_dd_ccc_wdm_enu_69561\SBDrv\RAID7xx\x86\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008.07.17 13:06:54 | 000,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: NVRAID.SYS  >
[2005.08.18 17:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\system32\drivers\nvraid.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 21:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.10 21:00:00 | 000,136,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\zcmpqciq.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.12 23:55:53 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys
[2010.04.12 23:55:53 | 000,104,456 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2010.04.12 23:55:54 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys
[2010.04.11 18:47:48 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav  >
[2008.11.09 14:06:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.11.09 14:06:08 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.11.09 14:06:08 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
habs mit mailwarebytes jetzt nachgeholt.

Sion 17.04.2010 22:10
1. Hol dir TDSSKiller von Kaspersky
Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner).
Starte tdsskiller.exe
Wenn der Scan fertig ist, drücke eine beliebige Taste um fortzufahren.
Das Log ist unter c:\TDSSKiller....._log.txt zu finden.
Poste dieses Log.

Sashlyrics 17.04.2010 22:40
Code:
23:18:15:306 4072        TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
23:18:15:306 4072        ================================================================================
23:18:15:306 4072        SystemInfo:

23:18:15:306 4072        OS Version: 5.1.2600 ServicePack: 3.0
23:18:15:306 4072        Product type: Workstation
23:18:15:306 4072        ComputerName: SASH
23:18:15:337 4072        UserName: sascha
23:18:15:337 4072        Windows directory: C:\WINDOWS
23:18:15:337 4072        Processor architecture: Intel x86
23:18:15:337 4072        Number of processors: 2
23:18:15:337 4072        Page size: 0x1000
23:18:15:353 4072        Boot type: Normal boot
23:18:15:353 4072        ================================================================================
23:18:15:353 4072        UnloadDriverW: NtUnloadDriver error 2
23:18:15:353 4072        ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:18:15:478 4072        wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:18:15:478 4072        wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:18:15:478 4072        wfopen_ex: Trying to KLMD file open
23:18:15:478 4072        wfopen_ex: File opened ok (Flags 2)
23:18:15:478 4072        wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:18:15:478 4072        wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:18:15:478 4072        wfopen_ex: Trying to KLMD file open
23:18:15:478 4072        wfopen_ex: File opened ok (Flags 2)
23:18:15:478 4072        Initialize success
23:18:15:478 4072       
23:18:15:493 4072        Scanning        Services ...
23:18:16:009 4072        Raw services enum returned 383 services
23:18:16:040 4072       
23:18:16:040 4072        Scanning        Kernel memory ...
23:18:16:040 4072        Devices to scan: 6
23:18:16:040 4072       
23:18:16:040 4072        Driver Name: Disk
23:18:16:040 4072        IRP_MJ_CREATE                      : F74EDBB0
23:18:16:040 4072        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:18:16:040 4072        IRP_MJ_CLOSE                      : F74EDBB0
23:18:16:040 4072        IRP_MJ_READ                        : F74E7D1F
23:18:16:040 4072        IRP_MJ_WRITE                      : F74E7D1F
23:18:16:040 4072        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:18:16:040 4072        IRP_MJ_SET_INFORMATION            : 804F4562
23:18:16:040 4072        IRP_MJ_QUERY_EA                    : 804F4562
23:18:16:040 4072        IRP_MJ_SET_EA                      : 804F4562
23:18:16:040 4072        IRP_MJ_FLUSH_BUFFERS              : F74E82E2
23:18:16:040 4072        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:18:16:040 4072        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:18:16:040 4072        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:18:16:040 4072        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:18:16:040 4072        IRP_MJ_DEVICE_CONTROL              : F74E83BB
23:18:16:040 4072        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F74EBF28
23:18:16:040 4072        IRP_MJ_SHUTDOWN                    : F74E82E2
23:18:16:040 4072        IRP_MJ_LOCK_CONTROL                : 804F4562
23:18:16:040 4072        IRP_MJ_CLEANUP                    : 804F4562
23:18:16:040 4072        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:18:16:040 4072        IRP_MJ_QUERY_SECURITY              : 804F4562
23:18:16:040 4072        IRP_MJ_SET_SECURITY                : 804F4562
23:18:16:040 4072        IRP_MJ_POWER                      : F74E9C82
23:18:16:040 4072        IRP_MJ_SYSTEM_CONTROL              : F74EE99E
23:18:16:040 4072        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:18:16:040 4072        IRP_MJ_QUERY_QUOTA                : 804F4562
23:18:16:040 4072        IRP_MJ_SET_QUOTA                  : 804F4562
23:18:16:056 4072        C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:18:16:056 4072       
23:18:16:056 4072        Driver Name: USBSTOR
23:18:16:056 4072        IRP_MJ_CREATE                      : 89BA51F8
23:18:16:056 4072        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:18:16:056 4072        IRP_MJ_CLOSE                      : 89BA51F8
23:18:16:056 4072        IRP_MJ_READ                        : 89BA51F8
23:18:16:056 4072        IRP_MJ_WRITE                      : 89BA51F8
23:18:16:056 4072        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:18:16:056 4072        IRP_MJ_SET_INFORMATION            : 804F4562
23:18:16:056 4072        IRP_MJ_QUERY_EA                    : 804F4562
23:18:16:056 4072        IRP_MJ_SET_EA                      : 804F4562
23:18:16:056 4072        IRP_MJ_FLUSH_BUFFERS              : 804F4562
23:18:16:056 4072        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:18:16:056 4072        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:18:16:056 4072        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:18:16:056 4072        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:18:16:056 4072        IRP_MJ_DEVICE_CONTROL              : 89BA51F8
23:18:16:056 4072        IRP_MJ_INTERNAL_DEVICE_CONTROL    : 89BA51F8
23:18:16:056 4072        IRP_MJ_SHUTDOWN                    : 804F4562
23:18:16:056 4072        IRP_MJ_LOCK_CONTROL                : 804F4562
23:18:16:056 4072        IRP_MJ_CLEANUP                    : 804F4562
23:18:16:056 4072        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:18:16:056 4072        IRP_MJ_QUERY_SECURITY              : 804F4562
23:18:16:056 4072        IRP_MJ_SET_SECURITY                : 804F4562
23:18:16:056 4072        IRP_MJ_POWER                      : 89BA51F8
23:18:16:056 4072        IRP_MJ_SYSTEM_CONTROL              : 89BA51F8
23:18:16:056 4072        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:18:16:056 4072        IRP_MJ_QUERY_QUOTA                : 804F4562
23:18:16:056 4072        IRP_MJ_SET_QUOTA                  : 804F4562
23:18:16:071 4072        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
23:18:16:071 4072       
23:18:16:071 4072        Driver Name: Disk
23:18:16:071 4072        IRP_MJ_CREATE                      : F74EDBB0
23:18:16:071 4072        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:18:16:071 4072        IRP_MJ_CLOSE                      : F74EDBB0
23:18:16:071 4072        IRP_MJ_READ                        : F74E7D1F
23:18:16:071 4072        IRP_MJ_WRITE                      : F74E7D1F
23:18:16:071 4072        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:18:16:071 4072        IRP_MJ_SET_INFORMATION            : 804F4562
23:18:16:071 4072        IRP_MJ_QUERY_EA                    : 804F4562
23:18:16:071 4072        IRP_MJ_SET_EA                      : 804F4562
23:18:16:071 4072        IRP_MJ_FLUSH_BUFFERS              : F74E82E2
23:18:16:071 4072        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:18:16:071 4072        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:18:16:071 4072        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:18:16:071 4072        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:18:16:071 4072        IRP_MJ_DEVICE_CONTROL              : F74E83BB
23:18:16:071 4072        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F74EBF28
23:18:16:071 4072        IRP_MJ_SHUTDOWN                    : F74E82E2
23:18:16:071 4072        IRP_MJ_LOCK_CONTROL                : 804F4562
23:18:16:071 4072        IRP_MJ_CLEANUP                    : 804F4562
23:18:16:071 4072        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:18:16:071 4072        IRP_MJ_QUERY_SECURITY              : 804F4562
23:18:16:071 4072        IRP_MJ_SET_SECURITY                : 804F4562
23:18:16:071 4072        IRP_MJ_POWER                      : F74E9C82
23:18:16:071 4072        IRP_MJ_SYSTEM_CONTROL              : F74EE99E
23:18:16:071 4072        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:18:16:071 4072        IRP_MJ_QUERY_QUOTA                : 804F4562
23:18:16:071 4072        IRP_MJ_SET_QUOTA                  : 804F4562
23:18:16:087 4072        C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:18:16:087 4072       
23:18:16:087 4072        Driver Name: Disk
23:18:16:087 4072        IRP_MJ_CREATE                      : F74EDBB0
23:18:16:087 4072        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:18:16:087 4072        IRP_MJ_CLOSE                      : F74EDBB0
23:18:16:087 4072        IRP_MJ_READ                        : F74E7D1F
23:18:16:087 4072        IRP_MJ_WRITE                      : F74E7D1F
23:18:16:087 4072        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:18:16:087 4072        IRP_MJ_SET_INFORMATION            : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_EA                    : 804F4562
23:18:16:087 4072        IRP_MJ_SET_EA                      : 804F4562
23:18:16:087 4072        IRP_MJ_FLUSH_BUFFERS              : F74E82E2
23:18:16:087 4072        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:18:16:087 4072        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:18:16:087 4072        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:18:16:087 4072        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:18:16:087 4072        IRP_MJ_DEVICE_CONTROL              : F74E83BB
23:18:16:087 4072        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F74EBF28
23:18:16:087 4072        IRP_MJ_SHUTDOWN                    : F74E82E2
23:18:16:087 4072        IRP_MJ_LOCK_CONTROL                : 804F4562
23:18:16:087 4072        IRP_MJ_CLEANUP                    : 804F4562
23:18:16:087 4072        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_SECURITY              : 804F4562
23:18:16:087 4072        IRP_MJ_SET_SECURITY                : 804F4562
23:18:16:087 4072        IRP_MJ_POWER                      : F74E9C82
23:18:16:087 4072        IRP_MJ_SYSTEM_CONTROL              : F74EE99E
23:18:16:087 4072        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_QUOTA                : 804F4562
23:18:16:087 4072        IRP_MJ_SET_QUOTA                  : 804F4562
23:18:16:087 4072        C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:18:16:087 4072       
23:18:16:087 4072        Driver Name: atapi
23:18:16:087 4072        IRP_MJ_CREATE                      : F71E7B40
23:18:16:087 4072        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:18:16:087 4072        IRP_MJ_CLOSE                      : F71E7B40
23:18:16:087 4072        IRP_MJ_READ                        : 804F4562
23:18:16:087 4072        IRP_MJ_WRITE                      : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:18:16:087 4072        IRP_MJ_SET_INFORMATION            : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_EA                    : 804F4562
23:18:16:087 4072        IRP_MJ_SET_EA                      : 804F4562
23:18:16:087 4072        IRP_MJ_FLUSH_BUFFERS              : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:18:16:087 4072        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:18:16:087 4072        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:18:16:087 4072        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:18:16:087 4072        IRP_MJ_DEVICE_CONTROL              : F71E7B40
23:18:16:087 4072        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F71E7B40
23:18:16:087 4072        IRP_MJ_SHUTDOWN                    : 804F4562
23:18:16:087 4072        IRP_MJ_LOCK_CONTROL                : 804F4562
23:18:16:087 4072        IRP_MJ_CLEANUP                    : 804F4562
23:18:16:087 4072        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_SECURITY              : 804F4562
23:18:16:087 4072        IRP_MJ_SET_SECURITY                : 804F4562
23:18:16:087 4072        IRP_MJ_POWER                      : F71E7B40
23:18:16:087 4072        IRP_MJ_SYSTEM_CONTROL              : F71E7B40
23:18:16:087 4072        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:18:16:087 4072        IRP_MJ_QUERY_QUOTA                : 804F4562
23:18:16:087 4072        IRP_MJ_SET_QUOTA                  : 804F4562
23:18:16:103 4072        C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
23:18:16:103 4072       
23:18:16:103 4072        Driver Name: atapi
23:18:16:103 4072        IRP_MJ_CREATE                      : 8A49EAC8
23:18:16:103 4072        IRP_MJ_CREATE_NAMED_PIPE          : 8A49EAC8
23:18:16:103 4072        IRP_MJ_CLOSE                      : 8A49EAC8
23:18:16:103 4072        IRP_MJ_READ                        : 8A49EAC8
23:18:16:103 4072        IRP_MJ_WRITE                      : 8A49EAC8
23:18:16:103 4072        IRP_MJ_QUERY_INFORMATION          : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SET_INFORMATION            : 8A49EAC8
23:18:16:103 4072        IRP_MJ_QUERY_EA                    : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SET_EA                      : 8A49EAC8
23:18:16:103 4072        IRP_MJ_FLUSH_BUFFERS              : 8A49EAC8
23:18:16:103 4072        IRP_MJ_QUERY_VOLUME_INFORMATION    : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SET_VOLUME_INFORMATION      : 8A49EAC8
23:18:16:103 4072        IRP_MJ_DIRECTORY_CONTROL          : 8A49EAC8
23:18:16:103 4072        IRP_MJ_FILE_SYSTEM_CONTROL        : 8A49EAC8
23:18:16:103 4072        IRP_MJ_DEVICE_CONTROL              : 8A49EAC8
23:18:16:103 4072        IRP_MJ_INTERNAL_DEVICE_CONTROL    : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SHUTDOWN                    : 8A49EAC8
23:18:16:103 4072        IRP_MJ_LOCK_CONTROL                : 8A49EAC8
23:18:16:103 4072        IRP_MJ_CLEANUP                    : 8A49EAC8
23:18:16:103 4072        IRP_MJ_CREATE_MAILSLOT            : 8A49EAC8
23:18:16:103 4072        IRP_MJ_QUERY_SECURITY              : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SET_SECURITY                : 8A49EAC8
23:18:16:103 4072        IRP_MJ_POWER                      : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SYSTEM_CONTROL              : 8A49EAC8
23:18:16:103 4072        IRP_MJ_DEVICE_CHANGE              : 8A49EAC8
23:18:16:103 4072        IRP_MJ_QUERY_QUOTA                : 8A49EAC8
23:18:16:103 4072        IRP_MJ_SET_QUOTA                  : 8A49EAC8
23:18:16:103 4072        Driver "atapi" infected by TDSS rootkit!
23:18:16:118 4072        C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
23:18:16:118 4072        File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 23:18:16:118 4072        Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
23:18:16:118 4072        ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
23:18:16:587 4072        vfvi6
23:18:16:681 4072        !dsvbh1
23:18:19:353 4072        dsvbh2
23:18:19:353 4072        fdfb2
23:18:19:353 4072        Backup copy found, using it..
23:18:19:493 4072        will be cured on next reboot
23:18:19:493 4072        Reboot required for cure complete..
23:18:19:509 4072        Cure on reboot scheduled successfully
23:18:19:509 4072       
23:18:19:509 4072        Completed
23:18:19:509 4072       
23:18:19:509 4072        Results:
23:18:19:509 4072        Memory objects infected / cured / cured on reboot:        1 / 0 / 0
23:18:19:509 4072        Registry objects infected / cured / cured on reboot:        0 / 0 / 0
23:18:19:509 4072        File objects infected / cured / cured on reboot:        1 / 0 / 1
23:18:19:509 4072       
23:18:19:509 4072        fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:18:19:509 4072        fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:18:19:509 4072        UnloadDriverW: NtUnloadDriver error 1
23:18:19:509 4072        KLMD(ARK) unloaded successfully

Sion 17.04.2010 22:45
Starte den PC neu (wenn nach dem Scan noch nicht gemacht) und das Ganze (also tdsskiller) noch mal.

Sashlyrics 17.04.2010 22:57
Der neue Log nach neustart:
Code:
23:50:32:781 2300        TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
23:50:32:781 2300        ================================================================================
23:50:32:781 2300        SystemInfo:

23:50:32:781 2300        OS Version: 5.1.2600 ServicePack: 3.0
23:50:32:781 2300        Product type: Workstation
23:50:32:781 2300        ComputerName: SASH
23:50:32:781 2300        UserName: sascha
23:50:32:781 2300        Windows directory: C:\WINDOWS
23:50:32:781 2300        Processor architecture: Intel x86
23:50:32:781 2300        Number of processors: 2
23:50:32:781 2300        Page size: 0x1000
23:50:32:781 2300        Boot type: Normal boot
23:50:32:781 2300        ================================================================================
23:50:32:781 2300        UnloadDriverW: NtUnloadDriver error 2
23:50:32:781 2300        ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:50:32:890 2300        wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:50:32:890 2300        wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:50:32:890 2300        wfopen_ex: Trying to KLMD file open
23:50:32:890 2300        wfopen_ex: File opened ok (Flags 2)
23:50:32:890 2300        wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:50:32:890 2300        wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:50:32:890 2300        wfopen_ex: Trying to KLMD file open
23:50:32:890 2300        wfopen_ex: File opened ok (Flags 2)
23:50:32:890 2300        Initialize success
23:50:32:890 2300       
23:50:32:890 2300        Scanning        Services ...
23:50:33:359 2300        Raw services enum returned 382 services
23:50:33:390 2300       
23:50:33:390 2300        Scanning        Kernel memory ...
23:50:33:390 2300        Devices to scan: 6
23:50:33:390 2300       
23:50:33:390 2300        Driver Name: Disk
23:50:33:390 2300        IRP_MJ_CREATE                      : F74EDBB0
23:50:33:390 2300        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:50:33:390 2300        IRP_MJ_CLOSE                      : F74EDBB0
23:50:33:390 2300        IRP_MJ_READ                        : F74E7D1F
23:50:33:390 2300        IRP_MJ_WRITE                      : F74E7D1F
23:50:33:390 2300        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:50:33:390 2300        IRP_MJ_SET_INFORMATION            : 804F4562
23:50:33:390 2300        IRP_MJ_QUERY_EA                    : 804F4562
23:50:33:390 2300        IRP_MJ_SET_EA                      : 804F4562
23:50:33:390 2300        IRP_MJ_FLUSH_BUFFERS              : F74E82E2
23:50:33:390 2300        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:50:33:390 2300        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:50:33:390 2300        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:50:33:390 2300        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:50:33:390 2300        IRP_MJ_DEVICE_CONTROL              : F74E83BB
23:50:33:390 2300        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F74EBF28
23:50:33:390 2300        IRP_MJ_SHUTDOWN                    : F74E82E2
23:50:33:390 2300        IRP_MJ_LOCK_CONTROL                : 804F4562
23:50:33:390 2300        IRP_MJ_CLEANUP                    : 804F4562
23:50:33:390 2300        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:50:33:390 2300        IRP_MJ_QUERY_SECURITY              : 804F4562
23:50:33:390 2300        IRP_MJ_SET_SECURITY                : 804F4562
23:50:33:390 2300        IRP_MJ_POWER                      : F74E9C82
23:50:33:390 2300        IRP_MJ_SYSTEM_CONTROL              : F74EE99E
23:50:33:390 2300        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:50:33:390 2300        IRP_MJ_QUERY_QUOTA                : 804F4562
23:50:33:390 2300        IRP_MJ_SET_QUOTA                  : 804F4562
23:50:33:437 2300        C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:50:33:437 2300       
23:50:33:437 2300        Driver Name: USBSTOR
23:50:33:437 2300        IRP_MJ_CREATE                      : 8A2B83C8
23:50:33:437 2300        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:50:33:437 2300        IRP_MJ_CLOSE                      : 8A2B83C8
23:50:33:437 2300        IRP_MJ_READ                        : 8A2B83C8
23:50:33:437 2300        IRP_MJ_WRITE                      : 8A2B83C8
23:50:33:437 2300        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:50:33:437 2300        IRP_MJ_SET_INFORMATION            : 804F4562
23:50:33:437 2300        IRP_MJ_QUERY_EA                    : 804F4562
23:50:33:437 2300        IRP_MJ_SET_EA                      : 804F4562
23:50:33:437 2300        IRP_MJ_FLUSH_BUFFERS              : 804F4562
23:50:33:437 2300        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:50:33:437 2300        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:50:33:437 2300        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:50:33:437 2300        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:50:33:437 2300        IRP_MJ_DEVICE_CONTROL              : 8A2B83C8
23:50:33:437 2300        IRP_MJ_INTERNAL_DEVICE_CONTROL    : 8A2B83C8
23:50:33:437 2300        IRP_MJ_SHUTDOWN                    : 804F4562
23:50:33:437 2300        IRP_MJ_LOCK_CONTROL                : 804F4562
23:50:33:437 2300        IRP_MJ_CLEANUP                    : 804F4562
23:50:33:437 2300        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:50:33:437 2300        IRP_MJ_QUERY_SECURITY              : 804F4562
23:50:33:437 2300        IRP_MJ_SET_SECURITY                : 804F4562
23:50:33:437 2300        IRP_MJ_POWER                      : 8A2B83C8
23:50:33:437 2300        IRP_MJ_SYSTEM_CONTROL              : 8A2B83C8
23:50:33:437 2300        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:50:33:437 2300        IRP_MJ_QUERY_QUOTA                : 804F4562
23:50:33:437 2300        IRP_MJ_SET_QUOTA                  : 804F4562
23:50:33:437 2300        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
23:50:33:437 2300       
23:50:33:437 2300        Driver Name: Disk
23:50:33:437 2300        IRP_MJ_CREATE                      : F74EDBB0
23:50:33:437 2300        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:50:33:437 2300        IRP_MJ_CLOSE                      : F74EDBB0
23:50:33:437 2300        IRP_MJ_READ                        : F74E7D1F
23:50:33:437 2300        IRP_MJ_WRITE                      : F74E7D1F
23:50:33:437 2300        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:50:33:437 2300        IRP_MJ_SET_INFORMATION            : 804F4562
23:50:33:437 2300        IRP_MJ_QUERY_EA                    : 804F4562
23:50:33:437 2300        IRP_MJ_SET_EA                      : 804F4562
23:50:33:437 2300        IRP_MJ_FLUSH_BUFFERS              : F74E82E2
23:50:33:437 2300        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:50:33:437 2300        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:50:33:437 2300        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:50:33:437 2300        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:50:33:437 2300        IRP_MJ_DEVICE_CONTROL              : F74E83BB
23:50:33:437 2300        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F74EBF28
23:50:33:437 2300        IRP_MJ_SHUTDOWN                    : F74E82E2
23:50:33:437 2300        IRP_MJ_LOCK_CONTROL                : 804F4562
23:50:33:437 2300        IRP_MJ_CLEANUP                    : 804F4562
23:50:33:437 2300        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:50:33:437 2300        IRP_MJ_QUERY_SECURITY              : 804F4562
23:50:33:437 2300        IRP_MJ_SET_SECURITY                : 804F4562
23:50:33:437 2300        IRP_MJ_POWER                      : F74E9C82
23:50:33:453 2300        IRP_MJ_SYSTEM_CONTROL              : F74EE99E
23:50:33:453 2300        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_QUOTA                : 804F4562
23:50:33:453 2300        IRP_MJ_SET_QUOTA                  : 804F4562
23:50:33:453 2300        C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:50:33:453 2300       
23:50:33:453 2300        Driver Name: Disk
23:50:33:453 2300        IRP_MJ_CREATE                      : F74EDBB0
23:50:33:453 2300        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:50:33:453 2300        IRP_MJ_CLOSE                      : F74EDBB0
23:50:33:453 2300        IRP_MJ_READ                        : F74E7D1F
23:50:33:453 2300        IRP_MJ_WRITE                      : F74E7D1F
23:50:33:453 2300        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:50:33:453 2300        IRP_MJ_SET_INFORMATION            : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_EA                    : 804F4562
23:50:33:453 2300        IRP_MJ_SET_EA                      : 804F4562
23:50:33:453 2300        IRP_MJ_FLUSH_BUFFERS              : F74E82E2
23:50:33:453 2300        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:50:33:453 2300        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:50:33:453 2300        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:50:33:453 2300        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:50:33:453 2300        IRP_MJ_DEVICE_CONTROL              : F74E83BB
23:50:33:453 2300        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F74EBF28
23:50:33:453 2300        IRP_MJ_SHUTDOWN                    : F74E82E2
23:50:33:453 2300        IRP_MJ_LOCK_CONTROL                : 804F4562
23:50:33:453 2300        IRP_MJ_CLEANUP                    : 804F4562
23:50:33:453 2300        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_SECURITY              : 804F4562
23:50:33:453 2300        IRP_MJ_SET_SECURITY                : 804F4562
23:50:33:453 2300        IRP_MJ_POWER                      : F74E9C82
23:50:33:453 2300        IRP_MJ_SYSTEM_CONTROL              : F74EE99E
23:50:33:453 2300        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_QUOTA                : 804F4562
23:50:33:453 2300        IRP_MJ_SET_QUOTA                  : 804F4562
23:50:33:453 2300        C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
23:50:33:453 2300       
23:50:33:453 2300        Driver Name: atapi
23:50:33:453 2300        IRP_MJ_CREATE                      : F71E7B40
23:50:33:453 2300        IRP_MJ_CREATE_NAMED_PIPE          : 804F4562
23:50:33:453 2300        IRP_MJ_CLOSE                      : F71E7B40
23:50:33:453 2300        IRP_MJ_READ                        : 804F4562
23:50:33:453 2300        IRP_MJ_WRITE                      : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_INFORMATION          : 804F4562
23:50:33:453 2300        IRP_MJ_SET_INFORMATION            : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_EA                    : 804F4562
23:50:33:453 2300        IRP_MJ_SET_EA                      : 804F4562
23:50:33:453 2300        IRP_MJ_FLUSH_BUFFERS              : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
23:50:33:453 2300        IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
23:50:33:453 2300        IRP_MJ_DIRECTORY_CONTROL          : 804F4562
23:50:33:453 2300        IRP_MJ_FILE_SYSTEM_CONTROL        : 804F4562
23:50:33:453 2300        IRP_MJ_DEVICE_CONTROL              : F71E7B40
23:50:33:453 2300        IRP_MJ_INTERNAL_DEVICE_CONTROL    : F71E7B40
23:50:33:453 2300        IRP_MJ_SHUTDOWN                    : 804F4562
23:50:33:453 2300        IRP_MJ_LOCK_CONTROL                : 804F4562
23:50:33:453 2300        IRP_MJ_CLEANUP                    : 804F4562
23:50:33:453 2300        IRP_MJ_CREATE_MAILSLOT            : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_SECURITY              : 804F4562
23:50:33:453 2300        IRP_MJ_SET_SECURITY                : 804F4562
23:50:33:453 2300        IRP_MJ_POWER                      : F71E7B40
23:50:33:453 2300        IRP_MJ_SYSTEM_CONTROL              : F71E7B40
23:50:33:453 2300        IRP_MJ_DEVICE_CHANGE              : 804F4562
23:50:33:453 2300        IRP_MJ_QUERY_QUOTA                : 804F4562
23:50:33:453 2300        IRP_MJ_SET_QUOTA                  : 804F4562
23:50:33:468 2300        C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
23:50:33:468 2300       
23:50:33:468 2300        Driver Name: atapi
23:50:33:468 2300        IRP_MJ_CREATE                      : 8A49DAC8
23:50:33:468 2300        IRP_MJ_CREATE_NAMED_PIPE          : 8A49DAC8
23:50:33:468 2300        IRP_MJ_CLOSE                      : 8A49DAC8
23:50:33:468 2300        IRP_MJ_READ                        : 8A49DAC8
23:50:33:468 2300        IRP_MJ_WRITE                      : 8A49DAC8
23:50:33:468 2300        IRP_MJ_QUERY_INFORMATION          : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SET_INFORMATION            : 8A49DAC8
23:50:33:468 2300        IRP_MJ_QUERY_EA                    : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SET_EA                      : 8A49DAC8
23:50:33:468 2300        IRP_MJ_FLUSH_BUFFERS              : 8A49DAC8
23:50:33:468 2300        IRP_MJ_QUERY_VOLUME_INFORMATION    : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SET_VOLUME_INFORMATION      : 8A49DAC8
23:50:33:468 2300        IRP_MJ_DIRECTORY_CONTROL          : 8A49DAC8
23:50:33:468 2300        IRP_MJ_FILE_SYSTEM_CONTROL        : 8A49DAC8
23:50:33:468 2300        IRP_MJ_DEVICE_CONTROL              : 8A49DAC8
23:50:33:468 2300        IRP_MJ_INTERNAL_DEVICE_CONTROL    : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SHUTDOWN                    : 8A49DAC8
23:50:33:468 2300        IRP_MJ_LOCK_CONTROL                : 8A49DAC8
23:50:33:468 2300        IRP_MJ_CLEANUP                    : 8A49DAC8
23:50:33:468 2300        IRP_MJ_CREATE_MAILSLOT            : 8A49DAC8
23:50:33:468 2300        IRP_MJ_QUERY_SECURITY              : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SET_SECURITY                : 8A49DAC8
23:50:33:468 2300        IRP_MJ_POWER                      : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SYSTEM_CONTROL              : 8A49DAC8
23:50:33:468 2300        IRP_MJ_DEVICE_CHANGE              : 8A49DAC8
23:50:33:468 2300        IRP_MJ_QUERY_QUOTA                : 8A49DAC8
23:50:33:468 2300        IRP_MJ_SET_QUOTA                  : 8A49DAC8
23:50:33:468 2300        Driver "atapi" infected by TDSS rootkit!
23:50:33:515 2300        C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
23:50:33:515 2300        File "C:\WINDOWS\system32\drivers\atapi.sys" infected by TDSS rootkit ... 23:50:33:515 2300        Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
23:50:33:515 2300        ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
23:50:33:781 2300        vfvi6
23:50:33:875 2300        !dsvbh1
23:50:36:984 2300        dsvbh2
23:50:36:984 2300        fdfb2
23:50:36:984 2300        Backup copy found, using it..
23:50:37:046 2300        will be cured on next reboot
23:50:37:046 2300        Reboot required for cure complete..
23:50:37:062 2300        Cure on reboot scheduled successfully
23:50:37:062 2300       
23:50:37:062 2300        Completed
23:50:37:062 2300       
23:50:37:062 2300        Results:
23:50:37:062 2300        Memory objects infected / cured / cured on reboot:        1 / 0 / 0
23:50:37:062 2300        Registry objects infected / cured / cured on reboot:        0 / 0 / 0
23:50:37:062 2300        File objects infected / cured / cured on reboot:        1 / 0 / 1
23:50:37:062 2300       
23:50:37:062 2300        fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:50:37:062 2300        fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:50:37:062 2300        UnloadDriverW: NtUnloadDriver error 1
23:50:37:062 2300        KLMD(ARK) unloaded successfully

Sion 17.04.2010 23:06
:killpc: Der tdsskiller packt's nicht.

Starte OTL.
Klicke auf None
Kopiere unten in das Skriptfeld rein:

Zitat:
/md5start
atapi.sys
/md5stop
Klicke auf Run Scan und poste die OTL.txt

Sashlyrics 17.04.2010 23:20
Code:
OTL logfile created on: 18.04.2010 00:14:51 - Run 2
OTL by OldTimer - Version 3.2.1.1    Folder = C:\Dokumente und Einstellungen\sascha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3069 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 17,50 Gb Free Space | 7,51% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 46,21 Gb Free Space | 19,84% Space Free | Partition Type: NTFS
Drive E: | 3,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 233,75 Gb Total Space | 19,83 Gb Free Space | 8,48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SASH
Current User Name: sascha
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Custom Scans ==========
 
 
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.10 20:11:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010.04.17 23:51:36 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< End of report >

Sion 18.04.2010 10:00
War schon spät gestern... Du hast anscheinend vom tdsskiller ein und das selbe Log gepostet:

Zitat:
Mar 22 2010 10:43:04
Zitat:
Mar 22 2010 10:43:04
Such mal das Log vom zweiten Scan und poste es.

Sashlyrics 18.04.2010 10:51
Also die 2 Daten passen gar nicht zum gestrigen Tag, die stehen jedoch bei beiden Logs dabei.
Links steht doch die Uhrzeit oder? Zumindest würde das passen, weil ich den ersten Log um 23:18 und den 2. um 23:50 erstellt habe.
Aber ich kann ruhig nochmal einen erstellen, nur wird sich (keine Ahnung warum) am 22. März nichts ändern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19