Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe zwecks Viruses! (https://www.trojaner-board.de/92662-hilfe-zwecks-viruses.html)

davyyy 08.11.2010 23:13
Hilfe zwecks Viruses!
 
hallo leute!
bin schon seit 3 stunden am schauen was mit meinem pc los ist...
vieles versucht, doch dieses board scheint mir am hilfreichsten zu sein!
hier mal mein log:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:07:59, on 8.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\PAStiSvc.exe
D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\programme\valve\steam\steam.exe
D:\Programme\QIP 2010\qip.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
D:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Mozilla Firefox\plugin-container.exe
D:\Programme\Winamp\winamp.exe
D:\Programme\Alwil Software\Avast5\AvastSvc.exe
D:\Programme\Alwil Software\Avast5\avastUI.exe
C:\Dokumente und Einstellungen\davyyy\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_homepage&prt=flvtubetb04ie&clid=c13118e3d6034e198824b71cd8ec19a9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] "D:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Infium] "D:\Programme\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [HKCU] C:\Programme\Windows Help Files\Dll_Execute.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programme\Windows Help Files\Dll_Execute.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programme\Windows Help Files\Dll_Execute.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Programme\QIP\qip.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: CSIScanner - Unknown owner - C:\Programme\Prevx\prevx.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 11197 bytes
--- --- ---
am meisten macht mir bei O4 die datei Dll_Execute zu schaffen!

hoffe auf baldige antwort!
danke!

cosinus 09.11.2010 03:00
Hallo und :hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

davyyy 09.11.2010 18:56
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5082

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9.11.2010 18:53:38
mbam-log-2010-11-09 (18-53-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 367667
Laufzeit: 1 Stunde(n), 56 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 26

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\Australia.exe (Application.Joke) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\bremsweg.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415154.dll (Adware.Zwangi) -> Quarantined and deleted successfully.
D:\DAVID\abc\SonyVegas\Patch\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\DAVID\abc\SonyVegas\Plugins\NewBlue FX\Art effects.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
D:\DAVID\abc\SonyVegas\Plugins\NewBlue FX\Motion blends.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
D:\DAVID\Alles mögliche\Phoenix\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\DAVID\Alles mögliche\Phoenix\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\DAVID\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\Australia.exe (Application.Joke) -> Quarantined and deleted successfully.
D:\DAVID\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\bremsweg.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
D:\DAVID\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\DrunkMouse.exe (BadJoke.MovingMouse) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\David\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\Australia.exe (Application.Joke) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\David\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\bremsweg.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\David\Eigene Dateien\ICQ Lite\233628618\SnPeS_275633300\DrunkMouse.exe (BadJoke.MovingMouse) -> Quarantined and deleted successfully.
D:\Programme\Left 4 Dead 2\Razor1911.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Programme\ICQLite\245859819_ExEsite\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP394\A0415020.exe (Worm.Palevo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415283.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415284.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415288.exe (Application.Joke) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415289.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415290.exe (BadJoke.MovingMouse) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415300.exe (Application.Joke) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415301.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415302.exe (BadJoke.MovingMouse) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415309.exe (Trojan.Agent) -> Quarantined and deleted successfully.

nächster!:OTL Logfile:
Code:
OTL logfile created on: 9.11.2010 18:55:36 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\davyyy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 65,36 Gb Total Space | 32,50 Gb Free Space | 49,72% Space Free | Partition Type: NTFS
Drive D: | 400,39 Gb Total Space | 217,32 Gb Free Space | 54,28% Space Free | Partition Type: NTFS
 
Computer Name: Z3RSTO3R3R | User Name: davyyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\davyyy\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\QIP 2010\qip.exe (QIP)
PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Panda Security\Panda Cloud Antivirus\PSANToManager.exe (Panda Security, S.L.)
PRC - D:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - D:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Programme\Valve\Steam\Steam.exe (Valve Corporation)
PRC - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\davyyy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - D:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Boonty Games) -- C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll ()
SRV - (avast! Web Scanner) -- D:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- D:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- D:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (TuneUp.Defrag) -- D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (NanoServiceMain) -- D:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\pfc027.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_homepage&prt=flvtubetb04ie&clid=c13118e3d6034e198824b71cd8ec19a9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "hxxp://flvtubesearch.co/?tmp=toolbar_flvtube_results&prt=flvtubetb01ff&clid=c13118e3d6034e198824b71cd8ec19a9&subid=11796&Keywords={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.esl.eu/de/player/1998450/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.10.28 17:29:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.10.28 17:29:04 | 000,000,000 | ---D | M]
 
[2009.06.10 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Extensions
[2010.11.09 16:23:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Firefox\Profiles\r0oyf7ly.default\extensions
[2010.08.18 20:01:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Firefox\Profiles\r0oyf7ly.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.27 07:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Firefox\Profiles\r0oyf7ly.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.08 15:53:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Firefox\Profiles\r0oyf7ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.03 11:17:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Firefox\Profiles\r0oyf7ly.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.01 09:23:49 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Mozilla\Firefox\Profiles\r0oyf7ly.default\searchplugins\conduit.xml
 
O1 HOSTS File: ([2010.11.08 21:49:20 | 000,424,775 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14637 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] D:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [Infium] D:\Programme\QIP 2010\qip.exe (QIP)
O4 - HKCU..\Run: [Steam] d:\programme\valve\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.22 16:21:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.09 16:22:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\davyyy\Desktop\OTL.exe
[2010.11.08 23:40:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Panda Security
[2010.11.08 23:39:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security
[2010.11.08 21:26:50 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.11.08 21:26:49 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.11.08 21:26:48 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010.11.08 21:26:48 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.11.08 21:26:47 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.11.08 21:26:46 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.11.08 21:26:46 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.11.08 21:26:45 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.11.08 21:25:49 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.11.08 21:25:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.11.08 21:25:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.11.08 21:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Malwarebytes
[2010.11.08 21:16:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.08 21:16:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.11.08 21:16:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.08 21:06:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
[2010.11.08 20:59:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\davyyy\Recent
[2010.11.08 20:52:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\Kriptomatik
[2010.11.08 20:52:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2010.11.08 19:00:29 | 000,000,000 | ---D | C] -- C:\Programme\FLVTube Player
[2010.11.08 18:12:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\QuickPar
[2010.11.08 16:12:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Downloads
[2010.11.08 16:12:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\NewsLeecher
[2010.11.01 22:55:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.10.28 17:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\SecondLife
[2010.10.28 17:27:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\SecondLife
[2010.10.21 18:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\ArcaniA - Gothic 4
[2010.10.21 16:45:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DSS
[2010.10.21 16:45:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\EA Games
[2010.10.21 15:31:13 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010.10.21 15:31:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010.10.20 19:53:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.14 16:17:02 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.14 16:17:02 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.14 16:16:44 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\bass.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.09 18:54:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wbsidub.sys
[2010.11.09 16:22:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\davyyy\Desktop\OTL.exe
[2010.11.09 16:19:20 | 000,000,568 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.09 16:11:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.09 16:11:06 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.09 16:11:04 | 001,429,068 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.11.09 00:00:55 | 000,078,105 | -H-- | M] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\davyyylog.dat
[2010.11.08 23:40:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010.11.08 23:08:25 | 000,007,144 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010.11.08 21:49:20 | 000,424,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.11.08 21:43:33 | 000,000,423 | RHS- | M] () -- C:\boot.ini
[2010.11.08 21:26:46 | 000,003,011 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.11.08 20:35:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.08 20:21:20 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.11.08 19:50:22 | 002,335,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.08 19:44:16 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM).lnk
[2010.11.08 19:44:16 | 000,000,789 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM) - Multiplayer.lnk
[2010.11.08 18:50:55 | 000,066,048 | ---- | M] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.08 18:06:28 | 000,000,539 | ---- | M] () -- C:\Dokumente und Einstellungen\davyyy\Desktop\QIP 2010.lnk
[2010.11.08 17:26:07 | 002,046,469 | ---- | M] () -- C:\Dokumente und Einstellungen\davyyy\Desktop\Call Of Duty Black Ops CloneDVD.par2.nzb
[2010.11.01 22:45:23 | 000,000,242 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010.11.01 20:23:36 | 000,498,596 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.01 20:23:36 | 000,474,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.01 20:23:36 | 000,101,248 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.01 20:23:36 | 000,084,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.28 17:26:54 | 000,000,669 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Second Life Viewer 2.lnk
[2010.10.21 19:27:53 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.10.21 19:27:53 | 000,138,056 | ---- | M] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\PnkBstrK.sys
[2010.10.21 15:38:47 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.10.21 15:32:52 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010.10.21 15:32:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010.10.20 20:00:48 | 000,423,305 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101108-214920.backup
[2010.10.20 19:59:45 | 000,423,305 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101020-210048.backup
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.09 18:54:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wbsidub.sys
[2010.11.09 16:19:20 | 000,000,568 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.08 23:40:02 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010.11.08 20:21:20 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.08 19:44:16 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM).lnk
[2010.11.08 19:44:16 | 000,000,789 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM) - Multiplayer.lnk
[2010.11.08 18:06:28 | 000,000,539 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Desktop\QIP 2010.lnk
[2010.11.08 17:26:04 | 002,046,469 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Desktop\Call Of Duty Black Ops CloneDVD.par2.nzb
[2010.10.28 17:26:54 | 000,000,669 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Second Life Viewer 2.lnk
[2010.10.21 19:27:35 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010.09.02 01:01:15 | 000,277,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.09.02 00:41:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\chrtmp
[2010.07.23 21:39:56 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\PnkBstrK.sys
[2010.01.24 20:06:07 | 000,001,502 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2009.12.31 12:46:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.12.21 12:36:07 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.11.23 18:03:57 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.08.03 17:29:50 | 000,000,688 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.08.03 17:18:26 | 000,000,100 | ---- | C] () -- C:\WINDOWS\bsacmd.INI
[2009.07.06 17:44:13 | 000,001,432 | ---- | C] () -- C:\WINDOWS\cfkpr-m16.ini
[2009.07.06 17:35:22 | 000,066,048 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.29 21:11:23 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.06.29 21:11:22 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.06.12 11:35:54 | 000,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\setup.log
[2009.06.10 11:30:48 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\setup_ldm.iss
[2009.06.10 10:51:38 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2009.06.09 12:35:45 | 000,090,396 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat
[2009.05.12 14:58:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.24 14:56:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.02.03 20:53:06 | 000,000,242 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.01.05 13:57:40 | 000,000,237 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2008.12.15 21:14:09 | 000,452,626 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.12.01 15:04:43 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.23 14:55:10 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2008.10.26 16:17:03 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.10.07 13:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.09.24 19:20:08 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.09.22 19:06:44 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.09.22 17:13:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
[2005.05.22 12:04:21 | 000,078,105 | -H-- | C] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\davyyylog.dat
[2005.02.24 11:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005.01.25 14:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2004.07.12 22:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\Demoplayer.exe:SummaryInformation
@Alternate Data Stream - 513 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86

< End of report >
--- --- ---

und letzter!!!:OTL Logfile:
Code:
OTL Extras logfile created on: 9.11.2010 18:55:36 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\davyyy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 65,36 Gb Total Space | 32,50 Gb Free Space | 49,72% Space Free | Partition Type: NTFS
Drive D: | 400,39 Gb Total Space | 217,32 Gb Free Space | 54,28% Space Free | Partition Type: NTFS
 
Computer Name: Z3RSTO3R3R | User Name: davyyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8321:TCP" = 8321:TCP:*:Enabled:TMNF
"190:TCP" = 190:TCP:*:Enabled:Titan Quest
"9000:TCP" = 9000:TCP:*:Enabled:CrashDay
"8500:TCP" = 8500:TCP:*:Enabled:Crashday1
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"1234:TCP" = 1234:TCP:*:Enabled:Warcraft 3 FT
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\mIRC\mirc.exe" = D:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"D:\Programme\TeamViewer3\TeamViewer.exe" = D:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"D:\Programme\HLSW\hlsw.exe" = D:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"D:\Programme\QIP\qip.exe" = D:\Programme\QIP\qip.exe:*:Disabled:Quiet Internet Pager -- (The Author of QIP)
"D:\Programme\ICQ6.5\ICQ.exe" = D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Programme\uTorrent\uTorrent.exe" = D:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"D:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"D:\Rune\System\Rune.exe" = D:\Rune\System\Rune.exe:*:Enabled:Rune -- ()
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\sft\leecher.exe" = C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\sft\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"D:\Programme\QIP 2010\qip.exe" = D:\Programme\QIP 2010\qip.exe:*:Enabled:QIP 2010 -- (QIP)
"D:\Programme\Valve\Steam\SteamApps\countertus153\condition zero\hl.exe" = D:\Programme\Valve\Steam\SteamApps\countertus153\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
"D:\Programme\Valve\Steam\SteamApps\countertus153\counter-strike\hl.exe" = D:\Programme\Valve\Steam\SteamApps\countertus153\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B533F34-22BA-4301-BAF8-EA1CEDB06F9E}" = Quake Live Mozilla Plugin
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{132C89C5-3B67-48A9-BFF4-B530B044522D}" = Multi Teamspeak  2.33.77
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C2646C8-3BB1-4B1D-B7B9-C42E4EC0AFB4}" = Application Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C9CA43-7677-4F89-A971-1104A94DF0F2}" = CSE Demoplayer
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C28292-7C2F-11D9-973C-0040CA60DB0C}" = Fahrschule XP
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.4
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Pro Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESL Wire_is1" = ESL Wire 1.7.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLVTube Player" = FLVTube Player
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Hamachi" = Hamachi 1.0.1.5
"Hentai3D2-056.001" = thriXXX Hentai3D2-056.001
"HLSW_is1" = HLSW v1.3.0.3
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{95C28292-7C2F-11D9-973C-0040CA60DB0C}" = Fahrschule XP
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NeroMediaHome!UninstallKey" = Nero MediaHome CE
"NeroRecode!UninstallKey" = Nero Recode CE
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"NewsLeecher_is1" = NewsLeecher v3.8 Final
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"PokerTH 0.6.4" = PokerTH
"Project Nomads Demo" = Project Nomads Demo
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QIP2005" = QIP 2005 Uninstall
"QuickPar" = QuickPar 0.9
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"ST6UNST #1" = DBASE KONVERT 32bit
"Street Wars" = Street Wars
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Total Audio Converter_is1" = AudioConverter
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"x264 Revision 408 x264.nl" = x264 Revision 408 x264.nl (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"X-ray Anti-Cheat" = X-ray Anti-Cheat
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"QIP 2005" = QIP 2005 8095
"QIP 2010" = QIP 2010 10.11.1.4345
"QipGuard" = QIP Internet Guardian
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8.11.2010 14:54:21 | Computer Name = Z3RSTO3R3R | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 8.11.2010 14:56:58 | Computer Name = Z3RSTO3R3R | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3951, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 8.11.2010 14:57:10 | Computer Name = Z3RSTO3R3R | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3951, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10418792.
 
Error - 8.11.2010 14:57:28 | Computer Name = Z3RSTO3R3R | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3951, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 8.11.2010 15:00:59 | Computer Name = Z3RSTO3R3R | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung newsLeecher.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 8.11.2010 15:01:36 | Computer Name = Z3RSTO3R3R | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung newsLeecher.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 8.11.2010 15:02:56 | Computer Name = Z3RSTO3R3R | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung newsLeecher.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 8.11.2010 15:06:54 | Computer Name = Z3RSTO3R3R | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung newsLeecher.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 8.11.2010 15:07:57 | Computer Name = Z3RSTO3R3R | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung newsLeecher.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 8.11.2010 15:52:38 | Computer Name = Z3RSTO3R3R | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft Installer -- Microsoft .NET Framework 1.0 needs
 to be installed for this installation to continue.
 
[ System Events ]
Error - 2.11.2010 05:52:39 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8.11.2010 12:52:22 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8.11.2010 12:53:54 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8.11.2010 12:54:20 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8.11.2010 13:09:42 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8.11.2010 13:56:38 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 8.11.2010 13:58:29 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 9.11.2010 11:14:06 | Computer Name = Z3RSTO3R3R | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Panda Cloud Antivirus Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 9.11.2010 11:14:13 | Computer Name = Z3RSTO3R3R | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%87
 
Error - 9.11.2010 13:47:13 | Computer Name = Z3RSTO3R3R | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
[ TuneUp Events ]
Error - 29.10.2010 02:22:44 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 29.10.2010 07:29:52 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 29.10.2010 09:20:50 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 1.11.2010 15:19:55 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 2.11.2010 05:03:03 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 8.11.2010 10:30:53 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 8.11.2010 10:33:35 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 8.11.2010 14:51:59 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 9.11.2010 11:14:15 | Computer Name = Z3RSTO3R3R | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 9.11.2010 11:19:26 | Computer Name = Z3RSTO3R3R | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-09 16:19:26', '\device\harddiskvolume2\programme\malwarebytes'
 anti-malware\mbam.exe','3580',0)
 
 
< End of report >
--- --- ---

cosinus 10.11.2010 08:34
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll ()
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
[2010.11.09 18:54:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wbsidub.sys
[2010.11.09 00:00:55 | 000,078,105 | -H-- | M] () -- C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\davyyylog.dat
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\Demoplayer.exe:SummaryInformation
@Alternate Data Stream - 513 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

davyyy 10.11.2010 16:19
All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll moved successfully.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\WINDOWS\System32\drivers\EagleNT.sys File not found not found.
File C:\WINDOWS\System32\drivers\wbsidub.sys not found.
C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\davyyylog.dat moved successfully.
Unable to delete ADS C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\Demoplayer.exe:SummaryInformation .
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: davyyy
->Temp folder emptied: 344941829 bytes
->Temporary Internet Files folder emptied: 43641083 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 170453498 bytes
->Flash cache emptied: 61989 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3156310 bytes
%systemroot%\System32 .tmp files removed: 2933127 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 4037680368 bytes

Total Files Cleaned = 4.390,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11102010_160913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

was nu? :)

cosinus 10.11.2010 17:26
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

davyyy 10.11.2010 17:49
Combofix Logfile:
Code:
ComboFix 10-11-09.03 - davyyy 10.11.2010  17:37:21.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1328 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\davyyy\Desktop\cofi.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\davyyy\Anwendungsdaten\chrtmp
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\ogg.dll
c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
c:\windows\system32\spool\prtprocs\w32x86\CNMPD9X.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP9X.DLL

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((  Dateien erstellt von 2010-10-10 bis 2010-11-10  ))))))))))))))))))))))))))))))
.

2010-11-08 22:40 . 2010-11-08 22:40        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Anwendungsdaten\Panda Security
2010-11-08 22:39 . 2010-11-08 22:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Panda Security
2010-11-08 20:25 . 2010-11-10 15:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-11-08 20:16 . 2010-11-08 20:16        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Anwendungsdaten\Malwarebytes
2010-11-08 20:16 . 2010-04-29 11:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 20:16 . 2010-11-08 20:16        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-08 20:16 . 2010-04-29 11:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-08 20:06 . 2010-11-08 20:06        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2010-11-08 19:52 . 2010-11-08 19:52        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\Kriptomatik
2010-11-08 19:52 . 2010-11-08 19:52        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2010-11-08 18:00 . 2010-11-08 18:00        --------        d-----w-        c:\programme\FLVTube Player
2010-11-08 17:12 . 2010-11-08 21:25        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\QuickPar
2010-11-08 15:12 . 2010-11-08 15:12        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Downloads
2010-11-08 15:12 . 2010-11-08 15:13        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Anwendungsdaten\NewsLeecher
2010-11-01 21:55 . 2010-11-01 21:55        --------        d--h--w-        c:\windows\PIF
2010-10-28 16:27 . 2010-10-29 13:16        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Lokale Einstellungen\Anwendungsdaten\SecondLife
2010-10-28 16:27 . 2010-10-28 16:27        --------        d-----w-        c:\dokumente und einstellungen\davyyy\Anwendungsdaten\SecondLife
2010-10-21 18:27 . 2010-09-16 07:13        2601752        ----a-w-        c:\windows\system32\pbsvc_moh.exe
2010-10-21 15:45 . 2010-10-21 15:45        --------        d-sh--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DSS
2010-10-21 14:31 . 2010-10-21 14:32        253952        ------w-        c:\windows\Setup1.exe
2010-10-21 14:31 . 2010-10-21 14:32        74752        ----a-w-        c:\windows\ST6UNST.EXE
2010-10-20 18:53 . 2010-11-08 20:49        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-10-20 18:42 . 2010-10-20 18:42        388096        ----a-r-        c:\dokumente und einstellungen\davyyy\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 15:17 . 2010-09-18 06:52        974848        -c----w-        c:\windows\system32\dllcache\mfc42.dll
2010-10-14 15:17 . 2010-09-18 06:52        953856        -c----w-        c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 15:16 . 2010-08-23 16:11        617472        -c----w-        c:\windows\system32\dllcache\comctl32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 22:08 . 2008-09-23 16:06        7144        ----a-w-        c:\windows\system32\ealregsnapshot1.reg
2010-10-21 18:27 . 2010-07-23 20:39        138056        ----a-w-        c:\dokumente und einstellungen\davyyy\Anwendungsdaten\PnkBstrK.sys
2010-10-21 18:27 . 2008-10-26 15:17        138056        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-10-21 18:27 . 2008-10-26 15:16        189248        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-10-21 18:27 . 2008-10-26 15:16        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-10-21 14:38 . 2008-09-22 18:06        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-09-18 10:22 . 2009-06-10 09:51        974848        ----a-w-        c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2009-06-10 09:51        974848        ----a-w-        c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2009-06-10 09:51        954368        ----a-w-        c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2009-06-10 09:51        953856        ----a-w-        c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2009-06-10 09:52        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2009-06-10 09:51        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2009-06-10 09:51        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2010-09-01 11:50 . 2009-06-10 09:50        285824        ----a-w-        c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2009-06-10 09:52        1852928        ----a-w-        c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2009-06-10 09:52        119808        ----a-w-        c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-06-10 09:52        99840        ----a-w-        c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2009-06-10 09:52        357248        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2009-06-10 09:50        617472        ----a-w-        c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-06-10 09:52        58880        ----a-w-        c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2009-06-10 09:52        590848        ----a-w-        c:\windows\system32\rpcrt4.dll
2010-08-12 19:26 . 2010-08-19 20:24        30528        ----a-w-        c:\windows\system32\TURegOpt.exe
2010-08-12 19:19 . 2009-06-10 11:45        30016        ----a-w-        c:\windows\system32\uxtuneup.dll
2004-10-01 14:00 . 2008-11-23 13:55        40960        ----a-w-        c:\programme\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-30 2736736]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-10-20 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32        279944        ----a-w-        c:\programme\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-30 13:33        2736736        ----a-w-        c:\programme\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-10-20 19:06        2735200        ----a-w-        c:\programme\softonic-de3\tbsof1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35        799472        ----a-w-        c:\programme\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-30 2736736]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-10-20 2735200]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-30 2736736]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-10-20 2735200]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programme\valve\steam\steam.exe" [2010-08-24 1242448]
"Infium"="d:\programme\QIP 2010\qip.exe" [2010-11-01 5832656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2009-6-23 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"Orb"="c:\programme\Winamp Remote\bin\OrbTray.exe" /background
"Infium"="d:\programme\QIP 2010\qip.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"RemoteControl"="d:\programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"RTHDCPL"=RTHDCPL.EXE
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"Malwarebytes Anti-Malware (reboot)"="d:\programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PSUNMain"="d:\programme\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\mIRC\\mirc.exe"=
"d:\\Programme\\TeamViewer3\\TeamViewer.exe"=
"d:\\Programme\\HLSW\\hlsw.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programme\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\ICQ6.5\\ICQ.exe"=
"d:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programme\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Rune\\System\\Rune.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Dokumente und Einstellungen\\davyyy\\Eigene Dateien\\sft\\leecher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programme\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Programme\\QIP 2010\\qip.exe"=
"d:\\Programme\\Valve\\Steam\\SteamApps\\countertus153\\condition zero\\hl.exe"=
"d:\\Programme\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"d:\\Programme\\Valve\\Steam\\SteamApps\\countertus153\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8321:TCP"= 8321:TCP:TMNF
"190:TCP"= 190:TCP:Titan Quest
"9000:TCP"= 9000:TCP:CrashDay
"8500:TCP"= 8500:TCP:Crashday1
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"1234:TCP"= 1234:TCP:Warcraft 3 FT
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2008 19:06 691696]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.5.2009 08:40 108289]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23.6.2009 17:59 10384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12.8.2010 20:23 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [24.2.2005 11:29 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_homepage&prt=flvtubetb04ie&clid=c13118e3d6034e198824b71cd8ec19a9
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Free YouTube Download - c:\dokumente und einstellungen\davyyy\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\programme\kikin\ie_kikin.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{851552F5-B878-4B03-904F-2AD6A4CC8994} - (no file)
ActiveSetup-{049BCF8B-4A6E-A5E9-8DB3-D648AFAC3CC7} - c:\dokume~1\davyyy\LOKALE~1\Temp\IXP000.TMP\tro.exe
AddRemove-QipGuard - c:\dokumente und einstellungen\davyyy\Anwendungsdaten\QipGuard\QipGuard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-10 17:44
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-484763869-329068152-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:ae,3c,6d,47,85,48,38,90,af,de,56,db,c6,da,8b,68,63,ba,cf,19,39,
  59,23,55,a6,1b,e7,6d,87,35,8d,df,e9,be,11,57,79,d8,fe,58,bc,20,f6,7a,68,85,\
"rkeysecu"=hex:1c,25,0c,01,15,34,32,d5,06,56,28,20,e5,be,25,c7

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="86974178A6953921D0AC9F1F1799AFBDEC318DCBE48110212F1A56A39106075BBF74CA4BE4175F2026BBC067859B5769697CA85A9F7DF267BDCAAF6918056AC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E667BA7FD869164D67943D266C4561D693D6FA786B27EBD07DB3228F221C9B02D2E97C2629006CD4C611B651DAF946FDFAFC17747696B2D76F833885502C2591758554249499D2AA435629799EC9953E06E7E3F0548DE420134D20BB1DC65BCA1D0C75A3E25C4D1901B718B0A5067154A2E9859C1DE49313D17AC19BEA685E614A1AA86B5D0C2FBF3CA74E39435A7F6EE269E558CBCAD68C388847447CE5587F2462FAF630405236D0AD588DABC2E8307F63B438BFC0495B7484A1877BE474C272A9BA766DE59387C2E20759FA8F5B3052666208BC1D88C45C95026B73E0E13AA149FC4D8B3B522FB5F4EF7CAF6509795A16A743E9093801E673E02CD427556C432F9A1262D47321F5A8EB0D2BBDA70BBAA87B9D5202FD3AAEE87936745C06D10CDA2E91309AE0426F5198D2B465EF573AEB1F79655A8512F5D74A2E8AF52E58546318CA95C6866E355BD5C9F67BA047433C9174F6387D9C9FB317E833BF8E5F1AF07DF0996C54F1FBC3CAA37EF77AB3650E9B583E1597613306E5726FD76BBC7DC1C6EB24EB408E1F1E5FC2BFA0C36DD2694629D6BE0ADC5D680387A2300CBA43261E5783FE41FB9B8EC0C29093C6B564685F1B41D591FDEC8E7C1C9712BB15D503F58268B0D562935160ED2BC14FC492BAF997DD516BA9D63A275677954A7CBFD3807068617EE04EB373C5ADEE3046FCA3EBBD77FB5A38B2C41990552B0C1633A3B7D9FCC33E8AB219F2FD1B35BE57677BCE5DB6F0A5F4BB1A2D59231557FB0694D52983609E63D0F61B805980D50CB7AA817C2D2417A0D33A82F33C6A083A2F5CDC7F3D14AC66D9D7EE68B291516CF934A5D5CB5BFDEDFBBAFCD5DA157E524DC290AE500CF801A4D83207D5FD93F15C29A155ECAE2D865E4244291F549E39A027F7BEC44E1816A9ADEEDF56AD830CB0B09F9CC90D7A06468DC2CE0F3B4FD60D7960EA8A32227B089CF12D285D881EEF868D81033840FAA2ED26D592B07C0B1D3FD824EF62347A807F4CD9271F11FEB3F99E8E1B465F6B89C6648875EE95A37C91B68CAB5F6F527AC3530712568F79BBEEC701F99FB74F3110B25EE8850F67FC9E117B587D7834FE6D9F8A8A3C79CCE95CC3C8EA843290F4560C088056DE0F132645FD71E376C5BA910FEA97DCC72CC54C8F0D1D043791563B3266B4180348577FF252D90F18A1025A42E4A29AF83EF95F6F26248538A4F871A491625679338712FDEB564D0C5649071FEA7B298D1FD54867227742A5932440"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2116)
d:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Ahead\InCD\InCDsrv.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
d:\programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-10  17:48:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-10 16:48

Vor Suchlauf: 9 Verzeichnis(se), 33.296.723.968 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 33.220.997.120 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /tutag=DWGI1P
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /tutag=DWGI1P-BAK /kernel=tukernel.exe
[spybotsd]
timeout.old=0

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C8292E0595BDF0E28CB5EC03694DBE9C
--- --- ---


erledigt!

cosinus 10.11.2010 19:05
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

davyyy 10.11.2010 20:40
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-10 20:39:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD501LJ rev.CR100-10
Running: f1qiu3g8.exe; Driver: C:\DOKUME~1\davyyy\LOKALE~1\Temp\fxldruog.sys


---- System - GMER 1.0.15 ----

SSDT      B87F026E                                                                                                            ZwCreateKey
SSDT      B87F0264                                                                                                            ZwCreateThread
SSDT      B87F0273                                                                                                            ZwDeleteKey
SSDT      B87F027D                                                                                                            ZwDeleteValueKey
SSDT      spec.sys                                                                                                            ZwEnumerateKey [0xB7ECDDA4]
SSDT      spec.sys                                                                                                            ZwEnumerateValueKey [0xB7ECE132]
SSDT      B87F0282                                                                                                            ZwLoadKey
SSDT      spec.sys                                                                                                            ZwOpenKey [0xB7EB50C0]
SSDT      B87F0250                                                                                                            ZwOpenProcess
SSDT      B87F0255                                                                                                            ZwOpenThread
SSDT      spec.sys                                                                                                            ZwQueryKey [0xB7ECE20A]
SSDT      spec.sys                                                                                                            ZwQueryValueKey [0xB7ECE08A]
SSDT      B87F028C                                                                                                            ZwReplaceKey
SSDT      B87F0287                                                                                                            ZwRestoreKey
SSDT      B87F0278                                                                                                            ZwSetValueKey
SSDT      B87F025F                                                                                                            ZwTerminateProcess

INT 0x62  ?                                                                                                                    89DE4BF8
INT 0x82  ?                                                                                                                    89DE4BF8
INT 0x85  ?                                                                                                                    89A2FF00
INT 0x94  ?                                                                                                                    89DE4BF8
INT 0x95  ?                                                                                                                    89A2FF00
INT 0xA5  ?                                                                                                                    89A2FF00
INT 0xB5  ?                                                                                                                    89A2FF00

Code      \??\C:\cofi\catchme.sys                                                                                              pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?        spec.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB68C63A0, 0x59FFE5, 0xE8000020]
.text    USBPORT.SYS!DllUnload                                                                                                B68698AC 5 Bytes  JMP 89A2F4E0
.text    axte49sz.SYS                                                                                                        B6804386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    axte49sz.SYS                                                                                                        B68043AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    axte49sz.SYS                                                                                                        B68043C4 3 Bytes  [00, 80, 02]
.text    axte49sz.SYS                                                                                                        B68043C9 1 Byte  [30]
.text    axte49sz.SYS                                                                                                        B68043C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text    ...                                                                                                                 
.vmp2    C:\WINDOWS\system32\drivers\acedrv11.sys                                                                            entry point in ".vmp2" section [0xB396069D]
.text    C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB38E5300, 0x3B6D8, 0xE8000020]
.text    C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xB83F8300, 0x1BEE, 0xE8000020]
?        C:\DOKUME~1\davyyy\LOKALE~1\Temp\mbr.sys                                                                            Das System kann die angegebene Datei nicht finden. !
?        C:\cofi\catchme.sys                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
?        C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text    D:\Programme\Mozilla Firefox\firefox.exe[3308] ntdll.dll!LdrLoadDll                                                  7C9263C3 5 Bytes  JMP 004013F0 D:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B7EB6042] spec.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B7EB613E] spec.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [B7EB60C0] spec.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [B7EB6800] spec.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [B7EB66D6] spec.sys
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B7EC5B90] spec.sys
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!KeGetCurrentIrql]                                                  9E880000
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!HalTranslateBusAddress]                                            8986C636
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!READ_PORT_USHORT]                                                  001C9686
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          86C60200
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  00001CB2
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT      \SystemRoot\System32\Drivers\axte49sz.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              89DE31F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    89A40500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    89A40500
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    89A40500
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                    89A40500
Device    \Driver\PCI_PNP8752 \Device\00000047                                                                                spec.sys
Device    \Driver\usbehci \Device\USBPDO-4                                                                                    89A5C500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              89E551F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              89E551F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        89A43500
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                                        [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom1                                                                                        89A43500
Device    \Driver\sptd \Device\1644655002                                                                                      spec.sys
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              89B2C500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    89B2C500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    89A40500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    89A40500
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    89AAE500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    89A40500
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          89AAE500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                    89A40500
Device    \Driver\usbehci \Device\USBFDO-4                                                                                    89A5C500
Device    \Driver\Ftdisk \Device\FtControl                                                                                    89E551F8
Device    \Driver\axte49sz \Device\Scsi\axte49sz1Port4Path0Target0Lun0                                                        89B88500
Device    \Driver\axte49sz \Device\Scsi\axte49sz1                                                                              89B88500
Device    \FileSystem\Cdfs \Cdfs                                                                                              89A13500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xEA 0xB8 0xBB 0xE0 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0x80 0xC1 0x79 0x50 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xAE 0x9F 0x6D 0x10 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x81 0xE7 0x18 0x7D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xF6 0xE9 0x85 0xC9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x93 0x10 0x15 0x31 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x81 0xE7 0x18 0x7D ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF6 0xE9 0x85 0xC9 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x93 0x10 0x15 0x31 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xAF 0xBC 0x28 0x17 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x80 0xC1 0x79 0x50 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF3 0xD9 0x93 0xD0 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x81 0xE7 0x18 0x7D ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF6 0xE9 0x85 0xC9 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x93 0x10 0x15 0x31 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xEA 0xB8 0xBB 0xE0 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x80 0xC1 0x79 0x50 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xAE 0x9F 0x6D 0x10 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x81 0xE7 0x18 0x7D ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF6 0xE9 0x85 0xC9 ...
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x93 0x10 0x15 0x31 ...
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION                                86974178A6953921D0AC9F1F1799AFBDEC318DCBE48110212F1A56A39106075BBF74CA4BE4175F2026BBC067859B5769697CA85A9F7DF267BDCAAF6918056AC0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E667BA7FD869164D67943D266C4561D693D6FA786B27EBD07DB3228F221C9B02D2E97C2629006CD4C611B651DAF946FDFAFC17747696B2D76F833885502C2591758554249499D2AA435629799EC9953E06E7E3F0548DE420134D20BB1DC65BCA1D0C75A3E25C4D1901B718B0A5067154A2E9859C1DE49313D17AC19BEA685E614A1AA86B5D0C2FBF3CA74E39435A7F6EE269E558CBCAD68C388847447CE5587F2462FAF630405236D0AD588DABC2E8307F63B438BFC0495B7484A1877BE474C272A9BA766DE59387C2E20759FA8F5B3052666208BC1D88C45C95026B73E0E13AA149FC4D8B3B522FB5F4EF7CAF6509795A16A743E9093801E673E02CD427556C432F9A1262D47321F5A8EB0D2BBDA70BBAA87B9D5202FD3AAEE87936745C06D10CDA2E91309AE0426F5198D2B465EF573AEB1F79655A8512F5D74A2E8AF52E58546318CA95C6866E355BD5C9F67BA047433C9174F6387D9C9FB317E833BF8E5F1AF07DF0996C54F1FBC3CAA37EF77AB3650E9B583E159761330

---- EOF - GMER 1.0.15 ----
--- --- ---


einmal

und zweimal:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:51:44 on 10.11.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - D:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"ajp730mr" (ajp730mr) - ? - C:\WINDOWS\system32\drivers\ajp730mr.sys  (Hidden registry entry, rootkit activity | File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"axte49sz" (axte49sz) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\axte49sz.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fxldruog" (fxldruog) - ? - C:\DOKUME~1\davyyy\LOKALE~1\Temp\fxldruog.sys  (Hidden registry entry, rootkit activity | File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"InCD File System" (InCDfs) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDfs.sys
"InCD Reader" (incdrm) - "Nero AG" - C:\WINDOWS\system32\drivers\incdrm.sys
"InCDPass" (InCDPass) - "Nero AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys
"InCDrec" (InCDrec) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDrec.sys
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\DOKUME~1\davyyy\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SoC PC-Camer@" (PAC207) - ? - C:\WINDOWS\System32\DRIVERS\pfc027.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Nero AG" - C:\Programme\Ahead\InCD\incdshx.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{280CFDE1-1354-4431-92F3-03073BA593FB} "TotalConverter Context Menu Shell Extension" - ? - D:\Programme\TotalAudioConverter\axTotalConverter.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"QIP 2005" - "The Author of QIP" - D:\Programme\QIP\qip.exe
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\AskBarDis\bar\bin\askBar.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
 "{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Programme\kikin\ie_kikin.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\AskBarDis\bar\bin\askBar.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Programme\AskBarDis\bar\bin\askBar.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "kikin Plugin" - "kikin" - C:\Programme\kikin\ie_kikin.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\davyyy\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Infium" - "QIP" - "D:\Programme\QIP 2010\qip.exe" /autorun
"Steam" - "Valve Corporation" - "d:\programme\valve\steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MP270 series" - "CANON INC." - C:\WINDOWS\system32\CNMLM9X.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Personal - Free Antivirus Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
"Avira AntiVir Personal - Free Antivirus Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InCD Helper" (InCDsrv) - "Nero AG" - C:\Programme\Ahead\InCD\InCDsrv.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe  (File found, but it contains no detailed information)
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 10.11.2010 22:52
Was ist mit mbrcheck?

davyyy 10.11.2010 22:56
sorry hier
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spjr.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6D000 ACPI.sys
0xB7E5C000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 viaide.sys
0xB80B8000 MountMgr.sys
0xB7E3D000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7E25000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7E05000 fltmgr.sys
0xB7DF3000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7DDC000 KSecDD.sys
0xB7D4F000 Ntfs.sys
0xB7D22000 NDIS.sys
0xB7D08000 Mup.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\processr.sys
0xB6915000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6901000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB68E7000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB68C4000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8440000 \SystemRoot\System32\Drivers\incdrm.SYS
0xB8448000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB68A0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8460000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB688C000 \SystemRoot\system32\DRIVERS\parport.sys
0xB859C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB8128000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB85A0000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xB8468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB73C2000 \SystemRoot\system32\DRIVERS\serial.sys
0xB85A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6853000 \SystemRoot\System32\Drivers\a6bqyg1n.SYS
0xB682B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8711000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB7382000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7CD0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6814000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB7372000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB7362000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8388000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6803000 \SystemRoot\system32\DRIVERS\psched.sys
0xB7352000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8390000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8398000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7342000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85D6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB67A5000 \SystemRoot\system32\DRIVERS\update.sys
0xB7CC4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB62F7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB62D3000 \SystemRoot\system32\drivers\portcls.sys
0xB7332000 \SystemRoot\system32\drivers\drmk.sys
0xB8138000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8158000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB83B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8764000 \SystemRoot\System32\Drivers\Null.SYS
0xB85E0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83C0000 \SystemRoot\System32\drivers\vga.sys
0xB85E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB83C8000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xB8178000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xB40C0000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB8588000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83D8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB858C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB85E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8590000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB40A7000 \SystemRoot\System32\Drivers\InCDfs.SYS
0xB83E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7CE4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4094000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB403B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4015000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3FED000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8198000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB7CD8000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB3FCB000 \SystemRoot\System32\drivers\afd.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB3FA0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3F30000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB81B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3F14000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB85E8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB81E8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3ED4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB419B000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8408000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87DB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3CC4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB38AF000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3A4C000 \SystemRoot\system32\drivers\sysaudio.sys
0xB85D4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB35B3000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xB35A2000 \SystemRoot\System32\Drivers\adfs.SYS
0xB355F000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB872F000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB8420000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB34DF000 \SystemRoot\system32\DRIVERS\srv.sys
0xB34CB000 \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
0xB86F0000 \??\D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xB2BD3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 41):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
768 csrss.exe
840 C:\WINDOWS\system32\winlogon.exe
900 C:\WINDOWS\system32\services.exe
912 C:\WINDOWS\system32\lsass.exe
1100 C:\WINDOWS\system32\nvsvc32.exe
1172 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1388 C:\WINDOWS\system32\svchost.exe
1416 C:\Programme\Ahead\InCD\InCDsrv.exe
1640 svchost.exe
1764 svchost.exe
2000 C:\WINDOWS\system32\spoolsv.exe
132 C:\WINDOWS\explorer.exe
140 C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
152 C:\Programme\Avira\AntiVir Desktop\sched.exe
680 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
688 C:\Programme\DivX\DivX Update\DivXUpdate.exe
728 C:\WINDOWS\system32\rundll32.exe
780 D:\Programme\Valve\Steam\Steam.exe
796 D:\Programme\QIP 2010\qip.exe
1132 D:\Programme\Logitech\SetPoint\SetPoint.exe
1488 C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
1532 C:\Programme\Java\jre6\bin\jqs.exe
1600 C:\WINDOWS\system32\oodag.exe
1752 C:\WINDOWS\system32\PnkBstrA.exe
1856 C:\WINDOWS\system32\PnkBstrB.exe
1936 C:\WINDOWS\system32\PAStiSvc.exe
236 C:\WINDOWS\system32\svchost.exe
440 C:\WINDOWS\system32\TUProgSt.exe
560 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
624 D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
3288 D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
3696 alg.exe
3240 D:\Programme\Mozilla Firefox\firefox.exe
3164 C:\Dokumente und Einstellungen\davyyy\Eigene Dateien\sft\leecher.exe
2636 D:\Programme\Mozilla Firefox\plugin-container.exe
3888 C:\WINDOWS\system32\ctfmon.exe
2012 C:\Dokumente und Einstellungen\davyyy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`56f12600 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-10

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 10.11.2010 23:06
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

davyyy 11.11.2010 19:15
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/11/2010 at 06:08 PM

Application Version : 4.45.1000

Core Rules Database Version : 5845
Trace Rules Database Version: 3657

Scan type : Complete Scan
Total Scan Time : 01:22:55

Memory items scanned : 545
Memory threats detected : 0
Registry items scanned : 8453
Registry threats detected : 0
File items scanned : 34521
File threats detected : 103

Adware.Tracking Cookie
badassteens.com [ C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E2NW96RG ]
chat.hornypharaoh.com [ C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E2NW96RG ]
new.younglegalporn.com [ C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E2NW96RG ]
www.hornypharaoh.com [ C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E2NW96RG ]
www.naiadsystems.com [ C:\Dokumente und Einstellungen\davyyy\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E2NW96RG ]
cdn1.eyewonder.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
imagesrv.adition.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
m.de.2mdn.net [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
media.podaddies.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
media.scanscout.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
media.y8.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
media1.break.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
pornoprinzen.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
vfsexb.gmx.net [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
vfsexc.gmx.net [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
vfsexd.gmx.net [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
vfsexe.gmx.net [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
www.pornhub.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VXPER46N ]
.im.banner.t-online.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.bs.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.serving-sys.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.atdmt.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.doubleclick.net [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.webmasterplan.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.webmasterplan.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
www.etracker.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.tradedoubler.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.tradedoubler.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.zanox-affiliate.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adserver.easyad.info [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adopt.euroclick.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adopt.euroclick.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adopt.euroclick.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adopt.euroclick.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adopt.euroclick.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
eas.apm.emediate.eu [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.tradedoubler.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.tradedoubler.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
track.webtrekk.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
adserver.71i.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.advertising.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.advertising.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.advertising.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adtech.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.tradedoubler.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
statse.webtrendslive.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.webmasterplan.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.advertising.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.webmasterplan.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.traffictrack.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.traffictrack.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.tto2.traffictrack.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.komtrack.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.komtrack.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.apmebf.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.mediaplex.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.adfarm1.adition.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
eas.apm.emediate.eu [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
ad.yieldmanager.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.wunderloop.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
zbox.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.wunderloop.zanox.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
adopt.euroclick.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
www.zanox-affiliate.de [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
.webmasterplan.com [ D:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla\Firefox\Profiles\rj5ht3xl.default\cookies.sqlite ]
D:\Dokumente und Einstellungen\David\Cookies\david@cogaccounts.codemasters[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@adbrite[2].txt
D:\Dokumente und Einstellungen\David\Cookies\david@adserver.71i[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@yadro[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@ads.adbrite[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@atwola[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@advertising[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@tradedoubler[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@hitbox[2].txt
D:\Dokumente und Einstellungen\David\Cookies\david@ehg-veohnetworksinc.hitbox[2].txt
D:\Dokumente und Einstellungen\David\Cookies\david@2o7[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@media.funpic[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@adtech[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@toplist[2].txt
D:\Dokumente und Einstellungen\David\Cookies\david@sevenoneintermedia.112.2o7[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@doubleclick[1].txt
D:\Dokumente und Einstellungen\David\Cookies\david@www.mediasoftwareapps[1].txt

Trojan.Agent/Gen-Falprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415128.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP390\A0412896.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415144.EXE

Trojan.Agent/Gen-Nullo[Short]
D:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415319.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415320.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415321.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0415322.EXE


und zweimal!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5095

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.11.2010 19:15:31
mbam-log-2010-11-11 (19-15-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 367170
Laufzeit: 2 Stunde(n), 14 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\DAVID\Alles mögliche\Phoenix\Phx_data\Res\RICO.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\DAVID\Alles mögliche\Phoenix\Phx_data\Res\ss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{16B9C5F3-13ED-4D7C-8826-A494837A0D44}\RP395\A0417341.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.

cosinus 11.11.2010 22:55
Zitat:
D:\DAVID\Alles mögliche\Phoenix\Phx_data\Res\RICO.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\DAVID\Alles mögliche\Phoenix\Phx_data\Res\ss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Was soll denn das sein?

davyyy 11.11.2010 22:58
in wie fern?
Phoenix? ka was das ist... weiß ich nicht sorry!
warum?!

cosinus 11.11.2010 23:19
Ja du wirst doch wohl wissen was in "David/alles mögliche" gespeichert wurde!

davyyy 11.11.2010 23:20
wie der name des ordners "alles mögliche" schon sagt, kommt da alles rein, was ich indirekt brauch!
kann sein das ich das mal für Counter-STrike oder so benutzt habe! ich weiß nicht mehr wofür das programm da war!
aber wieso?
ist das wohl schlecht? :x
mfg

cosinus 11.11.2010 23:22
Wie auch immer. Wenn du dich nicht mal dran erinnern kannst :balla:

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

davyyy 11.11.2010 23:34
alles klar erledigt!
und nu?

cosinus 12.11.2010 05:59
Sind denn noch probleme offen oder gabs weitere Funde?

davyyy 12.11.2010 09:48
ja sehr toll!!! nachdem ich fertig war mit dieser deaktivierung, wollte ich noch nen crack von gamescopyworld laden... hab aber nur auf desktop gehabt und wollte dann mal Taskmanager öffnen und dann kam irgendein programm aufgeploppt und hat taskmanager wieder geschlossen und hat doch gesagt ich soll irgendwas aufn pc bereinigen... JA ich bin doof und habs gemacht... toll nach dem Restart vom pc wollte ich firefox öffnen und dann gings los... ich saß glaub ich 20 mins vorm rechner und hab irgendwelche kack viren löschen müssen!! antivir hat mir die ganze zeit virenmeldungen gegenben!
war ein HTML-Script der sich auf meinen rechner breit gemacht hat...
am besten ist wohl doch ich formatiere!!!
ich bedanke mich aber trotzdem bei dir das du mir so weitergeholfen hast^^
also die probleme die ich bei dir hatte, waren nachdem bereinigen weg :)
gute arbeit!
:P
danke ;)

cosinus 12.11.2010 13:21
Zitat:
wollte ich noch nen crack von gamescopyworld laden...
:koch: :pfui:

Immer wieder traurig, dass sich hier so viele mit illegaler Software selbst disqualizieren müssen! :stirn:
Darfst format c: machen - rühr so einen Mist wie keygens/cracks/serials nie wieder an!

davyyy 13.11.2010 12:47
ja komischerweise ist das der erste virus den ich eingefangen habe über die seite :x
sonst hat ja immer alles problemlos funktioniert...
naja egal^^ ich lass ab sofort die finger davon!
und format c: ist auf dem weg ;)
ich bedanke mich cosinus :)
deine arbeit war TOP! :P


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131