Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System infizert gewesen - wieder sauber? (https://www.trojaner-board.de/72103-system-infizert-gewesen-sauber.html)

Ormel 16.04.2009 23:53
System infizert gewesen - wieder sauber?
 
Guten Abend,

ich habe gestern festgestellt das mein System warscheinlich schon über einen längeren Zeitraum mit ein paar Malware infiziert war.

Ein großteil davon konnte ich durch die Hilfe einen Freundes und mit MBAM schon entfernen, trotzdem wurde mit von Ihm geraten mich noch einmal hier zu melden, da wohl auch ein Rootkit unter den Funden war.

Hier ist mal der MBAM Log mit den Funden:

Code:
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1987
Windows 5.1.2600 Service Pack 2

16.04.2009 01:40:19
mbam-log-2009-04-16 (01-40-19).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 243159
Laufzeit: 1 hour(s), 11 minute(s), 27 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system34 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SoftwareProtection\systemvital.exe (Trojan.Agent) -> Delete on reboot.
Und hier noch ein aktueller Hijackthis Log:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46:52, on 17.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Videoload Manager\ContentManager.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
C:\Programme\Nero\Nero 7\InCD\InCD.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Steam\Steam.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Java\jre1.6.0_05\bin\jucheck.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE
C:\Programme\Wippien\Wippien.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.filmstarts.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Wippien] C:\Programme\Wippien\Wippien.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "C:\Programme\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Link mit Mega Manager herunterladen... - C:\Programme\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13016BD4-C878-4BF0-A25C-4B9E15E87769}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8D1909B-B190-436B-A9EB-7A2E51A7AADA}: NameServer = 192.168.2.1
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: flashcft - flashcft.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - C:\Programme\Videoload Manager\ContentManager.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Manager (HotSpotFSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - http://de.wikipedia.org/skins-1.5/monobook/headbg.jpg

--
End of file - 13506 bytes
Ich hoffe ihr könnt mir helfen.

Mfg
Ormel

DJ-D 17.04.2009 00:01
Zitat:
Falls das Rootkit noch aktiv sein sollte, würde ich dir eher empfehlen, einmal GMER laufen zulassen. (da du die Dateien bei einen aktiven Rootkit garnicht sehen solltest/sehen könntest.)

Download dir bitte einmal GMER und poste dann bitte den Log falls es etwas findet.

Download: http://www.gmer.net/gmer.zip

Er hat Recht... Sry, bin noch in Ausbildung!

Syne 17.04.2009 00:21
Falls das Rootkit noch aktiv sein sollte, würde ich dir eher empfehlen, einmal GMER laufen zulassen. (da du die Dateien bei einen aktiven Rootkit garnicht sehen solltest/sehen könntest.)

Download dir bitte einmal GMER und poste dann bitte den Log falls es etwas findet.

Download: http://www.gmer.net/gmer.zip

Ormel 17.04.2009 00:24
hier der GMER log:

Code:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-17 01:22:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            spbp.sys  ZwEnumerateKey [0xF74F5CA2]
SSDT            spbp.sys  ZwEnumerateValueKey [0xF74F6030]

---- Devices - GMER 1.0.15 ----

Device                    89BCC1F8
Device                    Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                    894631F8
Device                    Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice            fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Syne 17.04.2009 00:25
Scheint aber sauber zu sein... warten wir mal auf den Mbam Log. :daumenhoc

Ormel 17.04.2009 01:52
Hier der log:


Code:
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1991
Windows 5.1.2600 Service Pack 2

17.04.2009 02:12:22
mbam-log-2009-04-17 (02-12-22).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 221269
Laufzeit: 1 hour(s), 6 minute(s), 4 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

DJ-D 17.04.2009 01:54
Sauber. :)

Darauf trinken wir einen :alc: :D

Angel21 17.04.2009 08:12
Nicht so voreilig, lasst nochmal Superantispyware laufen.

Ormel 18.04.2009 16:09
So habs 2mal laufen lassen der erste log ist konnte nicht vollständig durchlaufen deswegen noch der zweite

erster scan:
Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2009 at 03:17 PM

Application Version : 4.26.1000

Core Rules Database Version : 3849
Trace Rules Database Version: 1803

Scan type      : Complete Scan
Total Scan Time : 00:53:30

Memory items scanned      : 659
Memory threats detected  : 0
Registry items scanned    : 6262
Registry threats detected : 21
File items scanned        : 98639
File threats detected    : 2

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\Zitrone\Cookies\zitrone@doubleclick[2].txt
        C:\Dokumente und Einstellungen\Zitrone\Cookies\zitrone@xiti[1].txt

Trojan.Unknown Origin
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate#NextInstance
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Service
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Legacy
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ConfigFlags
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Class
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ClassGUID
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#DeviceDesc

Unclassified.Oreans32
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
        HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
zweiter scan:

Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2009 at 03:56 AM

Application Version : 4.26.1000

Core Rules Database Version : 3849
Trace Rules Database Version: 1803

Scan type      : Complete Scan
Total Scan Time : 01:35:32

Memory items scanned      : 585
Memory threats detected  : 0
Registry items scanned    : 6283
Registry threats detected : 0
File items scanned        : 153427
File threats detected    : 2

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\Zitrone\Cookies\zitrone@doubleclick[1].txt
        C:\Dokumente und Einstellungen\Zitrone\Cookies\zitrone@xiti[1].txt

Angel21 18.04.2009 16:21
Falls du noch irgendetwas hast, dass du mit dem Computer verbindest, wie Speicherkarten, USB-Sticks, externe Festplatten, ... dann stecke alles an.

ComboFix

Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert.

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

    Sollte sich ComboFix nicht starten lassen, dann benenne es um in cf.com und versuche es nocheinmal.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Ormel 18.04.2009 17:10
hier log teil 1:

Code:
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - system32: deleted 702286 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ksl48.bin

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((  Dateien erstellt von 2009-03-18 bis 2009-04-18  ))))))))))))))))))))))))))))))
.

2009-04-18 15:38 . 2009-04-18 15:38        --------        d-----w        c:\windows\l2schemas
2009-04-18 15:38 . 2009-04-18 15:38        --------        d-----w        c:\windows\system32\de
2009-04-18 15:38 . 2009-04-18 15:38        --------        d-----w        c:\windows\system32\bits
2009-04-18 15:36 . 2009-04-18 15:38        --------        d-----w        c:\windows\ServicePackFiles
2009-04-17 12:34 . 2009-04-17 12:35        --------        d-----w        c:\programme\Hamachi
2009-04-17 12:20 . 2009-04-17 12:20        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-04-17 12:20 . 2009-04-17 12:20        --------        d-----w        c:\programme\SUPERAntiSpyware
2009-04-17 12:20 . 2009-04-17 12:20        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\SUPERAntiSpyware.com
2009-04-17 12:10 . 2008-10-16 12:06        208744        ----a-w        c:\windows\system32\muweb.dll
2009-04-17 12:10 . 2008-10-16 12:06        268648        ----a-w        c:\windows\system32\mucltui.dll
2009-04-17 12:10 . 2008-10-16 12:06        27496        ----a-w        c:\windows\system32\mucltui.dll.mui
2009-04-17 00:34 . 2009-04-17 00:34        --------        d-----w        c:\programme\Gemeinsame Dateien\Windows Live
2009-04-17 00:28 . 2009-04-17 12:46        --------        d-----w        c:\programme\Fake Webcam
2009-04-16 22:36 . 2009-04-16 23:00        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Wippien
2009-04-16 22:36 . 2008-12-30 22:43        23480        ----a-w        c:\windows\system32\drivers\wip0204.sys
2009-04-16 22:36 . 2009-04-16 23:00        --------        d-----w        c:\programme\Wippien
2009-04-15 22:27 . 2009-04-15 22:27        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Malwarebytes
2009-04-15 22:27 . 2009-04-06 13:32        15504        ----a-w        c:\windows\system32\drivers\mbam.sys
2009-04-15 22:27 . 2009-04-06 13:32        38496        ----a-w        c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 22:27 . 2009-04-15 22:27        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-15 22:27 . 2009-04-15 22:27        --------        d-----w        c:\programme\Malwarebytes' Anti-Malware
2009-04-15 15:09 . 2009-04-15 15:09        --------        d-----w        c:\programme\Trend Micro
2009-04-15 10:26 . 2009-02-06 10:10        227840        -c----w        c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 10:26 . 2009-03-06 14:19        286720        -c----w        c:\windows\system32\dllcache\pdh.dll
2009-04-15 10:26 . 2009-02-09 11:21        2191360        -c----w        c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-15 10:26 . 2009-02-09 11:21        111104        -c----w        c:\windows\system32\dllcache\services.exe
2009-04-15 10:26 . 2009-02-09 10:51        401408        -c----w        c:\windows\system32\dllcache\rpcss.dll
2009-04-15 10:26 . 2009-02-09 10:51        736768        -c----w        c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 10:26 . 2009-02-09 10:51        678400        -c----w        c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:26 . 2009-02-09 10:51        473600        -c----w        c:\windows\system32\dllcache\fastprox.dll
2009-04-15 10:26 . 2009-02-09 10:51        740352        -c----w        c:\windows\system32\dllcache\ntdll.dll
2009-04-15 10:26 . 2009-02-09 10:51        453120        -c----w        c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:26 . 2009-02-09 11:21        2026496        -c----w        c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-15 10:26 . 2009-02-09 11:21        2147840        -c----w        c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-15 10:25 . 2008-04-21 21:13        217600        -c----w        c:\windows\system32\dllcache\wordpad.exe
2009-04-14 19:53 . 2009-04-14 20:09        76523        ----a-w        c:\windows\War3Unin.dat
2009-04-14 19:53 . 2009-04-14 19:59        2829        ----a-w        c:\windows\War3Unin.pif
2009-04-14 19:53 . 2009-04-14 19:59        139264        ----a-w        c:\windows\War3Unin.exe
2009-04-14 19:51 . 2009-04-14 20:49        --------        d-----w        c:\programme\Warcraft III
2009-04-04 15:44 . 2009-04-04 15:51        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Lokale Einstellungen\Anwendungsdaten\kaneandlynch
2009-04-04 09:38 . 2009-04-04 09:38        --------        d-----w        c:\programme\Webocton - Scriptly
2009-04-04 09:38 . 2009-04-04 09:38        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Webocton - Scriptly
2009-04-03 21:02 . 2009-04-03 21:02        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\FOG Downloader
2009-04-03 17:59 . 2009-04-03 17:59        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Microsoft Games
2009-04-03 17:59 . 2009-04-03 17:59        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Games
2009-04-03 16:07 . 2009-03-11 20:04        393956        ----a-w        C:\kontakt.jpg
2009-04-03 16:06 . 2009-04-03 16:06        --------        d-----w        c:\programme\iPod
2009-04-03 16:06 . 2009-04-03 16:06        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 16:04 . 2009-04-03 16:04        --------        d-----w        c:\programme\QuickTime
2009-04-03 15:56 . 2009-04-03 15:56        --------        d-----w        c:\programme\Bonjour
2009-03-27 18:01 . 2009-03-27 18:01        --------        d-----w        c:\programme\MSXML 6.0
2009-03-24 14:39 . 2009-03-24 14:40        --------        d-----w        c:\programme\Microsoft Games for Windows - LIVE
2009-03-24 14:29 . 2009-03-24 14:29        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Lokale Einstellungen\Anwendungsdaten\Fallout3
2009-03-24 14:19 . 2009-03-24 14:19        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fallout3
2009-03-24 14:19 . 2009-03-24 14:19        --------        d-----w        c:\programme\Bethesda Softworks
2009-03-24 14:17 . 2009-03-24 14:17        --------        d-----w        c:\programme\MSBuild
2009-03-24 14:17 . 2009-03-24 14:17        147128        ----a-w        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-03-24 14:16 . 2009-03-24 14:16        --------        d-----w        c:\windows\system32\XPSViewer
2009-03-24 14:16 . 2009-03-24 14:16        --------        d-----w        c:\programme\Reference Assemblies
2009-03-24 14:15 . 2006-06-29 12:07        14048        ------w        c:\windows\system32\spmsg2.dll
2009-03-24 14:14 . 2009-03-24 14:14        --------        d-----w        c:\windows\system32\xlive
2009-03-23 19:46 . 2009-03-23 19:46        --------        d-----w        c:\programme\Lavalys
2009-03-21 16:21 . 2009-03-21 16:21        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\InstallShield
2009-03-21 16:07 . 2009-03-21 16:07        68        ----a-w        c:\windows\GPlrLanc.dat
2009-03-21 16:07 . 2009-03-21 16:07        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Metaboli Player
2009-03-21 16:07 . 2004-02-04 09:01        2238        ------w        c:\windows\metaboli.ico
2009-03-21 16:07 . 2009-03-21 16:07        --------        d-----w        C:\Remote Programs
2009-03-21 16:07 . 2009-03-21 20:19        --------        d-----w        c:\programme\Metaboli Player
2009-03-21 16:07 . 2008-05-15 13:12        53314        ------w        c:\windows\ExentInfo.exe
2009-03-21 16:06 . 2008-09-08 11:49        277096        ----a-w        c:\windows\system32\YSys.dll
2009-03-21 16:06 . 2008-08-20 13:20        40040        ----a-w        c:\windows\system32\SysChkVC.dll
2009-03-21 16:06 . 2008-08-20 13:20        350312        ----a-w        c:\windows\system32\SysCheck2.dll
2009-03-21 16:06 . 2008-03-06 13:59        146        ----a-w        c:\windows\system32\SysChkVC.dll.manifest
2009-03-21 16:06 . 2009-03-21 16:06        --------        d-----w        C:\Metaboli
2009-03-21 14:06 . 2009-03-21 14:06        1063424        -c----w        c:\windows\system32\dllcache\kernel32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 15:59 . 2009-02-25 21:42        --------        d-----w        c:\programme\Steam
2009-04-18 15:56 . 2008-10-31 14:11        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Skype
2009-04-18 15:52 . 2006-08-11 19:31        87688        ----a-w        c:\windows\system32\perfc007.dat
2009-04-18 15:52 . 2006-08-11 19:31        465358        ----a-w        c:\windows\system32\perfh007.dat
2009-04-18 15:50 . 2008-10-31 14:13        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\skypePM
2009-04-18 15:40 . 2006-08-11 19:37        86811        ----a-w        c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 15:34 . 2001-08-18 12:00        251712        --sha-r        C:\ntldr
2009-04-18 12:00 . 2008-12-06 14:03        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Hamachi
2009-04-17 13:20 . 2006-12-25 09:40        --------        d-----w        c:\programme\Microsoft Works
2009-04-17 12:34 . 2007-02-09 23:23        25280        ----a-w        c:\windows\system32\drivers\hamachi.sys
2009-04-17 12:19 . 2007-11-28 14:24        --------        d-----w        c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-04-17 12:10 . 2006-12-25 09:38        71424        ----a-w        c:\dokumente und einstellungen\Zitrone\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-04-16 23:31 . 2008-06-06 22:43        --------        d-----w        c:\programme\Gemeinsame Dateien\Ahead
2009-04-16 23:31 . 2008-05-07 09:51        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero
2009-04-16 23:00 . 2009-03-12 14:30        268        ---ha-w        C:\sqmdata10.sqm
2009-04-16 23:00 . 2009-03-12 14:30        244        ---ha-w        C:\sqmnoopt10.sqm
2009-04-16 00:59 . 2009-03-11 17:59        268        ---ha-w        C:\sqmdata09.sqm
2009-04-16 00:59 . 2009-03-11 17:59        244        ---ha-w        C:\sqmnoopt09.sqm
2009-04-15 19:53 . 2008-02-20 16:51        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\OpenOffice.org2
2009-04-15 10:23 . 2009-01-17 15:22        268        ---ha-w        C:\sqmdata08.sqm
2009-04-15 10:23 . 2009-01-17 15:22        244        ---ha-w        C:\sqmnoopt08.sqm
2009-04-14 18:04 . 2007-01-03 00:42        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\teamspeak2
2009-04-14 16:28 . 2008-06-09 20:10        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\FileZilla
2009-04-14 15:35 . 2009-02-15 19:57        --------        d-----w        c:\programme\Celtx
2009-04-14 10:29 . 2009-01-17 00:01        268        ---ha-w        C:\sqmdata07.sqm
2009-04-14 10:29 . 2009-01-17 00:01        244        ---ha-w        C:\sqmnoopt07.sqm
2009-04-13 10:31 . 2009-01-16 10:47        268        ---ha-w        C:\sqmdata06.sqm
2009-04-13 10:31 . 2009-01-16 10:47        244        ---ha-w        C:\sqmnoopt06.sqm
2009-04-12 11:39 . 2009-01-15 14:39        268        ---ha-w        C:\sqmdata05.sqm
2009-04-12 11:39 . 2009-01-15 14:39        244        ---ha-w        C:\sqmnoopt05.sqm
2009-04-11 21:42 . 2008-03-06 14:04        --------        d-----w        c:\programme\phase5
2009-04-11 13:42 . 2009-01-14 23:16        268        ---ha-w        C:\sqmdata04.sqm
2009-04-11 13:42 . 2009-01-14 23:16        244        ---ha-w        C:\sqmnoopt04.sqm
2009-04-10 11:56 . 2009-01-14 16:20        268        ---ha-w        C:\sqmdata03.sqm
2009-04-10 11:56 . 2009-01-14 16:20        244        ---ha-w        C:\sqmnoopt03.sqm
2009-04-09 21:34 . 2009-01-13 17:57        268        ---ha-w        C:\sqmdata02.sqm
2009-04-09 21:34 . 2009-01-13 17:57        244        ---ha-w        C:\sqmnoopt02.sqm
2009-04-09 19:50 . 2009-04-09 19:49        4322        ----a-w        C:\Porno.txt
2009-04-09 12:21 . 2009-01-12 21:28        268        ---ha-w        C:\sqmdata01.sqm
2009-04-09 12:21 . 2009-01-12 21:28        244        ---ha-w        C:\sqmnoopt01.sqm
2009-04-08 09:36 . 2009-01-12 19:44        268        ---ha-w        C:\sqmdata00.sqm
2009-04-08 09:36 . 2009-01-12 19:44        244        ---ha-w        C:\sqmnoopt00.sqm
2009-04-07 17:25 . 2009-03-18 13:37        268        ---ha-w        C:\sqmdata19.sqm
2009-04-07 17:25 . 2009-03-18 13:37        244        ---ha-w        C:\sqmnoopt19.sqm
2009-04-07 11:05 . 2009-03-18 12:31        268        ---ha-w        C:\sqmdata18.sqm
2009-04-07 11:05 . 2009-03-18 12:31        244        ---ha-w        C:\sqmnoopt18.sqm
2009-04-06 15:06 . 2008-10-31 14:11        --------        d-----w        c:\programme\Skype
2009-04-06 09:34 . 2009-03-17 13:01        268        ---ha-w        C:\sqmdata17.sqm
2009-04-06 09:34 . 2009-03-17 13:01        244        ---ha-w        C:\sqmnoopt17.sqm
2009-04-05 08:50 . 2009-03-16 13:02        268        ---ha-w        C:\sqmdata16.sqm
2009-04-05 08:50 . 2009-03-16 13:02        244        ---ha-w        C:\sqmnoopt16.sqm
2009-04-04 22:37 . 2009-03-15 09:20        268        ---ha-w        C:\sqmdata15.sqm
2009-04-04 22:37 . 2009-03-15 09:20        244        ---ha-w        C:\sqmnoopt15.sqm
2009-04-04 15:25 . 2009-01-08 22:08        413696        ----a-w        c:\windows\system32\wrap_oal.dll
2009-04-04 15:25 . 2009-01-08 22:08        110592        ----a-w        c:\windows\system32\OpenAL32.dll
2009-04-03 23:20 . 2009-03-14 23:33        268        ---ha-w        C:\sqmdata14.sqm
2009-04-03 23:20 . 2009-03-14 23:33        244        ---ha-w        C:\sqmnoopt14.sqm
2009-04-03 16:06 . 2008-10-30 19:09        --------        d-----w        c:\programme\iTunes
2009-04-03 16:06 . 2008-02-11 15:27        --------        d-----w        c:\programme\Gemeinsame Dateien\Apple
2009-04-03 15:58 . 2008-12-05 21:41        --------        d-----w        c:\programme\Safari
2009-04-02 20:37 . 2009-03-14 16:10        268        ---ha-w        C:\sqmdata13.sqm
2009-04-02 20:37 . 2009-03-14 16:10        244        ---ha-w        C:\sqmnoopt13.sqm
2009-04-01 21:20 . 2009-03-14 10:22        268        ---ha-w        C:\sqmdata12.sqm
2009-04-01 21:20 . 2009-03-14 10:22        244        ---ha-w        C:\sqmnoopt12.sqm
2009-03-31 21:14 . 2009-03-13 17:20        268        ---ha-w        C:\sqmdata11.sqm
2009-03-31 21:14 . 2009-03-13 17:20        244        ---ha-w        C:\sqmnoopt11.sqm
2009-03-31 18:17 . 2008-02-05 18:21        --------        d-----w        c:\programme\ICQ6
2009-03-30 13:19 . 2006-08-11 19:41        --------        d--h--w        c:\programme\InstallShield Installation Information
2009-03-24 14:13 . 2007-03-04 11:50        107888        ----a-w        c:\windows\system32\CmdLineExt.dll
2009-03-23 19:04 . 2009-03-07 17:12        --------        d-----w        c:\programme\TrackMania Nations ESWC
2009-03-14 23:55 . 2009-03-14 23:55        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\The Creative Assembly
2009-03-13 17:56 . 2008-02-08 23:35        --------        d-----w        c:\programme\Gamesload Spiele
2009-03-12 17:28 . 2009-01-20 18:38        --------        d-----w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\gtk-2.0
2009-03-10 13:58 . 2009-03-10 13:58        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Media Center Programs
2009-03-10 13:43 . 2009-03-10 13:43        --------        d-----w        c:\programme\THQ
2009-03-06 14:19 . 2004-08-10 19:00        286720        ----a-w        c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-04 04:00        826368        ----a-w        c:\windows\system32\wininet.dll
2009-02-20 16:49 . 2004-08-10 19:00        78336        ----a-w        c:\windows\system32\ieencode.dll
2009-02-20 10:59 . 2009-02-20 10:59        4096        ----a-w        c:\windows\d3dx.dat
2009-02-20 10:52 . 2009-02-20 10:52        --------        d-----w        c:\programme\PiranhaBytes
2009-02-09 14:04 . 2005-10-06 03:08        1846912        ----a-w        c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2005-09-29 18:28        2026496        ----a-w        c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2005-09-29 18:27        2147840        ----a-w        c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2004-08-10 19:00        111104        ----a-w        c:\windows\system32\services.exe
2009-02-09 10:51 . 2005-07-26 04:39        401408        ----a-w        c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-10-28 01:23        736768        ----a-w        c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-10 19:00        678400        ----a-w        c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-10 19:00        740352        ----a-w        c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-10 19:00        35328        ----a-w        c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-10 19:00        56832        ----a-w        c:\windows\system32\secur32.dll
2008-10-07 17:42 . 2008-03-27 19:36        22328        ----a-w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\PnkBstrK.sys
2008-06-16 09:02 . 2008-06-16 09:02        0        ----a-w        c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\wklnhst.dat
2008-05-25 23:28 . 2008-05-25 23:28        5120        ----a-w        c:\programme\wgvids.db
2007-01-25 02:52 . 2007-01-25 02:52        65536        ----a-w        c:\programme\Gemeinsame Dateien\NMSAccessU.exe
2006-12-25 09:34 . 2006-12-24 18:53        140        ----a-w        c:\dokumente und einstellungen\Zitrone\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2006-08-11 19:31 . 2006-08-11 19:31        146        ----a-w        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

Ormel 18.04.2009 17:11
log teil 2:
Code:

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-05-07 11:15        1470488        ----a-w        c:\programme\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\programme\free-downloads.net\tbfre1.dll" [2008-05-07 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\programme\free-downloads.net\tbfre1.dll" [2008-05-07 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-17 68856]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Steam"="c:\programme\Steam\Steam.exe" [2009-02-25 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"ntiMUI"="c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-08-14 185896]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-31 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05        356352        ----a-w        c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MA111 Configuration Utility.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\MA111 Configuration Utility.lnk
backup=c:\windows\pss\MA111 Configuration Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WeGame.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WeGame.lnk
backup=c:\windows\pss\WeGame.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Zitrone^Startmenü^Programme^Autostart^OpenOffice.org 2.3.lnk]
path=c:\dokumente und einstellungen\Zitrone\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Steam\\steamapps\\ander1992\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Programme\\mIRC\\mirc.exe"=
"d:\\Programme\\World In Conflict\\wic.exe"=
"d:\\Programme\\World In Conflict\\wic_online.exe"=
"d:\\Programme\\World In Conflict\\wic_ds.exe"=
"d:\\Programme\\World of Warcraft\\WoW-1.12.0-deDE-downloader.exe"=
"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programme\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Programme\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Programme\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"d:\\Programme\\KAL\\kaneandlynch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R3 ATP;Comodo EasyVPN Miniport Driver; [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 4352]
R3 cdiskdun;cdiskdun; [x]
R3 EraserUtilDrv10633;EraserUtilDrv10633; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-12-27 265088]
R3 HotSpotFSvc;Hotspot Manager; [x]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 TSMPacket;T-DSL Manager Service; [x]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-30 23480]
S1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2008-07-17 99840]
S2 ContentMgrService;Content Management Service;c:\programme\Videoload Manager\ContentManager.exe [2008-03-12 508928]
S2 X4HSX32Ex;X4HSX32Ex;c:\programme\Metaboli Player\X4HSX32Ex.Sys [2007-11-14 29856]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-05-15 21920]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edfacba6-1c1c-11dd-9231-00038a000015}]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97317135-AC06-E7DA-E5BC-088DD99ED025}]
c:\windows\system32:msnsrve.exe
.
Inhalt des "geplante Tasks" Ordners

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-18 c:\windows\Tasks\RegCure Program Check.job
- c:\programme\RegCure\RegCure.exe [2008-04-21 21:21]

2009-01-08 c:\windows\Tasks\RegCure.job
- c:\programme\RegCure\RegCure.exe [2008-04-21 21:21]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-flashcft - flashcft.dll


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.filmstarts.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Link mit Mega Manager herunterladen... - c:\programme\Megaupload\Mega Manager\mm_file.htm
TCP: {13016BD4-C878-4BF0-A25C-4B9E15E87769} = 192.168.2.1
TCP: {D8D1909B-B190-436B-A9EB-7A2E51A7AADA} = 192.168.2.1
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
FF - ProfilePath - c:\dokumente und einstellungen\Zitrone\Anwendungsdaten\Mozilla\Firefox\Profiles\mejx3xt1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\programme\Mozilla Firefox\extensions\YPlayer@yummy.net\components\FYPlayer.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
FF - plugin: c:\programme\Gemeinsame Dateien\mpDRM\NPWMDRMWrapper.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npExentCtl.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
FF - plugin: c:\programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\programme\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programme\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX Richtlinien ----
FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */
FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/
FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/
FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/
FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/
c:\programme\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 17:59
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Boonty Games]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-427066467-3079093524-2493077868-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-427066467-3079093524-2493077868-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,3c,04,22,7f,8d,56,ba,31,75,cd,9e,5b,4b,bb,47,95,15,41,15,50,c9,b4,
  4a,61,08,7d,07,03,ce,99,68,e1,f8,bc,03,fa,1f,99,86,54,04,d1,24,4e,b4,7f,d4,\
"??"=hex:e7,c5,77,f1,83,bd,6b,bf,5a,b7,47,0e,04,35,92,1a

[HKEY_USERS\S-1-5-21-427066467-3079093524-2493077868-1005\Software\SecuROM\License information*]
"datasecu"=hex:ce,fd,01,54,84,d5,82,e9,75,01,55,bb,df,fe,fa,4f,47,26,c6,dc,53,
  ce,71,43,03,f5,98,92,9d,ec,5d,aa,23,43,3a,40,ed,fc,ed,7b,8a,94,90,91,db,bb,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
"CheckValue"=dword:febfbd00
"41F4A104"="4616266D"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4020)
c:\programme\iTunes\iTunesMiniPlayer.dll
c:\programme\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll
c:\programme\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\ehome\mcrdsvc.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-04-18 18:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-04-18 16:03

Vor Suchlauf: 29 Verzeichnis(se), 15.479.144.448 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 15.642.750.976 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

443        --- E O F ---        2009-04-17 13:21

Angel21 18.04.2009 17:36
Erstelle bitte ein Softwareliste mit HiJackthis: 1. open the misc tool section
2. open uninstall manager
3. save list
und poste die Liste hier rein.

Ebenso führe ZHPdiag aus, nach dieser Anleitung: http://www.trojaner-board.de/72020-a...g-zhpdiag.html



Hinweis: Wenn Du Zeit sparen möchtest, dann setze das System neu auf, das ist sehr vermurkst das System.

Ormel 18.04.2009 17:52
hier log teil 1:

Code:
Rapport de ZHPDiag v1.18 par Nicolas Coolman
Enregistré le 18.04.2009 18:42:30
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.11
MFIE: Mozilla Firefox (3.0.8)

---\\ Processus lancés
C:\WINDOWS\ehome\ehtray.exe
nwiz.exe
RTHDCPL.EXE
SkyTel.EXE
c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\CyberLink\PowerDVD\Language\Language.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Videoload Manager\ContentManager.exe
C:\WINDOWS\system32\services.exe
c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programme\Gemeinsame Dateien\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

---\\ Pages de recherche  de Mozilla Firefox (M1)
M1 - SPR:Search Page Redirection - C:\Programme\Mozilla FireFox\extensions\YPlayer@yummy.net

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.filmstarts.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

---\\ Browser Helper Objects de navigateur(O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} -
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "C:\Programme\Steam\Steam.exe" -silent
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data="67108863"
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data="323"
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Link mit Mega Manager herunterladen... - C:\Programme\Megaupload\Mega Manager\mm_file.htm

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe,1040
O9 - Extra button: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe,1040
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

---\\ Piratage de domaine (Lop.com) (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13016BD4-C878-4BF0-A25C-4B9E15E87769}: 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8D1909B-B190-436B-A9EB-7A2E51A7AADA}: 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13016BD4-C878-4BF0-A25C-4B9E15E87769}: 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8D1909B-B190-436B-A9EB-7A2E51A7AADA}: 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{13016BD4-C878-4BF0-A25C-4B9E15E87769}: 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8D1909B-B190-436B-A9EB-7A2E51A7AADA}: 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{13016BD4-C878-4BF0-A25C-4B9E15E87769}: 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{D8D1909B-B190-436B-A9EB-7A2E51A7AADA}: 192.168.2.1

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AtiStartupEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1}
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service:  (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Content Management Service (ContentMgrService) - C:\Programme\Videoload Manager\ContentManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: NMSAccessU (NMSAccessU) - C:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA (PnkBstrA) - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (PnkBstrB) - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Einfache TCP/IP-Dienste (SimpTcp) - C:\WINDOWS\system32\tcpsvcs.exe
O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

---\\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: (no name) - file:http://de.wikipedia.org/skins-1.5/monobook/headbg.jpg
O24 - Desktop Component 1: Die derzeitige Homepage - file:About:Home

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Browseranpassungen - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: KB910393 - KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} - (not file)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Vektorgrafik-Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Sicherheitsupdate für Windows XP (KB913433) - {1325db73-d9f1-48f8-8895-6d814ec58889} - (not file)
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB887998) - {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML-Datenbindung für Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Media Center - {407408d4-94ed-4d86-ab69-a7f649d112ee} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 C:\WINDOWS\inf\mcdftreg.inf
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Erweitertes Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Adressbuch 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Viewpoint Media Player - {7AA6739A-9EC5-6C7D-DC8D-EBA5768EA16B} - (not file)
O40 - ASIC: Windows Desktop-Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
O40 - ASIC: (no name) - {97317135-AC06-E7DA-E5BC-088DD99ED025} - C:\WINDOWS\system32:msnsrve.exe
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: IE7 Uninstall Stub - {B6B6F056-320C-116A-31B2-CB99A3A77D0F} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB930494) - {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Taskplaner - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {E78BFA60-5393-4C38-82AB-E8019E464EB4} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.0 Service Pack 3 - {EA29D410-CE41-4953-A862-2DE706A1DAD7} - (not file)
O40 - ASIC: .NET Framework - {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - (not file)

Ormel 18.04.2009 17:53
log teil 2
Code:
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ACEDRV06 (ACEDRV06) - C:\WINDOWS\system32\drivers\ACEDRV06.sys
O41 - Driver: ACEDRV07 (ACEDRV07) - C:\WINDOWS\system32\drivers\ACEDRV07.sys
O41 - Driver: Microsoft Kernel-Echounterdrückung (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: AMD-Prozessortreiber (AmdK8) - C:\WINDOWS\system32\DRIVERS\AmdK8.sys
O41 - Driver: 1394-ARP-Clientprotokoll (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Asynchroner RAS -Medientreiber (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: ATI T200 Unified AVStream service (ATIAVAIW) - C:\WINDOWS\system32\DRIVERS\atinavt2.sys
O41 - Driver: ATITool Overclocking Utility (ATITool) - C:\WINDOWS\system32\DRIVERS\ATITool.sys
O41 - Driver: atksgt (atksgt) - C:\WINDOWS\system32\DRIVERS\atksgt.sys
O41 - Driver: Protokoll für ATM ARP-Client (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Comodo EasyVPN Miniport Driver (ATP) - C:\WINDOWS\system32\DRIVERS\cmdatp.sys
O41 - Driver: Audiostubtreiber (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: avgio (avgio) - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Untertiteldecoder (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: cdiskdun (cdiskdun) - C:\DOKUME~1\Zitrone\LOKALE~1\Temp\cdiskdun.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Treiber für die Verwaltung logischer Datenträger (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel-DLS-Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: AVM FRITZ!WLAN (FWLANUSB) - C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
O41 - Driver: GEAR ASPI Filter Driver (GEARAspiWDM) - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O41 - Driver: Standardpaketklassifizierung (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Hamachi Network Interface (hamachi) - C:\WINDOWS\system32\DRIVERS\hamachi.sys
O41 - Driver: Microsoft UAA-Bustreiber für High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Microsoft HID Class-Treiber (hidusb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: i8042-Tastatur- und PS/2-Mausanschluss-Treiber (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: int15.sys (int15.sys) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: IPv6-Windows-Firewalltreiber (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: Filtertreiber für IP-Verkehr (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP/IP-Tunneltreiber (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: IPSEC-Treiber (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: IR-Enumeratordienst (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Tastatur-HID-Treiber (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Microsoft Kernel-Waveaudiomixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: lirsgt (lirsgt) - C:\WINDOWS\system32\DRIVERS\lirsgt.sys
O41 - Driver: MHN-Treiber (MHNDRV) - C:\WINDOWS\system32\DRIVERS\mhndrv.sys
O41 - Driver: Maus-HID-Treiber (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: BDA MPE-Filter (MPE) - C:\WINDOWS\system32\DRIVERS\MPE.sys
O41 - Driver: Redirector für WebDav-Client (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft-Systemverwaltungs-BIOS-Treiber (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: NABTS/FEC VBI-Codec (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Microsoft TV-/Videoverbindung (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: RAS-NDIS-TAPI-Treiber (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS-Benutzermodus-E/A-Protokoll (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: RAS-NDIS-WAN-Treiber (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS-Schnittstelle (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBios über TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: 1394-Netzwerktreiber (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
O41 - Driver: (no object) (nvatabus) - C:\WINDOWS\system32\drivers\nvatabus.sys
O41 - Driver: NVIDIA nForce(tm) RAID Class Driver (nvraid) - C:\WINDOWS\system32\drivers\nvraid.sys
O41 - Driver: Filtertreiber für IPX-Verkehr (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Treiber für IPX-Verkehrsweiterleitung (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll (NwlnkIpx) - C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
O41 - Driver: NWLink-NetBIOS (NwlnkNb) - C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
O41 - Driver: NWLink SPX/SPXII-Protokoll (NwlnkSpx) - C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
O41 - Driver: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys
O41 - Driver: WAN-Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Prozessortreiber (Processor) - C:\WINDOWS\system32\DRIVERS\processr.sys
O41 - Driver: QoS-Paketplaner (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: psdfilter (psdfilter) - C:\WINDOWS\system32\Drivers\psdfilter.sys
O41 - Driver: psdvdisk (psdvdisk) - C:\WINDOWS\system32\Drivers\psdvdisk.sys
O41 - Driver: Treiber für direkte Parallelverbindung (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Treiber für automatische RAS-Verbindung (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: WAN-Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Remotezugriff-PPPOE-Treiber (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallelanschluss (direkt) (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Treiber für Terminalserver-Geräteumleitung (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Filtertreiber für digitale CD-Audiowiedergabe (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: Screaming Bee Audio (SCREAMINGBDRIVER) - C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Serenum-Filtertreiber (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: StarForce Protection Environment Driver (version 1.x) (sfdrv01) - C:\WINDOWS\System32\drivers\sfdrv01.sys
O41 - Driver: StarForce Protection Helper Driver (version 2.x) (sfhlp02) - C:\WINDOWS\System32\drivers\sfhlp02.sys
O41 - Driver: StarForce Protection Synchronization Driver (version 2.x) (sfsync02) - C:\WINDOWS\System32\drivers\sfsync02.sys
O41 - Driver: StarForce Protection VFS Driver (version 2.x) (sfvfs02) - C:\WINDOWS\System32\drivers\sfvfs02.sys
O41 - Driver: BDA Slip De-Framer (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Microsoft Kernel-Audiosplitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Filtertreiber für Systemwiederherstellung (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: BDA-IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Software-Bus-Treiber (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Microsoft Kernel GS Wavetablesynthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: (no object) (SYMIDSCO) - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20071220.001\SymIDSCo.sys
O41 - Driver: Microsoft Kernel-Systemaudiogerät (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: TCP/IP-Protokolltreiber (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Microsoft IPv6-Protokolltreiber (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip6.sys
O41 - Driver: T-DSL Manager Service (TSMPacket) - C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
O41 - Driver: Microsoft Tun-Miniportadaptertreiber (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Microcode Updatetreiber (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Microsoft Standard-USB-Haupttreiber (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: USB2-aktivierter Hub (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Miniporttreiber für Microsoft USB Open Host-Controller (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O41 - Driver: USB-Massenspeichertreiber (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: RAS-IP-ARP-Treiber (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: WAN Miniport (ATW) (wanatw) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys
O41 - Driver: Treiber für Microsoft WINMM-WDM-Audiokompatibilität (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Wippien Network Adapter 2.4 (wip0204) - C:\WINDOWS\system32\DRIVERS\wip0204.sys
O41 - Driver: Logitech Virtual Bus Enumerator Driver (WmBEnum) - C:\WINDOWS\system32\drivers\WmBEnum.sys
O41 - Driver: Logitech Virtual Hid Device Driver (WmVirHid) - C:\WINDOWS\system32\drivers\WmVirHid.sys
O41 - Driver: Logitech Translation Layer Driver (WmXlCore) - C:\WINDOWS\system32\drivers\WmXlCore.sys
O41 - Driver: World Standard Teletext-Codec (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
O41 - Driver: X4HSX32 (X4HSX32) - C:\Programme\GameTap\bin\Release\X4HSX32.Sys
O41 - Driver: X4HSX32Ex (X4HSX32Ex) - C:\Programme\Metaboli Player\X4HSX32Ex.Sys
O41 - Driver: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwxp) - C:\WINDOWS\system32\DRIVERS\yk51x86.sys
O41 - Driver: ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) (ZD1211BU(ZyDAS)) - C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
O41 - Driver: ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) (ZD1211U(ZyDAS)) - C:\WINDOWS\system32\DRIVERS\zd1211u.sys
O41 - Driver: ZDPSp50 NDIS Protocol Driver (ZDPSp50) - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: WeGame Client Beta 1.0.7
O42 - Logiciel: Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
O42 - Logiciel: GemMaster Mystic
O42 - Logiciel: AC3Filter (remove only)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: afreeCodecVT 1.1.52
O42 - Logiciel: Alive Video Converter (version 3.2.0.8)
O42 - Logiciel: ATI - Software Uninstall Utility
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: ATI Display Driver
O42 - Logiciel: AVS4YOU Software Navigator 1.3
O42 - Logiciel: AVS Video Converter 6
O42 - Logiciel: BitTorrent 5.0.9
O42 - Logiciel: Blender (remove only)
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Celtx (1.0)
O42 - Logiciel: DV Capture 1.0
O42 - Logiciel: EAX Unified
O42 - Logiciel: EVEREST Home Edition v2.20
O42 - Logiciel: Fahrenheit
O42 - Logiciel: Zoo Tycoon 2: Zoodirektor Sammlung
O42 - Logiciel: Windows-Treiberpaket - AMD System  (04/06/2006 1.0.1.0)
O42 - Logiciel: FileZilla Client 3.0.10
O42 - Logiciel: Firebird SQL Server - MAGIX Edition
O42 - Logiciel: Free Video Converter V 1.2
O42 - Logiciel: Fuzzelcheck Version 2.22
O42 - Logiciel: GAMI (Gta-Action Mod-Installer)
O42 - Logiciel: Hamachi 1.0.3.0
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: VeohTV BETA
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: NTI Backup NOW! 4
O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
O42 - Logiciel: Call of Juarez
O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
O42 - Logiciel: IsoBuster 2.4
O42 - Logiciel: High Definition Audio Driver Package - KB888111
O42 - Logiciel: Sicherheitsupdate für Step by Step Interactive Training (KB898458)
O42 - Logiciel: Update Rollup 2 für Windows XP Media Center Edition 2005
O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157)
O42 - Logiciel: Windows XP Media Center Edition 2005 KB908246
O42 - Logiciel: Update für Windows Media Player 10 (KB910393)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 10 (KB911565)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB913433)
O42 - Logiciel: Update für Windows Media Player 10 (KB913800)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 10 (KB917734)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB923561)
O42 - Logiciel: Windows XP Media Center Edition 2005 KB925766
O42 - Logiciel: Update für Windows Media Player 10 (KB926251)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 10 (KB936782)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB936782)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB938464)
O42 - Logiciel: Hotfix für Windows Media Player 11 (KB939683)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB941569)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB946648)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950760)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950762)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950974)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951066)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951376)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951376-v2)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951698)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951748)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB952004)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player (KB952069)
O42 - Logiciel: Hotfix für Windows XP (KB952287)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB952954)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB954154)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954211)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954600)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB955069)
O42 - Logiciel: Update für Windows XP (KB955839)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956391)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956572)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956802)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956803)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956841)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957097)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958644)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958687)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958690)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB959426)
O42 - Logiciel: Wichtiges Update für Windows Media Player 11 (KB959772)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960225)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960715)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960803)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB961373)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
O42 - Logiciel: Update für Windows XP (KB967715)
O42 - Logiciel: LeechFTP
O42 - Logiciel: LiveUpdate 3.2 (Symantec Corporation)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: MAGIX Music Maker 15 Trial 15.0.1.5 (D)
O42 - Logiciel: MAGIX Screenshare 4.3.6.1987 (D)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 3.0
O42 - Logiciel: Microsoft Visual J# 2.0 Redistributable Package
O42 - Logiciel: mIRC
O42 - Logiciel: MonkeyJam 3_050529
O42 - Logiciel: Mozilla (1.7.13)
O42 - Logiciel: Mozilla Firefox (3.0.8)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: My Personal Translator 1.46
O42 - Logiciel: Nero 8 Lite 8.3.2.1
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: N Schach 3
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: OCA Client history tool install
O42 - Logiciel: OpenAL
O42 - Logiciel: Painter
O42 - Logiciel: PCFriendly
O42 - Logiciel: phase5
O42 - Logiciel: ratDVD 0.78.1444
O42 - Logiciel: Real Alternative 1.8.0
O42 - Logiciel: RealPlayer
O42 - Logiciel: REAPER
O42 - Logiciel: RegCure 1.5.0.1
O42 - Logiciel: SeaMonkey (1.1.14)
O42 - Logiciel: Empire: Total War
O42 - Logiciel: Eternal Silence
O42 - Logiciel: Source SDK Base - Orange Box
O42 - Logiciel: Half-Life 2
O42 - Logiciel: Counter-Strike: Source
O42 - Logiciel: Portal: The First Slice
O42 - Logiciel: StudioLine Photo Basic
O42 - Logiciel: TeamSpeak 2 RC2
O42 - Logiciel: TeamViewer 3
O42 - Logiciel: TrackMania Nations ESWC 1.7.9
O42 - Logiciel: Tor 0.2.0.32
O42 - Logiciel: Veoh Web Player Beta
O42 - Logiciel: Videoload Manager 1.0.1514
O42 - Logiciel: VLC media player 0.9.6
O42 - Logiciel: Webocton - Scriptly 0.8.95.2
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: WinAce Archiver
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: GIMP 2.6.4
O42 - Logiciel: WinRAR archiver
O42 - Logiciel: World of Warcraft
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0
O42 - Logiciel: Steam
O42 - Logiciel: ATI Catalyst Control Center
O42 - Logiciel: Bonjour
O42 - Logiciel: Python 2.6
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459)
O42 - Logiciel: Google Earth
O42 - Logiciel: DVD Suite
O42 - Logiciel: Phase 5 HTML-Editor
O42 - Logiciel: QuickTime
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Metaboli Player
O42 - Logiciel: Supreme Commander - Forged Alliance
O42 - Logiciel: Java(TM) 6 Update 3
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: commercial
O42 - Logiciel: Windows Communication Foundation
O42 - Logiciel: Microsoft Games for Windows - LIVE
O42 - Logiciel: Microsoft Works
O42 - Logiciel: neroxml
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: ICQ6
O42 - Logiciel: Logitech Gaming Software 5.02
O42 - Logiciel: OpenOffice.org 2.3
O42 - Logiciel: GameTap
O42 - Logiciel: PowerDVD
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Windows Media Player Firefox Plugin
O42 - Logiciel: USB Driver for Panasonic DVC
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Text-To-Speech-Runtime
O42 - Logiciel: DivX Codec
O42 - Logiciel: Windows Workflow Foundation
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: EAX4 Unified Redist
O42 - Logiciel: DivX Player
O42 - Logiciel: Numedia CD-DVD writing as non-admin user
O42 - Logiciel: AGEIA PhysX v7.11.13
O42 - Logiciel: Fallout 3
O42 - Logiciel: Sonic Encoders
O42 - Logiciel: Adobe Premiere Pro 1.5 Tryout
O42 - Logiciel: Kane and Lynch: Dead Men
O42 - Logiciel: SecurDisc Viewer
O42 - Logiciel: Adobe Reader 8.1.3
O42 - Logiciel: DivX Converter

Angel21 18.04.2009 17:53
Und bitte noch die Uninstall List, wie es geht steht unten beschrieben :)

Ormel 18.04.2009 17:56
log teil 3:

Code:



---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\advapi32.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ativvaxx.cap -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\CmdLineExt.dll -->24.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtmsft.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtrans.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\extmgr.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\html.iec -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\icardie.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ie4uinit.exe -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakeng.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieaksie.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakui.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iedkcs32.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieencode.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iernonce.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iertutil.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieudinit.exe -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\inetcpl.cpl -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\jsproxy.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\kernel32.dll -->21.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\lsasrv.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeeds.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedsbs.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmled.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msrating.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mstime.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntdll.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntkrnlpa.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntoskrnl.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\occache.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\OpenAL32.dll -->04.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\pdh.dll -->06.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc007.dat -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh007.dat -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\pngfilt.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\rpcss.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sc.exe -->06.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\secur32.dll -->03.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\services.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\spupdwxp.log -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->23.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\url.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\urlmon.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\webcheck.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wininet.dll -->03.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->18.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wrap_oal.dll -->04.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\hamachi.sys -->17.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06.04.2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALAUNCH.EXE-145B15F4.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALCMTR.EXE-01A7139B.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\APPLESYNCNOTIFIER.EXE-2C481DCB.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATTRIB.CFEXE-119E0ED3.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATTRIB.EXE-15ACDFFE.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AUPDATE.EXE-3712CED8.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGNT.EXE-1A8D43C9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-100E7505.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AXCMD.EXE-12E2DF53.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BLASTCLN.EXE-32F30471.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CASPOL.EXE-25914F74.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CATCHME.CFEXE-20352551.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CATCHME.TMP-1C9402FA.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCC.EXE-2F3357A9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCLEANER.EXE-17ADB38C.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CF11851.EXE-04D5578B.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHCP.COM-17EDBDC9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CLISTART.EXE-3AF3AA34.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXECF-04239AFE.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX-DOWNLOAD.CFEXE-0504F612.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX.EXE-2A180FB9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSCRIPT.EXE-0A13A05C.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPHIVE.CFEXE-04BE9822.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EHTRAY.EXE-337AC592.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ERUNT.CFEXE-03BA0C46.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.CFEXE-27467DCB.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-1A4FC238.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-28BE8AE1.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-31A6BBAB.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GREP.CFEXE-25FF7687.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GREP.CFEXE-2C6C0099.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GRPCONV.EXE-375690AD.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GSAR.CFEXE-093F9079.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GSAR.CFEXE-2D1F6459.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HANDLE.CFEXE-060063D0.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIDEC.EXE-110154A1.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIDEC.EXE-2888B6D9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-3643707F.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ICQ.EXE-09964922.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-360BBB5C.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMEKRMIG.EXE-227C14E9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMJPMIG.EXE-32ABEE9A.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMSCINST.EXE-2B626103.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPCONFIG.EXE-05D7908C.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPODSERVICE.EXE-07892C80.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-1CC2818B.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUSCHED.EXE-35967D1E.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LANGUAGE.EXE-0C543E78.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGAGENT.EXE-2BE87CC2.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MOFCOMP.EXE-266B2314.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MOM.EXE-33BF1D10.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSDTC.EXE-1D9D8668.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MTEE.CFEXE-283D2AF9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\N.COM-1420D574.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NGEN.EXE-0FE278E5.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.CFEXE-00BC64DF.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.COM-104AA346.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.EXE-3789D3CC.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMDC.CFEXE-2F2E2424.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTIMUI.EXE-13A6CF51.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NWIZ.EXE-2D374245.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PDVDSERV.EXE-19072CB6.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PEV.CFEXE-017E8F57.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PING.EXE-30F9CA9D.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PV.CFEXE-06AB029F.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PV.CFEXE-0D4977C3.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-0C419446.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-15061EEE.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALSCHED.EXE-0C8249C8.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REG.EXE-07FA5B3F.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGCURE.EXE-03CAE3EE.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGT.CFEXE-30684912.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RTHDCPL.EXE-005A6E31.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3CADD0BA.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3CAE7316.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3DD6937A.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4853FA67.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4D5D6CC3.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5560CAC5.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E6ADB37.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6A09524A.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ACD0C83.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEAMON~1.EXE-095B4DC8.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.CFEXE-019B7AC0.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.CFEXE-3B25863A.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.EXE-1EFB2ADD.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP50.EXE-0177D3B8.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SHMGRATE.EXE-2DD3E4D8.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SKYPE.EXE-0D322358.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SKYPEPM.EXE-1D416A14.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SKYTEL.EXE-15B3DBDE.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFFICE.BIN-063C249E.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFFICE.EXE-0E2BB9C5.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SORT.EXE-19728AC5.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPNPINST.EXE-098364FC.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPUPDSVC.EXE-07BA1E73.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPUPDWXP.EXE-290B02C1.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\STEAM.EXE-25A9EDD7.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.CFEXE-19E71DFD.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-20DD5B9B.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-2E6304DD.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWSC.CFEXE-0736E034.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWSC.EXE-2E4EECB7.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TINTSETP.EXE-2DD83AEF.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNREGMP2.EXE-0CFB0619.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNZIP.CFEXE-160CE8D0.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VFIND.EXE-1922F79E.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->18.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZHPDIAG.EXE-29028029.pf -->18.04.2009

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Programme\Steam\steamapps\ander1992\counter-strike source\hl2.exe"="C:\Programme\Steam\steamapps\ander1992\counter-strike source\hl2.exe:*:Enabled:hl2"
O47 - AAKE:Key Export - "C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe"="C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
O47 - AAKE:Key Export - "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
O47 - AAKE:Key Export - "C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
O47 - AAKE:Key Export - "C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
O47 - AAKE:Key Export - "C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
O47 - AAKE:Key Export - "C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC"
O47 - AAKE:Key Export - "D:\Programme\World In Conflict\wic.exe"="D:\Programme\World In Conflict\wic.exe:*:Enabled:WORLD IN CONFLICT"
O47 - AAKE:Key Export - "D:\Programme\World In Conflict\wic_online.exe"="D:\Programme\World In Conflict\wic_online.exe:*:Enabled:WORLD IN CONFLICT - Nur Online"
O47 - AAKE:Key Export - "D:\Programme\World In Conflict\wic_ds.exe"="D:\Programme\World In Conflict\wic_ds.exe:*:Enabled:WORLD IN CONFLICT - Dedizierter Server"
O47 - AAKE:Key Export - "D:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-1.12.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
O47 - AAKE:Key Export - "C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
O47 - AAKE:Key Export - "C:\Programme\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Programme\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
O47 - AAKE:Key Export - "C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Programme\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
O47 - AAKE:Key Export - "C:\Programme\Steam\steamapps\common\empire total war\Empire.exe"="C:\Programme\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War"
O47 - AAKE:Key Export - "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
O47 - AAKE:Key Export - "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
O47 - AAKE:Key Export - "D:\Programme\KAL\kaneandlynch.exe"="D:\Programme\KAL\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

---\\ Déni du service LSA (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

Ormel 18.04.2009 17:57
so log teil 4:
Code:
---\\ Contrôle du Safe Boot (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{edfacba6-1c1c-11dd-9231-00038a000015}\Shell\AutoRun\command - K:\SETUP.EXE

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.lhacm"="lhacm.acm"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.FPS1"="frapsvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yv12"="yv12vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MPG4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MP42"="mpg4c32.dll"


End of the scan:

Ormel 18.04.2009 17:58
so jetzt die uninstall liste
Code:

AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Premiere Pro 1.5 Tryout
Adobe Reader 8.1.3
afreeCodecVT 1.1.52
AGEIA PhysX v7.11.13
Alive Video Converter (version 3.2.0.8)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BitTorrent 5.0.9
Blender (remove only)
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Juarez
Catalyst Control Center - Branding
CCleaner (remove only)
Celtx (1.0)
commercial
Company of Heroes
Counter-Strike: Source
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DV Capture 1.0
DVD Suite
EAX Unified
EAX4 Unified Redist
Empire: Total War
Eternal Silence
EVEREST Home Edition v2.20
Fahrenheit
Fallout 3
FileZilla Client 3.0.10
Firebird SQL Server - MAGIX Edition
Free Video Converter V 1.2
Fuzzelcheck Version 2.22
Game Cam
Game Cam v1.4
GameTap
GAMI (Gta-Action Mod-Installer)
GemMaster Mystic
GIMP 2.6.4
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Gothic
GPGNet
Half-Life 2
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
ICQ6
IsoBuster 2.4
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Kane and Lynch: Dead Men
LeechFTP
LiveUpdate 3.2 (Symantec Corporation)
Logitech Gaming Software 5.02
MAGIX Music Maker 15 Trial 15.0.1.5 (D)
MAGIX Screenshare 4.3.6.1987 (D)
Malwarebytes' Anti-Malware
Metaboli Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
mIRC
MobileMe Control Panel
MonkeyJam 3_050529
Mozilla (1.7.13)
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
My Personal Translator 1.46
N Schach 3
Nero 8 Lite 8.3.2.1
neroxml
NTI Backup NOW! 4
NTI CD & DVD-Maker
Numedia CD-DVD writing as non-admin user
NVIDIA Drivers
OCA Client history tool install
OpenAL
OpenOffice.org 2.3
Painter
PCFriendly
Phase 5 HTML-Editor
Phase 5 HTML-Editor
phase5
Portal: The First Slice
PowerDVD
PowerProducer
Python 2.6
QuickTime
ratDVD 0.78.1444
Real Alternative 1.8.0
RealPlayer
Realtek High Definition Audio Driver
REAPER
RegCure 1.5.0.1
Safari
SeaMonkey (1.1.14)
SecurDisc Viewer
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 10 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB913433)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961373)
Skype™ 3.8
Sonic Encoders
Source SDK Base - Orange Box
Steam
StudioLine Photo Basic
SUPERAntiSpyware Free Edition
Supreme Commander - Forged Alliance
TeamSpeak 2 RC2
TeamViewer 3
Text-To-Speech-Runtime
Tor 0.2.0.32
TrackMania Nations ESWC 1.7.9
Update für Windows Media Player 10 (KB910393)
Update für Windows Media Player 10 (KB913800)
Update für Windows Media Player 10 (KB926251)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update Rollup 2 für Windows XP Media Center Edition 2005
USB Driver for Panasonic DVC
Veoh Web Player Beta
VeohTV BETA
Videoload Manager 1.0.1514
VLC media player 0.9.6
Webocton - Scriptly 0.8.95.2
WeGame Client Beta 1.0.7
Wichtiges Update für Windows Media Player 11 (KB959772)
WinAce Archiver
Windows Communication Foundation
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
Windows-Treiberpaket - AMD System  (04/06/2006 1.0.1.0)
WinRAR archiver
WORLD IN CONFLICT
World of Warcraft
Zoo Tycoon 2: Zoodirektor Sammlung

Angel21 18.04.2009 18:08
Hallo,

schlechte Nachrichten.

Dein System ist so schlimm vermurkst, ich würde an Deiner Stelle Neuaufsetzen, erspart immens Zeit und Nerven beider Seiten.

Die Bereinigung des Ganzen würde das 10 Fache des neuaufsetzens übersteigen.

Bitte nach dem Neuaufsetzen keine Torrentprogramme reinknallen, keine Toolbars und keine unnötigen Autostarteinträge.

Hier ist eine Anleitung, damit du sicher neuaufsetzen kannst, und du nicht alleine dastehts, so ohne alles und nichts: http://www.trojaner-board.de/51262-a...sicherung.html


EDIT: warte bitte mit dem Neuaufsetzen.

Angel21 18.04.2009 18:47
Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 1 (Suche)
Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen)

(Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Entf um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein)

Ormel 18.04.2009 18:54
hier der scan bericht

Code:

  --------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
  X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
  BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
  USER : Zitrone ( Administrator )
  BOOT : Normal boot
  Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
  C:\ (Local Disk) - NTFS - Total:113 Go (Free:14 Go)
  D:\ (Local Disk) - NTFS - Total:232 Go (Free:172 Go)
  E:\ (Local Disk) - FAT32 - Total:113 Go (Free:111 Go)
  F:\ (CD or DVD)
  G:\ (CD or DVD)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (CD or DVD)
  L:\ (CD or DVD)
  M:\ (USB)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [1] ( 18.04.2009|19:51 )
 
  --------------------\\  Ordner Verzeichnis unter ANWEND~1

  [24.10.2006|19:22] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
  [24.10.2006|19:22] C:\DOKUME~1\ADMINI~1\ANWEND~1\Macromedia
  [24.10.2006|19:22] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
  [5|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei

  [03.04.2009|18:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
  [19.01.2009|22:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\2DBoy
  [11.10.2008|15:42] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Activision
  [11.11.2008|20:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
  [07.06.2008|00:45] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ahead
  [07.06.2008|19:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
  [11.02.2008|17:27] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
  [11.02.2008|17:29] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
  [08.10.2008|15:53] C:\DOKUME~1\ALLUSE~1\ANWEND~1\ATI
  [21.06.2008|00:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Avira
  [03.12.2008|23:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AVS4YOU
  [22.07.2007|16:07] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Babylon
  [18.10.2008|13:50] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Blizzard
  [12.07.2008|10:00] C:\DOKUME~1\ALLUSE~1\ANWEND~1\BOONTY
  [10.03.2007|18:57] C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink
  [24.03.2009|16:19] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Fallout3
  [15.03.2008|18:50] C:\DOKUME~1\ALLUSE~1\ANWEND~1\fluxDVD
  [03.09.2008|02:53] C:\DOKUME~1\ALLUSE~1\ANWEND~1\GameTap
  [16.09.2007|22:51] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
  [27.12.2008|18:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MAGIX
  [16.04.2009|00:27] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
  [10.03.2009|15:58] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Media Center Programs
  [21.03.2009|18:07] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Metaboli Player
  [17.04.2009|02:38] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
  [03.04.2009|19:59] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft Games
  [18.06.2008|20:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\mpDRM
  [04.01.2009|00:47] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MsvThumbs
  [19.07.2008|01:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NCH Software
  [19.07.2008|01:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NCH Swift Sound
  [17.04.2009|01:31] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
  [02.06.2008|21:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NtiDvdCopy
  [21.07.2008|20:32] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Real
  [31.10.2008|16:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype
  [17.04.2009|14:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\SUPERAntiSpyware.com
  [30.12.2007|21:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
  [04.09.2007|21:28] C:\DOKUME~1\ALLUSE~1\ANWEND~1\T-DSL Manager
  [28.08.2007|15:26] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Teledat
  [11.06.2008|20:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
  [24.01.2007|12:28] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
  [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
  [41|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei

  [24.10.2006|19:22] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
  [24.10.2006|19:22] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
  [24.10.2006|19:22] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
  [5|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei

  [23.08.2007|23:41] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
  [3|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei

  [10.06.2008|19:30] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
  [3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei

  [11.10.2008|15:42] C:\DOKUME~1\Zitrone\ANWEND~1\Activision
  [24.10.2008|14:59] C:\DOKUME~1\Zitrone\ANWEND~1\Adobe
  [07.06.2008|00:28] C:\DOKUME~1\Zitrone\ANWEND~1\AdobeUM
  [18.06.2008|19:42] C:\DOKUME~1\Zitrone\ANWEND~1\Ahead
  [07.06.2008|19:39] C:\DOKUME~1\Zitrone\ANWEND~1\AOL
  [19.01.2009|22:14] C:\DOKUME~1\Zitrone\ANWEND~1\Apple Computer
  [02.03.2008|21:32] C:\DOKUME~1\Zitrone\ANWEND~1\ATI
  [03.12.2008|23:41] C:\DOKUME~1\Zitrone\ANWEND~1\AVS4YOU
  [22.07.2007|11:07] C:\DOKUME~1\Zitrone\ANWEND~1\Babylon
  [30.12.2008|01:35] C:\DOKUME~1\Zitrone\ANWEND~1\BitTorrent
  [01.12.2008|00:08] C:\DOKUME~1\Zitrone\ANWEND~1\Blender Foundation
  [08.06.2008|05:02] C:\DOKUME~1\Zitrone\ANWEND~1\CyberLink
  [18.05.2008|23:14] C:\DOKUME~1\Zitrone\ANWEND~1\DAEMON Tools
  [16.12.2007|16:57] C:\DOKUME~1\Zitrone\ANWEND~1\DivX
  [10.01.2009|19:50] C:\DOKUME~1\Zitrone\ANWEND~1\dvdcss
  [19.01.2009|21:50] C:\DOKUME~1\Zitrone\ANWEND~1\eMule
  [01.12.2008|00:13] C:\DOKUME~1\Zitrone\ANWEND~1\FileMaker
  [14.04.2009|18:28] C:\DOKUME~1\Zitrone\ANWEND~1\FileZilla
  [03.04.2009|23:02] C:\DOKUME~1\Zitrone\ANWEND~1\FOG Downloader
  [06.03.2008|22:29] C:\DOKUME~1\Zitrone\ANWEND~1\Google
  [15.02.2009|21:57] C:\DOKUME~1\Zitrone\ANWEND~1\Greyfirst
  [12.03.2009|19:28] C:\DOKUME~1\Zitrone\ANWEND~1\gtk-2.0
  [18.04.2009|14:00] C:\DOKUME~1\Zitrone\ANWEND~1\Hamachi
  [06.12.2008|16:02] C:\DOKUME~1\Zitrone\ANWEND~1\HamachiBackup
  [20.04.2007|16:41] C:\DOKUME~1\Zitrone\ANWEND~1\Help
  [05.02.2008|20:25] C:\DOKUME~1\Zitrone\ANWEND~1\ICQ
  [09.02.2008|01:21] C:\DOKUME~1\Zitrone\ANWEND~1\ICQ Toolbar
  [24.10.2006|19:22] C:\DOKUME~1\Zitrone\ANWEND~1\Identities
  [21.03.2009|18:21] C:\DOKUME~1\Zitrone\ANWEND~1\InstallShield
  [24.10.2006|19:22] C:\DOKUME~1\Zitrone\ANWEND~1\Macromedia
  [27.12.2008|18:19] C:\DOKUME~1\Zitrone\ANWEND~1\MAGIX
  [16.04.2009|00:27] C:\DOKUME~1\Zitrone\ANWEND~1\Malwarebytes
  [21.07.2008|20:33] C:\DOKUME~1\Zitrone\ANWEND~1\Media Player Classic
  [14.05.2008|20:59] C:\DOKUME~1\Zitrone\ANWEND~1\Megaupload
  [10.12.2008|23:52] C:\DOKUME~1\Zitrone\ANWEND~1\Microsoft
  [03.04.2009|19:59] C:\DOKUME~1\Zitrone\ANWEND~1\Microsoft Games
  [02.09.2008|00:12] C:\DOKUME~1\Zitrone\ANWEND~1\mIRC
  [01.12.2008|00:41] C:\DOKUME~1\Zitrone\ANWEND~1\MonkeyJam
  [14.09.2008|22:48] C:\DOKUME~1\Zitrone\ANWEND~1\Mozilla
  [19.01.2009|22:37] C:\DOKUME~1\Zitrone\ANWEND~1\MSNInstaller
  [19.07.2008|01:35] C:\DOKUME~1\Zitrone\ANWEND~1\NCH Swift Sound
  [07.05.2008|11:54] C:\DOKUME~1\Zitrone\ANWEND~1\Nero
  [18.04.2009|18:14] C:\DOKUME~1\Zitrone\ANWEND~1\OpenOffice.org2
  [12.04.2008|21:51] C:\DOKUME~1\Zitrone\ANWEND~1\Petroglyph
  [14.08.2008|18:47] C:\DOKUME~1\Zitrone\ANWEND~1\Real
  [14.11.2008|22:25] C:\DOKUME~1\Zitrone\ANWEND~1\REAPER
  [14.08.2008|20:39] C:\DOKUME~1\Zitrone\ANWEND~1\Screaming Bee
  [26.06.2007|16:58] C:\DOKUME~1\Zitrone\ANWEND~1\SecuROM
  [18.04.2009|19:25] C:\DOKUME~1\Zitrone\ANWEND~1\Skype
  [18.04.2009|17:50] C:\DOKUME~1\Zitrone\ANWEND~1\skypePM
  [05.04.2008|13:49] C:\DOKUME~1\Zitrone\ANWEND~1\Sun
  [17.04.2009|14:20] C:\DOKUME~1\Zitrone\ANWEND~1\SUPERAntiSpyware.com
  [29.05.2008|18:14] C:\DOKUME~1\Zitrone\ANWEND~1\Talkback
  [14.04.2009|20:04] C:\DOKUME~1\Zitrone\ANWEND~1\teamspeak2
  [31.10.2008|18:38] C:\DOKUME~1\Zitrone\ANWEND~1\TeamViewer
  [16.06.2008|11:02] C:\DOKUME~1\Zitrone\ANWEND~1\Template
  [15.03.2009|01:55] C:\DOKUME~1\Zitrone\ANWEND~1\The Creative Assembly
  [29.12.2008|04:22] C:\DOKUME~1\Zitrone\ANWEND~1\tor
  [30.09.2008|17:26] C:\DOKUME~1\Zitrone\ANWEND~1\UseNeXT
  [30.11.2007|13:55] C:\DOKUME~1\Zitrone\ANWEND~1\Ventrilo
  [01.12.2008|00:22] C:\DOKUME~1\Zitrone\ANWEND~1\vlc
  [04.04.2009|11:38] C:\DOKUME~1\Zitrone\ANWEND~1\Webocton - Scriptly
  [31.07.2008|21:04] C:\DOKUME~1\Zitrone\ANWEND~1\WeGame
  [24.02.2008|00:09] C:\DOKUME~1\Zitrone\ANWEND~1\WinRAR
  [17.04.2009|01:00] C:\DOKUME~1\Zitrone\ANWEND~1\Wippien
  [05.09.2007|16:54] C:\DOKUME~1\Zitrone\ANWEND~1\You've Got Pictures Screensaver
  [0|Datei(en)] C:\DOKUME~1\Zitrone\ANWEND~1\Bytes
  [68|Verzeichnis(se),] C:\DOKUME~1\Zitrone\ANWEND~1\Bytes frei
 
  --------------------\\  Geplante Aufgaben unter C:\WINDOWS\Tasks

  [18.04.2009 17:59][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
  [08.01.2009 04:00][--a------] C:\WINDOWS\tasks\RegCure.job
  [03.04.2009 17:52][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  [18.04.2009 17:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
  [10.08.2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

  --------------------\\  Ordner Verzeichnis unter C:\Programme

  [14.09.2008|02:26] C:\Programme\AC3Filter
  [04.02.2009|17:39] C:\Programme\Activision
  [11.12.2008|18:13] C:\Programme\Adobe
  [14.09.2008|02:21] C:\Programme\afreeCodecVT
  [29.09.2008|16:08] C:\Programme\AGEIA Technologies
  [07.05.2008|12:04] C:\Programme\Alcohol Soft
  [03.12.2008|22:42] C:\Programme\AliveMedia
  [19.01.2009|21:45] C:\Programme\ANNO1602
  [30.10.2008|21:06] C:\Programme\Apple Software Update
  [08.10.2008|15:48] C:\Programme\ATI Technologies
  [05.11.2008|19:53] C:\Programme\ATITool
  [21.06.2008|00:17] C:\Programme\Avira
  [03.12.2008|23:41] C:\Programme\AVS4YOU
  [24.03.2009|16:19] C:\Programme\Bethesda Softworks
  [25.02.2008|00:16] C:\Programme\BitTorrent
  [01.12.2008|00:08] C:\Programme\Blender Foundation
  [03.04.2009|17:56] C:\Programme\Bonjour
  [19.03.2008|15:33] C:\Programme\Boonty
  [24.03.2008|00:01] C:\Programme\BoontyGames
  [27.05.2007|12:47] C:\Programme\buffed.de
  [19.01.2009|22:23] C:\Programme\CCleaner
  [08.06.2008|19:43] C:\Programme\CDV
  [14.04.2009|17:35] C:\Programme\Celtx
  [24.10.2006|19:23] C:\Programme\commercial
  [07.05.2008|12:04] C:\Programme\Conduit
  [22.12.2008|21:21] C:\Programme\Creative
  [07.05.2008|11:54] C:\Programme\CUEcards 2000
  [07.06.2008|00:12] C:\Programme\CyberLink
  [08.06.2008|18:52] C:\Programme\DAEMON Tools Lite
  [24.10.2006|19:23] C:\Programme\DIFX
  [06.12.2008|00:03] C:\Programme\DivX
  [25.01.2009|18:56] C:\Programme\DV Capture
  [17.04.2009|14:46] C:\Programme\Fake Webcam
  [09.06.2008|22:45] C:\Programme\FileZilla FTP Client
  [03.12.2008|23:33] C:\Programme\Free Video Converter
  [21.06.2008|21:03] C:\Programme\free-downloads.net
  [01.12.2008|00:37] C:\Programme\Fuzzelcheck
  [07.06.2008|20:01] C:\Programme\Game Cam v1.4
  [13.03.2009|19:56] C:\Programme\Gamesload Spiele
  [03.09.2008|02:52] C:\Programme\GameTap
  [10.09.2008|23:44] C:\Programme\GAMI
  [18.04.2009|17:57] C:\Programme\Gemeinsame Dateien
  [24.10.2006|19:23] C:\Programme\GemMasterGerman
  [19.01.2009|21:41] C:\Programme\GIMP-2.0
  [05.11.2008|22:20] C:\Programme\Google
  [17.04.2009|14:35] C:\Programme\Hamachi
  [31.03.2009|20:17] C:\Programme\ICQ6
  [05.11.2008|19:59] C:\Programme\ICQToolbar
  [29.12.2006|16:31] C:\Programme\id Software
  [30.03.2009|15:19] C:\Programme\InstallShield Installation Information
  [08.06.2008|03:56] C:\Programme\InterActual
  [17.04.2009|15:21] C:\Programme\Internet Explorer
  [03.04.2009|18:06] C:\Programme\iPod
  [03.04.2009|18:06] C:\Programme\iTunes
  [05.11.2008|19:59] C:\Programme\Java
  [23.03.2009|21:46] C:\Programme\Lavalys
  [24.06.2008|19:40] C:\Programme\LeechFTP
  [27.12.2008|18:17] C:\Programme\MAGIX
  [16.04.2009|00:27] C:\Programme\Malwarebytes' Anti-Malware
  [18.04.2009|17:42] C:\Programme\Messenger
  [21.03.2009|22:19] C:\Programme\Metaboli Player
  [24.10.2006|19:23] C:\Programme\microsoft frontpage
  [24.03.2009|16:40] C:\Programme\Microsoft Games for Windows - LIVE
  [25.12.2006|11:40] C:\Programme\Microsoft Office
  [17.04.2009|15:20] C:\Programme\Microsoft Works
  [01.09.2008|19:30] C:\Programme\mIRC
  [01.12.2008|00:41] C:\Programme\MonkeyJam
  [18.04.2009|17:38] C:\Programme\Movie Maker
  [18.04.2009|18:08] C:\Programme\Mozilla Firefox
  [17.01.2009|14:58] C:\Programme\mozilla.org
  [05.11.2008|22:18] C:\Programme\Mozilla1.7.13
  [24.03.2009|16:17] C:\Programme\MSBuild
  [18.04.2009|17:38] C:\Programme\msn
  [24.10.2006|19:23] C:\Programme\MSN Gaming Zone
  [23.01.2009|20:00] C:\Programme\MSXML 4.0
  [27.03.2009|20:01] C:\Programme\MSXML 6.0
  [30.06.2008|21:34] C:\Programme\N Schach 3
  [07.06.2008|00:43] C:\Programme\Nero
  [02.05.2008|20:26] C:\Programme\NETGEAR
  [18.04.2009|17:36] C:\Programme\NetMeeting
  [24.10.2006|19:23] C:\Programme\NewTech Infosystems
  [08.06.2008|03:50] C:\Programme\OnlineControl
  [24.10.2006|19:24] C:\Programme\Online-Dienste
  [09.01.2009|00:08] C:\Programme\OpenAL
  [20.02.2008|18:50] C:\Programme\OpenOffice.org 2.3
  [18.04.2009|17:36] C:\Programme\Outlook Express
  [01.12.2008|00:42] C:\Programme\Painter
  [18.06.2008|21:51] C:\Programme\Paradox Entertainment
  [19.06.2008|16:44] C:\Programme\Paradox Interactive
  [11.04.2009|23:42] C:\Programme\phase5
  [20.02.2009|12:52] C:\Programme\PiranhaBytes
  [03.04.2009|18:04] C:\Programme\QuickTime
  [18.05.2008|00:37] C:\Programme\ratDVD
  [16.06.2007|21:47] C:\Programme\Real
  [21.07.2008|20:32] C:\Programme\Real Alternative
  [24.10.2006|19:24] C:\Programme\Realtek
  [14.11.2008|21:24] C:\Programme\REAPER
  [24.03.2009|16:16] C:\Programme\Reference Assemblies
  [07.05.2008|11:18] C:\Programme\RegCure
  [03.04.2009|17:58] C:\Programme\Safari
  [06.04.2009|17:06] C:\Programme\Skype
  [08.06.2008|19:33] C:\Programme\Smart Projects
  [18.04.2009|18:31] C:\Programme\Steam
  [19.01.2009|21:27] C:\Programme\StudioLine Photo Basic
  [17.04.2009|14:20] C:\Programme\SUPERAntiSpyware
  [30.12.2007|21:07] C:\Programme\Symantec
  [20.01.2007|19:47] C:\Programme\Teamspeak2_RC2
  [06.12.2008|15:58] C:\Programme\TeamViewer3
  [10.03.2009|15:43] C:\Programme\THQ
  [23.03.2009|21:04] C:\Programme\TrackMania Nations ESWC
  [15.04.2009|17:09] C:\Programme\Trend Micro
  [27.01.2007|21:20] C:\Programme\Valve
  [05.01.2009|23:24] C:\Programme\Veoh Networks
  [29.12.2008|04:24] C:\Programme\Vidalia Bundle
  [01.12.2008|00:19] C:\Programme\VideoLAN
  [07.05.2008|14:33] C:\Programme\Videoload Manager
  [14.04.2009|22:49] C:\Programme\Warcraft III
  [04.04.2009|11:38] C:\Programme\Webocton - Scriptly
  [31.07.2008|20:22] C:\Programme\WeGame
  [05.09.2007|18:22] C:\Programme\WinAce
  [14.08.2008|18:52] C:\Programme\Windows Media Connect 2
  [14.09.2008|02:02] C:\Programme\Windows Media Player
  [18.04.2009|17:36] C:\Programme\Windows NT
  [24.02.2008|00:09] C:\Programme\WinRAR
  [17.04.2009|01:00] C:\Programme\Wippien
  [24.10.2006|19:24] C:\Programme\xerox
  [05.09.2007|18:24] C:\Programme\Yahoo!
  [0|Datei(en)] C:\Programme\Bytes
  [129|Verzeichnis(se),] C:\Programme\Bytes frei

  --------------------\\  Ordner Verzeichnis unter C:\Programme\Gemeinsame Dateien

  [11.11.2008|20:06] C:\Programme\Gemeinsame Dateien\Adobe
  [17.04.2009|01:31] C:\Programme\Gemeinsame Dateien\Ahead
  [07.06.2008|19:43] C:\Programme\Gemeinsame Dateien\aol
  [05.09.2007|16:54] C:\Programme\Gemeinsame Dateien\aolback
  [03.04.2009|18:06] C:\Programme\Gemeinsame Dateien\Apple
  [03.12.2008|23:40] C:\Programme\Gemeinsame Dateien\AVSMedia
  [30.06.2008|21:25] C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
  [28.03.2008|21:56] C:\Programme\Gemeinsame Dateien\BOONTY Shared
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\Dienste
  [13.07.2007|20:41] C:\Programme\Gemeinsame Dateien\fluxDVD
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\InstallShield
  [24.12.2006|20:54] C:\Programme\Gemeinsame Dateien\Java
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\LightScribe
  [28.09.2008|08:54] C:\Programme\Gemeinsame Dateien\Logitech
  [17.04.2009|02:40] C:\Programme\Gemeinsame Dateien\Microsoft Shared
  [07.05.2008|14:32] C:\Programme\Gemeinsame Dateien\mpDRM
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\MSSoap
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\muvee Technologies
  [07.05.2008|11:51] C:\Programme\Gemeinsame Dateien\Nero
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\NewTech Infosystems
  [27.12.2008|21:06] C:\Programme\Gemeinsame Dateien\NSV
  [05.09.2007|16:53] C:\Programme\Gemeinsame Dateien\Nullsoft
  [14.08.2008|18:47] C:\Programme\Gemeinsame Dateien\Real
  [31.10.2008|16:11] C:\Programme\Gemeinsame Dateien\Skype
  [24.10.2006|19:23] C:\Programme\Gemeinsame Dateien\SpeechEngines
  [12.09.2008|15:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
  [18.04.2009|17:36] C:\Programme\Gemeinsame Dateien\System
  [11.12.2008|18:14] C:\Programme\Gemeinsame Dateien\Vbox
  [17.04.2009|02:34] C:\Programme\Gemeinsame Dateien\Windows Live
  [17.04.2009|14:19] C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
  [14.08.2008|18:47] C:\Programme\Gemeinsame Dateien\xing shared
  [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
  [33|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei

  --------------------\\  Process

  ( 59 Processes )

  iexplore.exe ~ [PID:3924]
  IEXPLORE.EXE ~ [PID:3904]
  IEXPLORE.EXE ~ [PID:2656]

  --------------------\\  Ueberpruefung mit S_Lop

  Kein Lop Ordner gefunden !
 
  --------------------\\  Suche nach Lop Dateien - Ordnern

  Kein Lop Ordner gefunden !
 
  --------------------\\  Suche innerhalb der Registry
 
  ..... OK !

  --------------------\\  Ueberpruefung der Hosts Datei

  Hosts Datei SAUBER


  --------------------\\  Suche nach verborgenen Dateien mit Catchme
 
  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-04-18 19:51:51
  Windows 5.1.2600 Service Pack 3 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 0
 
  --------------------\\  Suche nach anderen Infektionen

  --------------------\\  Cracks & Keygens ..

  C:\DOKUME~1\Zitrone\Eigene Dateien\ICQ\484450461\ReceivedFiles\480723826 caps169\NoCD_Crack.rar
  C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\GameTap\appdata\cache\gtPlayer\data\catalogmedia\CrackDown_GEN_Sega_243b0.dds
  C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\GameTap\appdata\cache\gtPlayer\data\catalogmedia\Crackpots_2600_Act_265f3.dds


  [F:328][D:5]-> C:\DOKUME~1\Zitrone\LOKALE~1\Temp
  [F:98][D:0]-> C:\DOKUME~1\Zitrone\Cookies
  [F:2993][D:4]-> C:\DOKUME~1\Zitrone\LOKALE~1\TEMPOR~1\content.IE5

  1 - "C:\Lop SD\LopR_1.txt" - 18.04.2009|19:52 - Option : [1]

  --------------------\\  Scan beendet um 19:52:28

Angel21 18.04.2009 19:08
Ich werde mir das Log mal ansehen. Moment bitte.

Angel21 18.04.2009 19:15
Habe mir das Log genauer angeschaut, wie gesagt ich würde an deiner Stelle neu aufsetzen. Unten ist die Anleitung hierzu.

Und du schreibst mir zusätzlich noch 100 mal an die Tafel "Ich habe keine Crack.exes zu downloaden und auch keine Toolbars mitzuinstallieren".

Ormel 18.04.2009 19:21
okay alles klar
dann noch ein dickes dankeschön für die schnelle Hilfe:)

Angel21 18.04.2009 19:30
Bitteschön :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131