Trojaner-Board - Abbild fehlerhaft

Hallo,

seit kurzem habe ich folgendes großes Problem:

Beim Systemstart kommt ständigt
axrord32.exe - Abbild fehlerhaft
Die Anwendung oder dll c:\windows\system32\0053.dll ist keine gültige Windows-Datei. Überprüfen Sie die Installationsdiskette.
Die Datei 0053.dll hat folgende Eigenschaften: erstellt 25.08., Größe 19,8 KB (20.334 Bytes).

Diese Meldung kommt beim Start ca 50 mal für alle Programme die sich irgendwie starten, sowie im BEtrieb bei jedem Aufruf einer neuen Programms.
AntiVir und Windows Firewall waren die ganze Zeit in Betrieb, finden keine Viren..

sfc /scannow bringt keine Änderung.

Aus anderen Postings habe ich rausgelesen was für Logdateien zum Posten sinnvoll wären, diese folgen unten.

Was kann ich tun?
Natürlich habe ich Depp keine aktuelle Sicherung der PArtition (btw: was ist dafür eigentlich das BEste? Nehme easeus todo backup her..)

HiJAckThis Log:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:21:05, on 07.09.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programme\Avira\AntiVir Desktop\avshadow.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

C:\Programme\TeamViewer\Version5\TeamViewer.exe

C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programme\FreePDF_XP\fpassist.exe

C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programme\iTunes\iTunesHelper.exe

C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Programme\Hardcopy\hardcopy.exe

C:\Programme\iPod\bin\iPodService.exe

c:\programme\avira\antivir desktop\avcenter.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programme\Avira\AntiVir Desktop\avscan.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\ini.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\0053.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
 

--

End of file - 7210 bytes

Von hier (w.trojaner-board.de/77288-abbild-fehlerhaft.html) filelist geladen. Inhalt: (alles <2010 durch .......... ersetzt)

Code:



----- Root ----------------------------- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\
 

07.09.2010  22:22                43 filelist.txt

07.09.2010  21:37     3.219.214.336 pagefile.sys

04.09.2010  20:57               211 boot.ini

02.09.2010  20:09               427 fpRedmon.log

..............

              11 Datei(en)  3.219.519.245 Bytes

               0 Verzeichnis(se), 93.621.723.136 Bytes frei

 

----- Windows -------------------------- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\WINDOWS
 

07.09.2010  21:53           780.878 setupapi.log

07.09.2010  21:40         1.674.093 WindowsUpdate.log

07.09.2010  21:40                 0 0.log

07.09.2010  21:39               159 wiadebug.log

07.09.2010  21:39                47 wiaservc.log

07.09.2010  21:39             2.048 bootstat.dat

07.09.2010  21:35            32.098 SchedLgU.Txt

02.09.2010  20:04            64.817 Hardcopy.log

25.08.2010  20:31           249.856 Setup1.exe

25.08.2010  20:31            73.216 ST6UNST.EXE

19.08.2010  10:04             7.275 wmsetup.log

12.08.2010  22:09             1.374 imsins.log

12.08.2010  22:09           222.967 comsetup.log

12.08.2010  22:09            32.550 tabletoc.log

12.08.2010  22:09           296.668 tsoc.log

12.08.2010  22:09           134.073 ntdtcsetup.log

12.08.2010  22:09            35.864 ocmsn.log

12.08.2010  22:09           746.610 iis6.log

12.08.2010  22:09            18.486 KB982214.log

12.08.2010  22:09            46.567 MedCtrOC.log

12.08.2010  22:09           111.842 netfxocm.log

12.08.2010  22:09           321.861 ocgen.log

12.08.2010  22:09            32.183 msgsocm.log

12.08.2010  22:09           634.647 FaxSetup.log

12.08.2010  22:09           206.786 msmqinst.log

12.08.2010  22:09             1.374 imsins.BAK

12.08.2010  22:09            23.079 KB2115168.log

12.08.2010  22:09            20.133 KB981852.log

12.08.2010  22:08            23.471 KB2079403.log

12.08.2010  22:08           127.671 updspapi.log

12.08.2010  22:07            21.667 KB2183461-IE8.log

12.08.2010  22:06            19.888 KB2160329.log

12.08.2010  22:06            19.236 KB980436.log

12.08.2010  22:05            13.408 KB981997.log

12.08.2010  22:05            17.906 KB982665.log

04.08.2010  03:00            16.191 KB2286198.log

01.08.2010  21:22           206.764 setupact.log

28.07.2010  21:38             1.053 ODBC.INI

27.07.2010  20:39             3.783 KB952011.log

22.07.2010  20:29             4.097 WgaNotify.log

22.07.2010  20:29            80.162 spupdsvc.log

22.07.2010  19:56            12.981 KB976662-IE8.log

22.07.2010  19:56            18.885 KB970430.log

22.07.2010  19:56            10.056 KB961118.log

22.07.2010  19:54            15.215 KB982381-IE8.log

22.07.2010  19:53             8.024 KB981332-IE8.log

22.07.2010  19:53            13.013 KB971737.log

22.07.2010  19:52             7.770 KB971961-IE8.log

21.07.2010  18:49            73.256 KB980218.log

21.07.2010  18:49            72.796 KB959426.log

21.07.2010  18:49            59.699 KB956803.log

21.07.2010  18:49            72.293 KB960859.log

21.07.2010  18:49            59.799 KB971468.log

21.07.2010  18:49            61.353 KB979683.log

21.07.2010  18:49            57.179 KB958869.log

21.07.2010  18:49            59.279 KB980195.log

21.07.2010  18:49            59.876 KB980232.log

21.07.2010  18:48            57.634 KB979402.log

21.07.2010  18:48            60.567 KB955759.log

21.07.2010  18:48            70.803 KB974318.log

21.07.2010  18:48            69.345 KB969059.log

21.07.2010  18:48            71.504 KB981349.log

21.07.2010  18:48            58.255 KB2229593.log

21.07.2010  18:48            29.353 ie8_main.log

21.07.2010  18:48            68.923 ie8.log

21.07.2010  18:37            42.512 KB978037.log

21.07.2010  18:37            42.328 KB975713.log

21.07.2010  18:37            40.843 KB971657.log

21.07.2010  18:37            41.770 KB978338.log

21.07.2010  18:37            27.974 KB954155.log

21.07.2010  18:37            42.028 KB960225.log

21.07.2010  18:37            29.804 KB972270.log

21.07.2010  18:35            30.035 KB956744.log

21.07.2010  18:34            40.996 KB974112.log

21.07.2010  18:34            32.536 KB956572.log

21.07.2010  18:34            26.115 KB956844.log

21.07.2010  18:34            37.854 KB961501.log

21.07.2010  18:34            25.826 KB975561.log

21.07.2010  18:34            25.855 KB973869.log

21.07.2010  18:34            37.974 KB975025.log

21.07.2010  18:34            39.630 KB952004.log

21.07.2010  18:33            37.903 KB974571.log

21.07.2010  18:33            37.371 KB975560.log

21.07.2010  18:33            36.599 KB973507.log

21.07.2010  18:33            35.786 KB977816.log

21.07.2010  18:33            25.966 KB973687.log

21.07.2010  18:33            20.546 KB981793.log

21.07.2010  18:33            30.405 KB978601.log

21.07.2010  18:33            37.879 KB979559.log

21.07.2010  18:33            21.519 KB978695.log

21.07.2010  18:33            25.242 KB973904.log

21.07.2010  18:33            35.727 KB967715.log

21.07.2010  18:31            21.829 KB973540.log

21.07.2010  18:31            34.898 KB974392.log

21.07.2010  18:31            18.211 KB976002-v5.log

21.07.2010  18:31            34.080 KB954459.log

21.07.2010  18:31            22.374 KB952069.log

21.07.2010  18:31            33.900 KB977914.log

21.07.2010  18:31            32.537 KB978542.log

21.07.2010  18:31            32.632 KB970238.log

21.07.2010  18:31            28.336 KB979309.log

21.07.2010  18:30            31.902 KB979482.log

21.07.2010  18:30            31.904 KB978706.log

21.07.2010  18:30            32.209 KB960803.log

21.07.2010  18:30            31.510 KB973815.log

21.07.2010  18:30            31.392 KB975562.log

21.07.2010  18:30            23.601 KB958644.log

21.07.2010  18:30            23.078 KB955069.log

21.07.2010  18:30            30.540 KB956802.log

21.07.2010  18:30            31.735 KB982381.log

21.07.2010  18:30           303.022 msxml4-KB954430-enu.LOG

21.07.2010  18:30           310.236 msxml4-KB973688-enu.LOG

21.07.2010  18:30            20.156 KB923561.log

21.07.2010  18:29            18.899 KB971961.log

21.07.2010  18:29            31.680 KB975467.log

21.07.2010  18:29            26.888 KB968389.log

21.07.2010  18:27             1.318 hpbvnstp.ini

21.07.2010  18:27             3.462 hpbvnstp.his

20.03.2010  09:45           501.760 SwSetupu.exe

............

             210 Datei(en)     29.810.888 Bytes

               0 Verzeichnis(se), 93.621.694.464 Bytes frei

 

----- System  --- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\WINDOWS\system
 

...............

              25 Datei(en)        929.787 Bytes

               0 Verzeichnis(se), 93.621.694.464 Bytes frei

 

----- System 32 (Achtung: Zeitfenster beachten!) --- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\WINDOWS\system32
 

07.09.2010  21:40             2.206 wpa.dbl

07.09.2010  21:39           186.097 nvapps.xml

07.09.2010  21:39         3.420.216 FNTCACHE.DAT

07.09.2010  21:36            64.980 DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx

07.09.2010  21:36             1.080 settingsbkup.sfm

07.09.2010  21:36             1.080 settings.sfm

07.09.2010  21:36            54.788 BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx

07.09.2010  21:36            54.788 BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx

07.09.2010  21:25            67.312 perfc009.dat

07.09.2010  21:25           448.470 perfh007.dat

07.09.2010  21:25           432.356 perfh009.dat

07.09.2010  21:25            80.104 perfc007.dat

07.09.2010  21:25         1.042.248 PerfStringBackup.INI

07.09.2010  20:50            20.334 0053.DLL

25.08.2010  20:53            40.955 ini.exe

25.08.2010  20:52                10 kr_done1

16.08.2010  15:31           725.064 pwNative.exe

16.08.2010  15:31            16.472 pwdrvio.sys

16.08.2010  15:31            11.104 pwdspio.sys

10.08.2010  05:15            69.632 QuickTime.qts

10.08.2010  05:15            94.208 QuickTimeVR.qtx

03.08.2010  20:09        35.962.312 MRT.exe

27.07.2010  18:44           107.808 dns-sd.exe

27.07.2010  18:44            91.424 dnssd.dll

27.07.2010  18:44           197.920 dnssdX.dll

27.07.2010  08:29         8.503.296 shell32.dll

22.07.2010  20:52            17.460 mlfcache.dat

21.07.2010  18:33           212.268 TZLog.log

21.07.2010  18:27                35 mmc.log

30.06.2010  14:28           149.504 schannel.dll

24.06.2010  17:51        11.077.120 ieframe.dll

24.06.2010  14:22         1.210.368 urlmon.dll

24.06.2010  14:22           916.480 wininet.dll

24.06.2010  14:22           611.840 mstime.dll

24.06.2010  14:22           206.848 occache.dll

24.06.2010  14:22         5.951.488 mshtml.dll

24.06.2010  14:21         1.986.560 iertutil.dll

24.06.2010  14:21            25.600 jsproxy.dll

24.06.2010  14:21            55.296 msfeedsbs.dll

24.06.2010  14:21         1.469.440 inetcpl.cpl

24.06.2010  14:21           599.040 msfeeds.dll

24.06.2010  14:21           184.320 iepeers.dll

24.06.2010  14:21           387.584 iedkcs32.dll

24.06.2010  11:02         1.852.032 win32k.sys

23.06.2010  14:08           173.056 ie4uinit.exe

17.06.2010  16:03            80.384 iccvid.dll

15.06.2010  18:16           143.422 l3codecx.ax

14.06.2010  09:41         1.172.480 msxml3.dll

03.06.2010  04:41         3.600.384 GPhotos.scr

28.04.2010  07:41         2.148.864 ntoskrnl.exe

28.04.2010  07:41         2.027.008 ntkrnlpa.exe

21.04.2010  15:28            46.080 tzchange.exe

20.04.2010  07:29           285.696 atmfd.dll

19.04.2010  20:47         3.062.048 usbaaplrc.dll

16.04.2010  18:06         1.509.888 shdocvw.dll

16.04.2010  18:06         1.025.024 browseui.dll

08.04.2010  14:03         2.113.536 WMVCore.dll

31.03.2010  00:16            99.176 PresentationHostProxy.dll

31.03.2010  00:10           295.264 PresentationHost.exe

19.03.2010  18:05         4.874.240 wmp.dll

10.03.2010  08:15           420.352 vbscript.dll

05.03.2010  16:37            65.536 asycfilt.dll

05.03.2010  10:13           947.472 msjava.dll

23.02.2010  00:12            57.667 ieuinit.inf

12.02.2010  12:03           293.376 browserchoice.exe

12.02.2010  06:33           100.864 6to4svc.dll

05.02.2010  20:25         1.297.408 quartz.dll

29.01.2010  16:59           691.712 inetcomm.dll

29.01.2010  16:43           307.260 l3codeca.acm

13.01.2010  16:00            86.528 cabview.dll

.............

            2315 Datei(en)    553.982.963 Bytes

               0 Verzeichnis(se), 93.621.514.240 Bytes frei

 

----- Prefetch ------------------------- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\WINDOWS\Prefetch
 

07.09.2010  22:22            11.650 FIND.EXE-0EC32F1E.pf

07.09.2010  22:22            13.582 CMD.EXE-087B4001.pf

07.09.2010  22:22            27.568 DLLHOST.EXE-2E73BAEE.pf

07.09.2010  22:22            30.260 VSSVC.EXE-0F74375A.pf

07.09.2010  22:22           234.610 WINRAR.EXE-3588DFE8.pf

07.09.2010  22:22            22.052 VERCLSID.EXE-3667BD89.pf

07.09.2010  22:21            80.442 NOTEPAD.EXE-336351A9.pf

07.09.2010  22:20            59.228 WMIPRVSE.EXE-28F301A9.pf

07.09.2010  22:20            86.532 HIJACKTHIS.EXE-39024128.pf

07.09.2010  22:20            83.568 MSIEXEC.EXE-2F8A8CAE.pf

07.09.2010  22:11            85.422 PLUGIN-CONTAINER.EXE-170C935C.pf

07.09.2010  22:10           124.324 ACRORD32.EXE-2E761392.pf

07.09.2010  22:10           114.172 FIREFOX.EXE-1D57670A.pf

07.09.2010  22:10           146.506 MSIMN.EXE-0B61806C.pf

07.09.2010  22:09           548.012 Layout.ini

07.09.2010  22:04            60.046 LOGON.SCR-151EFAEA.pf

07.09.2010  21:52            14.426 RUNDLL32.EXE-451FC2C0.pf

07.09.2010  21:41            68.404 ACRORD32INFO.EXE-19B1D743.pf

07.09.2010  21:40            16.320 ALG.EXE-0F138680.pf

07.09.2010  21:40            16.168 IPODSERVICE.EXE-233792DA.pf

07.09.2010  21:40            31.654 IMAPI.EXE-0BF740A4.pf

07.09.2010  21:40            23.398 RUNDLL32.EXE-35A483DA.pf

07.09.2010  21:40            74.964 IEXPLORE.EXE-2CA9778D.pf

07.09.2010  21:40            23.948 ADOBEARM.EXE-237273D1.pf

07.09.2010  21:40            71.656 EXPLORER.EXE-082F38A9.pf

07.09.2010  21:40            54.556 SVCHOST.EXE-3530F672.pf

07.09.2010  21:40            20.138 LOGONUI.EXE-0AF22957.pf

07.09.2010  21:18            59.268 WUAUCLT.EXE-399A8E72.pf

07.09.2010  21:16            46.614 GOOGLEUPDATE.EXE-187AE91D.pf

07.09.2010  21:09           112.776 UPDATE.EXE-3398FCD6.pf

07.09.2010  21:04            63.446 AVNOTIFY.EXE-31D7686A.pf

07.09.2010  20:44            30.582 AGENTSVR.EXE-002E45AB.pf

07.09.2010  20:43            82.046 WINWORD.EXE-0AEA99D4.pf

07.09.2010  20:41            21.760 INSTALL.EXE-3AEF1D3F.pf

07.09.2010  20:25            91.826 ACDSEE.EXE-08FC4987.pf

07.09.2010  20:21            68.402 GETPLUSPLUS_ADOBE.EXE-20139700.pf

12.08.2010  18:02            30.670 AVWSC.EXE-3AC95876.pf

...........

              38 Datei(en)      3.554.454 Bytes

               0 Verzeichnis(se), 93.621.579.776 Bytes frei

 

----- Tasks ---------------------------- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\WINDOWS\tasks
 

07.09.2010  21:39                 6 SA.DAT

02.09.2010  13:25               276 AppleSoftwareUpdate.job

...................

               3 Datei(en)            347 Bytes

               0 Verzeichnis(se), 93.621.579.776 Bytes frei

 

----- Windows/Temp ----------------------- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\WINDOWS\Temp
 

07.09.2010  22:09               483 WGAErrLog.txt

07.09.2010  21:35           616.448 xgwwj1e1.TMP

07.09.2010  20:48           616.448 eilv4fwr.TMP

07.09.2010  20:38           616.448 swnu8oun.TMP

04.09.2010  22:09           616.448 6d8a1rx4.TMP

04.09.2010  18:29             2.090 PQ_DEBUG.TXT

02.09.2010  20:09               382 fpRedmon.log

20.08.2010  20:52             2.090 PQ_DEBUG.001

20.08.2010  20:52             2.090 PQ_DEBUG.002

20.08.2010  20:52             3.098 PQ_DEBUG.003

20.08.2010  20:52             3.098 PQ_DEBUG.004

12.08.2010  22:08             5.158 ASPNETSetup_00002.log

12.08.2010  22:07            44.702 dd_clwireg.txt

31.07.2010  19:15                85 SetupAdminF10.log

22.07.2010  20:29               165 update.log

22.07.2010  03:05             4.374 dd_wcf_retCA5C24.txt

22.07.2010  03:05             5.158 ASPNETSetup_00001.log

22.07.2010  03:04           431.344 uxeventlog.txt

22.07.2010  03:04           659.128 dd_dotnetfx35install.txt

22.07.2010  03:04         4.463.508 dd_NET_Framework35_MSI6AC2.txt

22.07.2010  03:03         5.306.236 dd_NET_Framework30_Setup6A43.txt

22.07.2010  03:03             4.473 dd_wcf_retCA5BDE.txt

22.07.2010  03:03            75.365 dd_XPS.txt

22.07.2010  03:02        15.184.920 dd_NET_Framework20_Setup6873.txt

22.07.2010  03:02             5.158 ASPNETSetup_00000.log

22.07.2010  03:00           204.448 dd_depcheck_NETFX_EXP_35.txt

22.07.2010  03:00                 2 dd_dotnetfx35error.txt

............

              30 Datei(en)     29.205.778 Bytes

               0 Verzeichnis(se), 93.621.575.680 Bytes frei

 

----- Temp ----------------------------- 

 Datentr„ger in Laufwerk C: ist SHIT

 Volumeseriennummer: 0000-0001
 

 Verzeichnis von C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp
 

07.09.2010  22:20           114.688 ~DF26E9.tmp

07.09.2010  22:11         2.505.878 Q1NInmZE.zip.part

07.09.2010  21:41               875 AdobeARM_NotLocked.log

07.09.2010  21:40            75.448 AdobeARM.log

07.09.2010  21:39               512 ~DF29F3.tmp

07.09.2010  21:39            16.384 ~DF2930.tmp

07.09.2010  21:39               512 ~DF23A1.tmp

07.09.2010  21:39            32.768 ~DF2345.tmp

07.09.2010  21:39            16.384 ~DFF8EF.tmp

07.09.2010  21:39            16.384 ~DFE68B.tmp

07.09.2010  21:39            16.384 ~DFCBB1.tmp

07.09.2010  21:04                 0 isD.tmp

07.09.2010  20:24            98.654 ~GE82.jpg

07.09.2010  20:24                 0 ~GE82.tmp

07.09.2010  20:24               701 ~GE7E.kmz

07.09.2010  20:24                 0 ~GE7F.tmp

07.09.2010  20:24                 0 ~GE7E.tmp

07.09.2010  20:13                 0 geColladaModelCacheLock

07.09.2010  20:13                 0 geIconCacheLock

07.09.2010  20:13                 0 is49.tmp

06.09.2010  21:46             1.632 Rar$LS14.0328

06.09.2010  21:46             1.632 Rar$LS14.2562

06.09.2010  21:04             9.635 TWAIN.LOG

06.09.2010  21:03                 4 Twain001.Mtx

06.09.2010  21:03               156 Twunk001.MTX

06.09.2010  21:01               441 wecerr.txt

02.09.2010  13:26            19.621 QTInstallCode.log

02.09.2010  13:26         8.266.586 SetupAdmin704.log

02.09.2010  13:25             3.956 qtplugin.log

25.08.2010  20:53            40.955 tersraww.exe

21.08.2010  23:39                 0 ACD17.tmp

21.08.2010  22:06            76.956 qqlKI182.rar.part

21.08.2010  22:00         7.130.772 +B0RLMRT.rar.part

19.08.2010  19:54            31.423 amt3.log

19.08.2010  19:51             3.724 swtag.log

19.08.2010  19:50           298.324 PDApp.log

19.08.2010  19:37             9.298 oobelib.log

19.08.2010  08:56            12.818 control.xml

12.08.2010  08:03            11.670 dd_vcredistUI3923.txt

12.08.2010  08:03           528.256 dd_vcredistMSI3923.txt

02.08.2010  17:27               123 CFGCA.tmp

02.08.2010  17:27               123 CFGC7.tmp

01.08.2010  12:24               248 QTStreaming Debug Log.txt

28.07.2010  21:34             1.564 Office 2000 Premium Setup(0004).txt

27.07.2010  20:38               165 update.log

22.07.2010  19:57           505.598 Microsoft .NET Framework 2.0-KB974417_20100722_175631406.html

22.07.2010  19:57        12.248.356 Microsoft .NET Framework 2.0-KB974417_20100722_175631406-Msi0.txt

22.07.2010  19:57             5.158 ASPNETSetup_00006.log

22.07.2010  19:56           114.340 Microsoft .NET Framework 3.0-KB977354_20100722_175548750.html

22.07.2010  19:56         2.362.038 Microsoft .NET Framework 3.0-KB977354_20100722_175548750-Msi0.txt

22.07.2010  19:55             4.572 dd_wcf_retCA7481.txt

22.07.2010  19:55           505.608 Microsoft .NET Framework 2.0-KB976576_20100722_175420656.html

22.07.2010  19:55        11.716.070 Microsoft .NET Framework 2.0-KB976576_20100722_175420656-Msi0.txt

22.07.2010  19:55             5.158 ASPNETSetup_00005.log

22.07.2010  19:54            70.440 dd_clwireg.txt

22.07.2010  19:54            76.386 Microsoft .NET Framework 3.5-KB963707_20100722_175414468.html

22.07.2010  19:54           427.696 Microsoft .NET Framework 3.5-KB963707_20100722_175414468-Msi0.txt

22.07.2010  19:53           585.988 Microsoft .NET Framework 3.0-KB982168_20100722_175211375.html

22.07.2010  19:53         2.210.260 Microsoft .NET Framework 3.0-KB982168_20100722_175211375-Msi1.txt

22.07.2010  19:53             4.374 dd_wcf_retCA1B55.txt

22.07.2010  19:53        11.166.758 Microsoft .NET Framework 3.0-KB982168_20100722_175211375-Msi0.txt

22.07.2010  19:53             5.158 ASPNETSetup_00004.log

22.07.2010  19:51           503.938 Microsoft .NET Framework 2.0-KB979909_20100722_175035312.html

22.07.2010  19:51        10.003.400 Microsoft .NET Framework 2.0-KB979909_20100722_175035312-Msi0.txt

22.07.2010  19:51             5.158 ASPNETSetup_00003.log

21.07.2010  18:37           449.574 Microsoft .NET Framework 2.0-KB982865_20100721_163549000.html

21.07.2010  18:37         9.454.572 Microsoft .NET Framework 2.0-KB982865_20100721_163549000-Msi0.txt

21.07.2010  18:37             5.158 ASPNETSetup_00002.log

21.07.2010  18:32           450.218 Microsoft .NET Framework 2.0-KB953300_20100721_163142328.html

21.07.2010  18:32         8.787.456 Microsoft .NET Framework 2.0-KB953300_20100721_163142328-Msi0.txt

21.07.2010  18:32             5.158 ASPNETSetup_00001.log

21.07.2010  18:27               165 mmc.log

21.07.2010  17:43                85 SetupAdmin444.log

21.07.2010  17:31                85 SetupAdmin7E0.log

..............

             111 Datei(en)    106.328.369 Bytes

               0 Verzeichnis(se), 93.621.571.584 Bytes frei

Liste meine Programme von CCleaner:

Code:

ACDSee 4.0.1 Standard        ACD Systems Ltd        4.00.0001

Adobe AIR        Adobe Systems Inc.        1.5.3.9120

Adobe Community Help        Adobe Systems Incorporated        3.0.0.400

Adobe Flash Player Plugin        Adobe Systems Incorporated        9.0.124.0

Adobe Media Player        Adobe Systems Incorporated        1.8

Adobe Photoshop 7.0        Adobe Systems, Inc.        7.0

Adobe Photoshop CS5        Adobe Systems Incorporated        12.0

Adobe Reader 9.3.3 - Deutsch        Adobe Systems Incorporated        9.3.3

Ant Renamer        Ant Software        2.10.0

AnyDVD        SlySoft        

Apple Application Support        Apple Inc.        1.3.2

Apple Mobile Device Support        Apple Inc.        3.2.0.47

Apple Software Update        Apple Inc.        2.1.2.120

Ashampoo Burning Studio 2010        ashampoo GmbH & Co. KG        9.22

Avira AntiVir Personal - Free Antivirus        Avira GmbH        10.0.0.567

Bonjour        Apple Inc.        2.0.3.0

CCleaner        Piriform        2.35

CloneDVD        Elaborate Bytes        

CloneDVD2        Elaborate Bytes        

Dell Resource CD        Dell Inc.        1.00.0000

DVD Shrink 3.2        DVD Shrink        

EASEUS Todo Backup 1.1        EASEUS        

FreePDF XP (Remove only)                

GMX ProfiFax        GMX GmbH        1.00.170

GPL Ghostscript 8.62                

GPL Ghostscript Fonts                

Hardcopy (C:\Programme\Hardcopy)        www.hardcopy.de        2010.08.19

High Definition Audio Driver Package - KB835221        Microsoft Corporation        20040219.000000

HiJackThis        Trend Micro        1.0.0

Intel(R) PRO Network Connections Drivers                

iTunes        Apple Inc.        10.0.0.68

Lidl-Fotos                

Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        2.2.30729

Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        3.2.30729

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        

Microsoft Office 2000 Premium        Microsoft Corporation        9.00.2816

Microsoft Sync Framework 2.0 Core Components (x86) ENU         Microsoft Corporation        2.0.1578.0

Microsoft Sync Framework 2.0 Provider Services (x86) ENU         Microsoft Corporation        2.0.1578.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        9.0.30729.4148

MiniTool Partition Wizard Home Edition 5.2        MiniTool Solution Ltd.        

Mozilla Firefox (3.6.8)        Mozilla        3.6.8 (de)

MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        4.20.9848.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        4.20.9876.0

Nimo Codecs Pack v5.0 (Remove Only)                

NVIDIA Drivers                

Picasa 3        Google, Inc.        3.6

PowerQuest Drive Image 7.0        PowerQuest        7.00.0000

PowerQuest PartitionMagic 8.0        PowerQuest        8.00.000

QuickTime        Apple Inc.        7.67.75.0

RedMon - Redirection Port Monitor                

Safari        Apple Inc.        5.33.17.8

Samsung Druckerstatusmonitor                

SyncToy 2.1 (x86)        Microsoft        2.1.0

TeamViewer 5        TeamViewer GmbH        5.0.8703 

UMAX Astra 4500                

VR-NetWorld                

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray        Microsoft Corporation        1.0

Windows Internet Explorer 8        Microsoft Corporation        20090308.140743

Windows XP Service Pack 3        Microsoft Corporation        20080414.031514

WinRAR

Gmer Log:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit quick scan 2010-09-07 22:32:45

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\ugldypob.sys
 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs    PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice  \FileSystem\Fastfat \Fat  PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice  \FileSystem\Fastfat \Fat  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Root Repeal - Drivers:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/09/07 22:38

Program Version:                Version 1.3.5.0

Windows Version:                Windows XP SP3

==================================================
 

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xB9F78000        Size: 188800        File Visible: -        Signed: -

Status: -
 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000        Size: 2154496        File Visible: -        Signed: -

Status: -
 

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xB2C97000        Size: 138496        File Visible: -        Signed: -

Status: -
 

Name: AnyDVD.sys

Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys

Address: 0xB9476000        Size: 97408        File Visible: -        Signed: -

Status: -
 

Name: ar5211.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ar5211.sys

Address: 0x97B1B000        Size: 471520        File Visible: -        Signed: -

Status: -
 

Name: atapi.sys

Image Path: atapi.sys

Address: 0xB9E43000        Size: 96512        File Visible: -        Signed: -

Status: -
 

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000        Size: 286720        File Visible: -        Signed: -

Status: -
 

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xBA6BC000        Size: 3072        File Visible: -        Signed: -

Status: -
 

Name: avgio.sys

Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys

Address: 0xBA5EA000        Size: 6144        File Visible: -        Signed: -

Status: -
 

Name: avgntflt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys

Address: 0x9A449000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: avipbb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys

Address: 0xB2B62000        Size: 139264        File Visible: -        Signed: -

Status: -
 

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xBA5D6000        Size: 4224        File Visible: -        Signed: -

Status: -
 

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xBA4B8000        Size: 12288        File Visible: -        Signed: -

Status: -
 

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xB2DF3000        Size: 63744        File Visible: -        Signed: -

Status: -
 

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xBA1E8000        Size: 62976        File Visible: -        Signed: -

Status: -
 

Name: cercsr6.sys

Image Path: cercsr6.sys

Address: 0xBA338000        Size: 29120        File Visible: -        Signed: -

Status: -
 

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xBA0E8000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: ctac32k.sys

Image Path: C:\WINDOWS\system32\drivers\ctac32k.sys

Address: 0xB4F7B000        Size: 638976        File Visible: -        Signed: -

Status: -
 

Name: ctaud2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys

Address: 0xB9507000        Size: 439680        File Visible: -        Signed: -

Status: -
 

Name: ctoss2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys

Address: 0xB948E000        Size: 204800        File Visible: -        Signed: -

Status: -
 

Name: ctprxy2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctprxy2k.sys

Address: 0xBA448000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: ctsfm2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctsfm2k.sys

Address: 0xB5017000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: disk.sys

Image Path: disk.sys

Address: 0xBA0D8000        Size: 36352        File Visible: -        Signed: -

Status: -
 

Name: dmio.sys

Image Path: dmio.sys

Address: 0xB9F22000        Size: 154112        File Visible: -        Signed: -

Status: -
 

Name: dmload.sys

Image Path: dmload.sys

Address: 0xBA5AC000        Size: 5888        File Visible: -        Signed: -

Status: -
 

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xBA1D8000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: dump_iastor.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys

Address: 0xB2A4F000        Size: 815104        File Visible: No        Signed: -

Status: -
 

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xB2BA4000        Size: 12288        File Visible: -        Signed: -

Status: -
 

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000        Size: 73728        File Visible: -        Signed: -

Status: -
 

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xBA76B000        Size: 4096        File Visible: -        Signed: -

Status: -
 

Name: e1e5132.sys

Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys

Address: 0xB960B000        Size: 176128        File Visible: -        Signed: -

Status: -
 

Name: ElbyCDIO.sys

Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

Address: 0xBA460000        Size: 16896        File Visible: -        Signed: -

Status: -
 

Name: ElbyDelay.sys

Image Path: C:\WINDOWS\System32\Drivers\ElbyDelay.sys

Address: 0xBA6B3000        Size: 3840        File Visible: -        Signed: -

Status: -
 

Name: emupia2k.sys

Image Path: C:\WINDOWS\system32\drivers\emupia2k.sys

Address: 0xB503E000        Size: 184320        File Visible: -        Signed: -

Status: -
 

Name: eubakup.sys

Image Path: eubakup.sys

Address: 0xBA340000        Size: 21760        File Visible: -        Signed: -

Status: -
 

Name: EuDisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\EuDisk.sys

Address: 0xB937B000        Size: 118016        File Visible: -        Signed: -

Status: -
 

Name: eufs.sys

Image Path: eufs.sys

Address: 0xBA4BC000        Size: 16128        File Visible: -        Signed: -

Status: -
 

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xB2B3E000        Size: 143744        File Visible: -        Signed: -

Status: -
 

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xBA458000        Size: 27392        File Visible: -        Signed: -

Status: -
 

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xBA108000        Size: 44672        File Visible: -        Signed: -

Status: -
 

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xBA3E8000        Size: 20480        File Visible: -        Signed: -

Status: -
 

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xB9E0B000        Size: 129792        File Visible: -        Signed: -

Status: -
 

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xBA5D2000        Size: 7936        File Visible: -        Signed: -

Status: -
 

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xB9F48000        Size: 126336        File Visible: -        Signed: -

Status: -
 

Name: GEARAspiWDM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xBA350000        Size: 21120        File Visible: -        Signed: -

Status: -
 

Name: ha20x2k.sys

Image Path: C:\WINDOWS\system32\drivers\ha20x2k.sys

Address: 0xB506B000        Size: 1114112        File Visible: -        Signed: -

Status: -
 

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806E5000        Size: 134400        File Visible: -        Signed: -

Status: -
 

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xB2E13000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xBA418000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xB2C7B000        Size: 10368        File Visible: -        Signed: -

Status: -
 

Name: hpfxbulk.sys

Image Path: C:\WINDOWS\system32\drivers\hpfxbulk.sys

Address: 0xB2C93000        Size: 9344        File Visible: -        Signed: -

Status: -
 

Name: HPFXGEN.SYS

Image Path: C:\WINDOWS\system32\drivers\HPFXGEN.SYS

Address: 0xBA388000        Size: 20480        File Visible: -        Signed: -

Status: -
 

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0x97FE9000        Size: 265728        File Visible: -        Signed: -

Status: -
 

Name: iaStor.sys

Image Path: iaStor.sys

Address: 0xB9E5B000        Size: 815104        File Visible: -        Signed: -

Status: -
 

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xBA208000        Size: 42112        File Visible: -        Signed: -

Status: -
 

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xBA1C8000        Size: 40448        File Visible: -        Signed: -

Status: -
 

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xB2CB9000        Size: 152832        File Visible: -        Signed: -

Status: -
 

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xB2D60000        Size: 75264        File Visible: -        Signed: -

Status: -
 

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xBA0A8000        Size: 37632        File Visible: -        Signed: -

Status: -
 

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xBA450000        Size: 25216        File Visible: -        Signed: -

Status: -
 

Name: kbdhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Address: 0xB2C73000        Size: 14720        File Visible: -        Signed: -

Status: -
 

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xBA5A8000        Size: 8192        File Visible: -        Signed: -

Status: -
 

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0x97CE6000        Size: 172416        File Visible: -        Signed: -

Status: -
 

Name: ks.sys

Image Path: C:\WINDOWS\system32\drivers\ks.sys

Address: 0xB94C0000        Size: 143360        File Visible: -        Signed: -

Status: -
 

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xB9DE0000        Size: 92928        File Visible: -        Signed: -

Status: -
 

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xBA5DA000        Size: 4224        File Visible: -        Signed: -

Status: -
 

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xBA468000        Size: 23552        File Visible: -        Signed: -

Status: -
 

Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xB93FE000        Size: 12288        File Visible: -        Signed: -

Status: -
 

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xBA0B8000        Size: 42368        File Visible: -        Signed: -

Status: -
 

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0x9A14C000        Size: 180608        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xB2BAC000        Size: 455680        File Visible: -        Signed: -

Status: -
 

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xBA440000        Size: 19072        File Visible: -        Signed: -

Status: -
 

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xBA248000        Size: 35072        File Visible: -        Signed: -

Status: -
 

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xB9CBF000        Size: 15488        File Visible: -        Signed: -

Status: -
 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xB9D0C000        Size: 105344        File Visible: -        Signed: -

Status: -
 

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xB9D26000        Size: 182656        File Visible: -        Signed: -

Status: -
 

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xBA59C000        Size: 10112        File Visible: -        Signed: -

Status: -
 

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0x9A425000        Size: 14592        File Visible: -        Signed: -

Status: -
 

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xB945F000        Size: 91520        File Visible: -        Signed: -

Status: -
 

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xBA2A8000        Size: 40576        File Visible: -        Signed: -

Status: -
 

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xBA308000        Size: 34688        File Visible: -        Signed: -

Status: -
 

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xB2CDF000        Size: 162816        File Visible: -        Signed: -

Status: -
 

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xBA470000        Size: 30848        File Visible: -        Signed: -

Status: -
 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9D53000        Size: 574976        File Visible: -        Signed: -

Status: -
 

Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x804D7000        Size: 2154496        File Visible: -        Signed: -

Status: -
 

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xBA792000        Size: 2944        File Visible: -        Signed: -

Status: -
 

Name: nv4_disp.dll

Image Path: C:\WINDOWS\System32\nv4_disp.dll

Address: 0xBF012000        Size: 6111232        File Visible: -        Signed: -

Status: -
 

Name: nv4_mini.sys

Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

Address: 0xB964A000        Size: 6557408        File Visible: -        Signed: -

Status: -
 

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xBA330000        Size: 19712        File Visible: -        Signed: -

Status: -
 

Name: pci.sys

Image Path: pci.sys

Address: 0xB9F67000        Size: 68224        File Visible: -        Signed: -

Status: -
 

Name: pciide.sys

Image Path: pciide.sys

Address: 0xBA670000        Size: 3328        File Visible: -        Signed: -

Status: -
 

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xBA328000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000        Size: 2154496        File Visible: -        Signed: -

Status: -
 

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xB94E3000        Size: 147456        File Visible: -        Signed: -

Status: -
 

Name: PQIMount.SYS

Image Path: C:\WINDOWS\System32\Drivers\PQIMount.SYS

Address: 0xBA318000        Size: 36768        File Visible: -        Signed: -

Status: -
 

Name: PQNTDrv.SYS

Image Path: C:\WINDOWS\System32\Drivers\PQNTDrv.SYS

Address: 0xBA7A7000        Size: 2688        File Visible: -        Signed: -

Status: -
 

Name: PQV2i.sys

Image Path: PQV2i.sys

Address: 0xB9DF7000        Size: 77984        File Visible: -        Signed: -

Status: -
 

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xB944E000        Size: 69120        File Visible: -        Signed: -

Status: -
 

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xBA3E0000        Size: 17792        File Visible: -        Signed: -

Status: -
 

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xB941A000        Size: 8832        File Visible: -        Signed: -

Status: -
 

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xBA218000        Size: 51328        File Visible: -        Signed: -

Status: -
 

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xBA228000        Size: 41472        File Visible: -        Signed: -

Status: -
 

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xBA238000        Size: 48384        File Visible: -        Signed: -

Status: -
 

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xBA3F0000        Size: 16512        File Visible: -        Signed: -

Status: -
 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000        Size: 2154496        File Visible: -        Signed: -

Status: -
 

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xB2C44000        Size: 175744        File Visible: -        Signed: -

Status: -
 

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xBA5DE000        Size: 4224        File Visible: -        Signed: -

Status: -
 

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xB941E000        Size: 196224        File Visible: -        Signed: -

Status: -
 

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xBA1F8000        Size: 57728        File Visible: -        Signed: -

Status: -
 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0x9920B000        Size: 49152        File Visible: No        Signed: -

Status: -
 

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS

Address: 0xB9E2B000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0x99611000        Size: 354304        File Visible: -        Signed: -

Status: -
 

Name: ssmdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

Address: 0xBA488000        Size: 23040        File Visible: -        Signed: -

Status: -
 

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xBA5BE000        Size: 4352        File Visible: -        Signed: -

Status: -
 

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0x9A2E1000        Size: 60800        File Visible: -        Signed: -

Status: -
 

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xB2D07000        Size: 361600        File Visible: -        Signed: -

Status: -
 

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xBA3B8000        Size: 20480        File Visible: -        Signed: -

Status: -
 

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xBA258000        Size: 40704        File Visible: -        Signed: -

Status: -
 

Name: ugldypob.sys

Image Path: C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\ugldypob.sys

Address: 0x97B8F000        Size: 93056        File Visible: No        Signed: -

Status: -
 

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xB9398000        Size: 384768        File Visible: -        Signed: -

Status: -
 

Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xBA368000        Size: 32128        File Visible: -        Signed: -

Status: -
 

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xBA5CE000        Size: 8192        File Visible: -        Signed: -

Status: -
 

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xBA430000        Size: 30208        File Visible: -        Signed: -

Status: -
 

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xBA2C8000        Size: 59520        File Visible: -        Signed: -

Status: -
 

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xB95E7000        Size: 147456        File Visible: -        Signed: -

Status: -
 

Name: usbprint.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys

Address: 0xBA378000        Size: 25856        File Visible: -        Signed: -

Status: -
 

Name: usbscan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys

Address: 0xB2E33000        Size: 15104        File Visible: -        Signed: -

Status: -
 

Name: USBSTOR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Address: 0xBA4A8000        Size: 26368        File Visible: -        Signed: -

Status: -
 

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xBA400000        Size: 20608        File Visible: -        Signed: -

Status: -
 

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xBA428000        Size: 20992        File Visible: -        Signed: -

Status: -
 

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xB9636000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xBA0C8000        Size: 53760        File Visible: -        Signed: -

Status: -
 

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xBA2F8000        Size: 34560        File Visible: -        Signed: -

Status: -
 

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xBA3D8000        Size: 20480        File Visible: -        Signed: -

Status: -
 

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0x9A0E7000        Size: 83072        File Visible: -        Signed: -

Status: -
 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000        Size: 1855488        File Visible: -        Signed: -

Status: -
 

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000        Size: 1855488        File Visible: -        Signed: -

Status: -
 

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xBA5AA000        Size: 8192        File Visible: -        Signed: -

Status: -
 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000        Size: 2154496        File Visible: -        Signed: -

Status: -

Root Repeal Processes:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/09/07 22:38

Program Version:                Version 1.3.5.0

Windows Version:                Windows XP SP3

==================================================
 

Processes

-------------------

Path: System

PID: 4        Status: -
 

Path: C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PID: 164        Status: -
 

Path: C:\WINDOWS\Samsung\LaserSMMgr\SSMMgr.exe

PID: 224        Status: -
 

Path: C:\WINDOWS\explorer.exe

PID: 248        Status: -
 

Path: C:\Programme\Avira\AntiVir Desktop\avguard.exe

PID: 320        Status: -
 

Path: C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PID: 352        Status: -
 

Path: C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PID: 416        Status: -
 

Path: C:\Programme\Bonjour\mDNSResponder.exe

PID: 440        Status: -
 

Path: C:\WINDOWS\system32\gearsec.exe

PID: 492        Status: -
 

Path: C:\WINDOWS\system32\rundll32.exe

PID: 512        Status: -
 

Path: C:\Programme\FreePDF_XP\fpassist.exe

PID: 528        Status: -
 

Path: C:\WINDOWS\system32\nvsvc32.exe

PID: 600        Status: -
 

Path: C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PID: 616        Status: -
 

Path: C:\WINDOWS\system32\smss.exe

PID: 756        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 780        Status: -
 

Path: C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe

PID: 796        Status: -
 

Path: C:\WINDOWS\system32\csrss.exe

PID: 824        Status: -
 

Path: C:\WINDOWS\system32\winlogon.exe

PID: 848        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 872        Status: -
 

Path: C:\WINDOWS\system32\services.exe

PID: 892        Status: -
 

Path: C:\WINDOWS\system32\lsass.exe

PID: 904        Status: -
 

Path: C:\Programme\Internet Explorer\iexplore.exe

PID: 964        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 1100        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 1168        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 1224        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 1324        Status: -
 

Path: C:\Programme\Internet Explorer\iexplore.exe

PID: 1372        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 1384        Status: -
 

Path: C:\WINDOWS\system32\ctfmon.exe

PID: 1540        Status: -
 

Path: C:\WINDOWS\system32\spoolsv.exe

PID: 1596        Status: -
 

Path: C:\Programme\Avira\AntiVir Desktop\sched.exe

PID: 1644        Status: -
 

Path: C:\WINDOWS\system32\svchost.exe

PID: 1700        Status: -
 

Path: C:\WINDOWS\system32\CTXFISPI.EXE

PID: 1720        Status: -
 

Path: C:\WINDOWS\system32\msdtc.exe

PID: 1724        Status: -
 

Path: C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

PID: 1796        Status: -
 

Path: C:\WINDOWS\CTHELPER.EXE

PID: 1916        Status: -
 

Path: C:\WINDOWS\system32\CTXFIHLP.EXE

PID: 1940        Status: -
 

Path: C:\Programme\iTunes\iTunesHelper.exe

PID: 1968        Status: -
 

Path: C:\Programme\TeamViewer\Version5\TeamViewer.exe

PID: 1988        Status: -
 

Path: C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe

PID: 2152        Status: -
 

Path: C:\Programme\Mozilla Firefox\plugin-container.exe

PID: 2184        Status: -
 

Path: C:\Programme\Hardcopy\hardcopy.exe

PID: 2320        Status: -
 

Path: C:\WINDOWS\system32\dllhost.exe

PID: 2460        Status: -
 

Path: C:\Dokumente und Einstellungen\Stefan_User\Desktop\RootRepeal\RootRepeal.exe

PID: 2588        Status: -
 

Path: C:\WINDOWS\system32\vssvc.exe

PID: 2968        Status: -
 

Path: C:\Programme\iPod\bin\iPodService.exe

PID: 3192        Status: -
 

Path: C:\Programme\Mozilla Firefox\firefox.exe

PID: 3256        Status: -
 

Path: C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

PID: 3264        Status: -
 

Path: C:\WINDOWS\system32\alg.exe

PID: 3448        Status: -
 

Path: C:\WINDOWS\system32\dllhost.exe

PID: 3548        Status: -

Keine Stealth Objects oder Hidden Services gefunden.

Ich bin dankbar für alle Tipps und jede Hilfe!

Danke!
N.

Extras.txt:

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 07.09.2010 23:32:56 - Run 1

OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\Stefan_User\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 156,02 Gb Total Space | 87,48 Gb Free Space | 56,07% Space Free | Partition Type: NTFS

Drive D: | 988,60 Mb Total Space | 978,93 Mb Free Space | 99,02% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 88,13 Gb Total Space | 9,99 Gb Free Space | 11,34% Space Free | Partition Type: NTFS

Drive M: | 1863,02 Gb Total Space | 321,16 Gb Free Space | 17,24% Space Free | Partition Type: NTFS

Drive N: | 1863,02 Gb Total Space | 261,81 Gb Free Space | 14,05% Space Free | Partition Type: NTFS

 

Computer Name: STEFAN

Current User Name: Stefan_User

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)

Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24561814-4815-4387-AC59-05DDEC5AF013}" = ACDSee 4.0.1 Standard

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{608EC4A1-8750-11D5-BDB6-0050BA6A42D1}" = UMAX Astra 4500

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld

"{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EC319C3F-0039-4028-9F81-A3E79AA6F8D8}" = Samsung Druckerstatusmonitor

"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Ant Renamer 2_is1" = Ant Renamer

"AnyDVD" = AnyDVD

"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CloneDVD" = CloneDVD

"CloneDVD2" = CloneDVD2

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DVD Shrink_is1" = DVD Shrink 3.2

"EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1

"Exterminate It!" = Exterminate It!

"FreePDF_XP" = FreePDF XP (Remove only)

"GMX ProfiFax" = GMX ProfiFax

"GPL Ghostscript 8.62" = GPL Ghostscript 8.62

"GPL Ghostscript Fonts" = GPL Ghostscript Fonts

"Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy)

"ie8" = Windows Internet Explorer 8

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"Lidl-Fotos_is1" = Lidl-Fotos

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)

"NVIDIA Drivers" = NVIDIA Drivers

"Picasa 3" = Picasa 3

"PROSet" = Intel(R) PRO Network Connections Drivers

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"Spydig_is1" = SpyDig 2010

"TeamViewer 5" = TeamViewer 5

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 14.08.2010 15:52:03 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 14.08.2010 15:52:03 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 14.08.2010 15:52:03 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 20.08.2010 14:52:29 | Computer Name = STEFAN | Source = Drive Image 7.0 | ID = 100

Description = Beschreibung: Die Änderungen seit der letzten Sitzung können nicht

 ordnungsgemäß miteinander abgestimmt werden. Die aktuellen Laufwerke auf diesem

 System können nicht aufgelistet werden. Die PowerQuest-Storage Management Engine

 kann nicht initialisiert werden. Fehler E0BB0117: Die Initialisierung konnte nicht

 durchgeführt werden, da momentan noch ein weiteres Storage Management-Produkt verwendet

 wird.  Details: 0xE0BB0117  Quelle: Drive Image 7.0

 

Error - 20.08.2010 14:52:51 | Computer Name = STEFAN | Source = Drive Image 7.0 | ID = 100

Description = Beschreibung: Die Änderungen seit der letzten Sitzung können nicht

 ordnungsgemäß miteinander abgestimmt werden. Die aktuellen Laufwerke auf diesem

 System können nicht aufgelistet werden. Die PowerQuest-Storage Management Engine

 kann nicht initialisiert werden. Fehler E0BB0117: Die Initialisierung konnte nicht

 durchgeführt werden, da momentan noch ein weiteres Storage Management-Produkt verwendet

 wird.  Details: 0xE0BB0117  Quelle: Drive Image 7.0

 

Error - 21.08.2010 17:21:47 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 224: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 21.08.2010 17:21:47 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 21.08.2010 17:21:47 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 21.08.2010 17:21:47 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 21.08.2010 17:21:47 | Computer Name = STEFAN | Source = Bonjour Service | ID = 100

Description = 412: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

 

< End of report >

--- --- ---

[/code]