Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Der TR/Shutdowner.fft unter system32/kb.dll lässt sich, wie bei so vielen, nicht löschen. (https://www.trojaner-board.de/93968-tr-shutdowner-fft-system32-kb-dll-laesst-so-vielen-loeschen.html)

maxdo123 20.12.2010 23:21
Der TR/Shutdowner.fft unter system32/kb.dll lässt sich, wie bei so vielen, nicht löschen.
 
Hallo,

Ich hab das Porblem schon mehrfach hier im Forum gesehen, aber immer individuelle Lösungsansätze, keine Lösungen, gefunden. Drum erstell ich mal meinen eigenen Thread. Mit dabei OTL- und Malwarbyteslog. Beides aktualisiert.

Hoffe auf Hilfe! :zunge:

Max

maxdo123 20.12.2010 23:29
Hab grad gesehen, dass die Log-Files eher gepostet werden. Also hier sind sie:

OTL
Code:
OTL logfile created on: 20.12.2010 23:07:23 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\Max\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 59,90 Gb Free Space | 80,38% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 107,25 Gb Free Space | 23,03% Space Free | Partition Type: NTFS
Drive L: | 153,38 Gb Total Space | 39,16 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
 
Computer Name: MAX-45DC973D5D0 | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (All) ==========
 
PRC - [2010.12.18 19:15:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe
PRC - [2010.12.17 02:29:31 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2010.12.10 14:54:18 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.15 19:54:53 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.15 19:54:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.17 23:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2010.10.17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2010.10.15 19:37:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jqs.exe
PRC - [2010.08.26 02:37:00 | 000,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010.07.28 17:27:24 | 019,557,480 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.06.07 12:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.08.21 08:27:24 | 000,102,400 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2009.08.21 08:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009.08.14 15:51:52 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe
PRC - [2009.08.06 18:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009.07.07 19:10:14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2009.02.09 12:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009.02.06 11:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [RPCSS]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETSVCS]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [IMGSVC]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HTTPFILTER]
PRC - [2008.04.14 03:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH]
PRC - [2008.04.14 03:23:01 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008.04.14 03:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 03:22:40 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008.04.14 03:22:40 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008.04.14 03:22:34 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008.02.18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006.10.24 19:05:06 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (All) ==========
 
MOD - [2010.12.18 19:15:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010.08.16 09:44:05 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010.07.27 07:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010.07.16 13:05:01 | 001,288,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009.12.08 10:23:28 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009.06.25 09:25:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009.03.21 15:06:58 | 001,063,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009.02.09 11:51:44 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009.02.09 11:51:43 | 000,740,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008.10.23 13:36:55 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008.04.14 06:52:26 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008.04.14 03:23:08 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008.04.14 03:22:31 | 000,736,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008.04.14 03:22:31 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008.04.14 03:22:31 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008.04.14 03:22:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008.04.14 03:22:23 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008.04.14 03:22:23 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008.04.14 03:22:23 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008.04.14 03:22:18 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008.04.14 03:22:16 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008.04.14 03:22:12 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008.04.14 03:22:10 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008.04.14 03:22:08 | 000,846,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008.04.14 03:22:08 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008.04.14 03:22:07 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008.04.14 03:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008.04.14 03:20:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
 
 
========== Win32 Services (All) ==========
 
SRV - [2010.12.17 02:29:31 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.12.10 14:54:18 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.15 19:54:53 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.10.15 19:37:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Programme\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010.08.27 06:57:36 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010.08.26 02:37:00 | 000,606,208 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.08.21 08:27:24 | 000,102,400 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2009.07.07 19:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009.06.10 07:14:21 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009.02.09 12:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009.02.09 12:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009.02.09 11:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remoteprozeduraufruf (RPC)
SRV - [2009.02.09 11:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009.02.09 11:51:44 | 000,678,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008.07.29 20:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008.07.29 18:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.07.25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.25 10:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008.07.07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008.06.20 18:46:10 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness)
SRV - [2008.04.14 03:23:06 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008.04.14 03:23:04 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008.04.14 03:23:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.14 03:23:03 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008.04.14 03:23:01 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008.04.14 03:23:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008.04.14 03:22:59 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008.04.14 03:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 03:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 03:22:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008.04.14 03:22:53 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008.04.14 03:22:52 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008.04.14 03:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008.04.14 03:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008.04.14 03:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008.04.14 03:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008.04.14 03:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008.04.14 03:22:50 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2008.04.14 03:22:48 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008.04.14 03:22:42 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008.04.14 03:22:42 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008.04.14 03:22:42 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008.04.14 03:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 03:22:38 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008.04.14 03:22:34 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008.04.14 03:22:33 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008.04.14 03:22:33 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008.04.14 03:22:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008.04.14 03:22:32 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows-Bilderfassung (WIA)
SRV - [2008.04.14 03:22:32 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008.04.14 03:22:32 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008.04.14 03:22:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008.04.14 03:22:31 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008.04.14 03:22:31 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008.04.14 03:22:31 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008.04.14 03:22:30 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008.04.14 03:22:30 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008.04.14 03:22:30 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008.04.14 03:22:30 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks) Überwachung verteilter Verknüpfungen (Client)
SRV - [2008.04.14 03:22:30 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008.04.14 03:22:25 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008.04.14 03:22:25 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008.04.14 03:22:25 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008.04.14 03:22:24 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008.04.14 03:22:24 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008.04.14 03:22:23 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008.04.14 03:22:23 | 000,294,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent) NAP-Agent (Network Access Protection)
SRV - [2008.04.14 03:22:23 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008.04.14 03:22:23 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008.04.14 03:22:23 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008.04.14 03:22:23 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008.04.14 03:22:23 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008.04.14 03:22:20 | 000,438,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.14 03:22:19 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008.04.14 03:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 03:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 03:22:13 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008.04.14 03:22:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008.04.14 03:22:12 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.04.14 03:22:11 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008.04.14 03:22:10 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008.04.14 03:22:09 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) Automatische Konfiguration (verkabelt)
SRV - [2008.04.14 03:22:09 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008.04.14 03:22:09 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008.04.14 03:22:09 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008.04.14 03:22:08 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008.04.14 03:22:08 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008.04.14 03:22:07 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008.04.14 03:22:07 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008.04.14 03:22:07 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008.04.14 03:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.02.18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.24 19:05:06 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006.09.28 17:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2004.08.04 13:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
 
 
========== Driver Services (All) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (i2omp)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Abiosdsk)
DRV - [2010.12.20 20:56:48 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.24 20:20:48 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010.10.17 23:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.10.15 18:41:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.09.30 22:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010.09.14 14:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.08.26 14:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010.08.26 04:33:38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.07.28 17:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.05.20 14:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009.11.18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.20 17:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009.07.17 15:23:46 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2009.07.14 09:35:16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009.06.24 12:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.09 17:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008.04.14 03:23:27 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008.04.14 03:23:26 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008.04.14 03:23:26 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008.04.14 03:23:26 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008.04.14 03:02:33 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008.04.14 03:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 03:02:13 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008.04.14 03:02:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008.04.14 02:58:37 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008.04.14 02:58:36 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008.04.14 02:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008.04.14 02:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.14 02:58:03 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008.04.14 02:55:34 | 000,052,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008.04.14 02:54:59 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008.04.14 02:52:51 | 000,057,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008.04.14 02:52:51 | 000,044,672 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008.04.14 02:52:02 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008.04.14 02:51:21 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008.04.14 02:49:36 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008.04.14 02:49:32 | 000,030,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008.04.14 02:49:03 | 000,188,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008.04.13 20:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008.04.13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008.04.13 20:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008.04.13 20:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - [2008.04.13 20:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN-Miniport (L2TP)
DRV - [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008.04.13 20:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008.04.13 20:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008.04.13 20:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008.04.13 20:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008.04.13 20:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008.04.13 19:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008.04.13 19:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008.04.13 19:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008.04.13 19:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008.04.13 19:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008.04.13 19:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008.04.13 19:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008.04.13 19:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008.04.13 19:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008.04.13 19:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008.04.13 19:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008.04.13 19:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008.04.13 19:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008.04.13 19:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008.04.13 19:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008.04.13 19:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008.04.13 19:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008.04.13 19:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008.04.13 19:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008.04.13 19:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008.04.13 19:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008.04.13 19:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008.04.13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008.04.13 19:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008.04.13 19:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008.04.13 19:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008.04.13 19:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008.04.13 19:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008.04.13 19:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.13 19:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008.04.13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008.04.13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008.04.13 19:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008.04.13 19:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008.04.13 19:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008.04.13 19:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008.04.13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008.04.13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008.04.13 19:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008.04.13 19:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008.04.13 19:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008.04.13 19:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008.04.13 19:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008.04.13 19:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008.04.13 19:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008.04.13 19:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008.04.13 19:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008.04.13 19:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008.04.13 19:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008.04.13 19:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008.04.13 19:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008.04.13 19:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008.04.13 19:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008.04.13 19:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008.04.13 19:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008.04.13 17:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008.04.13 17:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.09.28 18:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006.09.28 17:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.04 13:00:00 | 000,126,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004.08.04 13:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004.08.04 13:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004.08.04 13:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004.08.04 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004.08.04 13:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) Parallelanschluss (direkt)
DRV - [2004.08.04 13:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.04 13:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004.08.04 13:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2004.08.04 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004.08.04 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004.08.04 13:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004.08.04 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2004.08.04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004.08.04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004.08.04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004.08.04 13:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2004.08.04 13:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2001.08.17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
 
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2010.10.15 19:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.10.19 20:17:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.12 02:33:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.12 02:33:25 | 000,000,000 | ---D | M]
 
[2010.10.15 20:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Extensions
[2010.10.15 20:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.12.20 21:17:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\qencei7k.default\extensions
[2010.10.21 03:57:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\qencei7k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.22 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\qencei7k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.17 10:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\qencei7k.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.10.15 20:01:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.12.12 02:33:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.12.12 02:33:17 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2010.12.12 02:33:17 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.06.25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.12.12 02:33:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2010.11.06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2010.12.06 12:43:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.15 18:09:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.20 21:02:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.12.19 08:23:22 | 000,000,000 | ---D | C] -- C:\Programme\tmp
[2010.12.19 08:23:20 | 000,000,000 | ---D | C] -- C:\Programme\win
[2010.12.18 19:33:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Desktop\backups
[2010.12.18 19:32:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Max\Desktop\HiJackThis204.exe
[2010.12.18 19:29:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Max\Recent
[2010.12.18 19:21:57 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.18 19:17:37 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Max\Desktop\ccsetup301.exe
[2010.12.18 19:15:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe
[2010.12.18 17:45:12 | 000,000,000 | ---D | C] -- C:\Programme\windows
[2010.12.18 13:49:26 | 000,000,000 | ---D | C] -- C:\Programme\rMBKnWIV
[2010.12.17 02:28:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Activision
[2010.12.16 23:58:58 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010.12.16 12:46:43 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010.12.16 12:46:08 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010.12.10 19:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\ICQ
[2010.12.08 22:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Apple Computer
[2010.12.08 10:07:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Sowi
[2010.12.07 14:46:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010.12.07 14:44:49 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2010.12.07 14:44:47 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2010.12.07 14:44:47 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010.12.07 14:44:47 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010.12.07 14:44:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010.12.07 14:44:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2010.12.07 14:44:46 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2010.12.07 14:44:46 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010.12.07 14:44:46 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2010.12.07 14:44:46 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010.12.07 14:44:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010.12.07 14:44:42 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010.12.07 14:44:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qasf.dll
[2010.12.07 14:44:40 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010.12.07 14:44:40 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010.12.07 14:44:39 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010.12.07 14:44:38 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010.12.07 14:44:34 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2010.12.07 14:44:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2010.12.07 14:44:33 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2010.12.07 14:44:33 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2010.12.07 14:44:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2010.12.07 14:44:32 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2010.12.07 14:44:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2010.12.07 14:44:32 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2010.12.07 14:44:32 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2010.12.07 14:44:32 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2010.12.07 14:44:31 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2010.12.07 14:44:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010.12.07 14:44:27 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010.12.07 14:44:27 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010.12.07 14:44:26 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2010.12.07 14:44:26 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2010.12.07 14:44:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2010.12.07 14:44:26 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010.12.07 14:44:26 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2010.12.07 14:44:24 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2010.12.07 14:44:24 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2010.12.07 14:44:24 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2010.12.07 14:44:24 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010.12.07 14:44:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010.12.07 14:44:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2010.12.07 14:44:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010.12.07 14:44:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010.12.07 14:44:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010.12.07 14:44:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010.12.07 14:44:23 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2010.12.07 14:44:23 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2010.12.07 14:44:23 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2010.12.07 14:44:23 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2010.12.07 14:44:23 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2010.12.07 14:44:23 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2010.12.07 14:44:23 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2010.12.07 14:44:23 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010.12.07 14:44:23 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010.12.07 14:44:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010.12.07 14:44:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2010.12.06 12:43:20 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.12.06 12:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.12.06 12:42:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.12.06 12:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.12.06 12:42:48 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.12.06 12:42:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.12.06 12:42:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.12.03 17:59:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.11.29 20:16:02 | 000,000,000 | ---D | C] -- C:\Programme\Winamp
[2010.11.29 20:15:54 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Remote
[2010.11.29 20:05:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Nero
[2010.11.29 19:45:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\fontconfig
[2010.11.29 19:16:42 | 000,000,000 | ---D | C] -- C:\Programme\ffmpeg
[2010.11.29 19:16:12 | 000,000,000 | ---D | C] -- C:\ffmpeg
[2010.11.29 18:29:12 | 000,000,000 | ---D | C] -- C:\Programme\ffdshow
[2010.11.22 19:38:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.22 19:38:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\DVDVideoSoft
[2010.11.22 19:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\DVDVideoSoft
[2010.11.22 19:38:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2010.11.22 19:38:00 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.11.22 19:28:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\MagicSoftware
[2010.11.22 19:17:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\AnyDVDHD
[2010.11.22 19:17:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2010.11.22 19:15:26 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.20 23:07:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.20 23:06:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.20 23:04:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.12.20 23:01:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.12.20 21:38:05 | 000,003,584 | ---- | M] () -- C:\WINDOWS\System32\kb.dll
[2010.12.20 21:13:09 | 000,000,224 | RHS- | M] () -- C:\boot.ini
[2010.12.20 20:56:48 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.12.19 08:24:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Xerox Mobile Express Port
[2010.12.19 08:20:30 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{07F4EC51-DC04-427B-916C-1201DD23FFC3}
[2010.12.19 08:12:48 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{07F4EC51-DC04-427B-916C-1201DD23FFC3}
[2010.12.18 19:32:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Max\Desktop\HiJackThis204.exe
[2010.12.18 19:20:03 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010.12.18 19:18:20 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Max\Desktop\ccsetup301.exe
[2010.12.18 19:15:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe
[2010.12.17 16:56:08 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.12.17 03:30:17 | 000,001,544 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010.12.17 02:59:49 | 000,138,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.12.13 11:45:31 | 000,319,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\Nach der Schule.ppt
[2010.12.12 16:52:43 | 000,039,820 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Glück.docx
[2010.12.12 03:59:14 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010.12.11 02:07:58 | 000,056,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.07 21:24:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\UninstallBeetle.exe
[2010.12.06 22:13:35 | 004,200,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\Bob Schneider - Bullets.mp3
[2010.12.06 12:42:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.12.05 15:49:00 | 003,965,798 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\DSCN0366.JPG
[2010.12.02 16:17:35 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{AB5FC2DE-0E03-420B-8DB0-AC596C438452}
[2010.11.29 20:09:24 | 000,003,839 | ---- | M] () -- C:\WINDOWS\System32\NMMediaServer.cfg
[2010.11.29 19:00:24 | 000,000,011 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.tv6
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.24 20:20:48 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.22 19:16:53 | 000,000,040 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.18 19:29:26 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\kb.dll
[2010.12.17 02:29:53 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.12.17 02:29:49 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.12.17 02:29:31 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.12.12 16:46:50 | 000,039,820 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Glück.docx
[2010.12.07 21:24:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UninstallBeetle.exe
[2010.12.07 14:44:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.12.07 14:44:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010.12.07 14:44:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010.12.07 14:44:48 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010.12.07 14:44:47 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010.12.07 14:44:47 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010.12.07 14:44:42 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010.12.07 14:44:41 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010.12.07 14:44:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010.12.07 14:44:39 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010.12.07 14:44:38 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010.12.06 22:07:58 | 004,200,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Desktop\Bob Schneider - Bullets.mp3
[2010.12.06 12:42:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.12.05 15:49:00 | 003,965,798 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Desktop\DSCN0366.JPG
[2010.11.29 20:09:24 | 000,003,839 | ---- | C] () -- C:\WINDOWS\System32\NMMediaServer.cfg
[2010.11.29 19:00:24 | 000,000,011 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.tv6
[2010.11.29 18:29:13 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.11.22 19:16:53 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.24 01:53:46 | 000,216,784 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.10.24 00:06:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.22 15:16:41 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2010.10.20 20:19:43 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 19:45:08 | 000,001,544 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010.10.15 21:22:36 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010.10.15 21:22:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2010.10.15 21:22:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2010.10.15 21:22:36 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2010.10.15 21:22:21 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2010.10.15 21:22:21 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2010.10.15 21:22:21 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2010.10.15 21:22:08 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010.10.15 19:55:41 | 000,056,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.15 19:23:03 | 000,036,048 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2010.10.15 19:05:26 | 000,004,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010.10.15 18:56:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.15 18:41:44 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

maxdo123 20.12.2010 23:30
Extras Log

Code:
OTL Extras logfile created on: 20.12.2010 23:07:23 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\Max\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 59,90 Gb Free Space | 80,38% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 107,25 Gb Free Space | 23,03% Space Free | Partition Type: NTFS
Drive L: | 153,38 Gb Total Space | 39,16 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
 
Computer Name: MAX-45DC973D5D0 | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"G:\Programme\EA SPORTS\FUSSBALL MANAGER 11\Manager11.exe" = G:\Programme\EA SPORTS\FUSSBALL MANAGER 11\Manager11.exe:*:Enabled:EA SPORTS™ FIFA Manager 11 -- (Electronic Arts Inc.)
"G:\Programme\Steam\Steam.exe" = G:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Programme\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia -- File not found
"C:\Programme\TwonkyMedia\twonkymediaserver.exe" = C:\Programme\TwonkyMedia\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- File not found
"C:\Programme\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1) -- (Nero AG)
"C:\Programme\Nero\Nero8\Nero MediaHome\NMMediaServer.exe" = C:\Programme\Nero\Nero8\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2) -- (Nero AG)
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Programme\Mozilla Firefox\plugin-container.exe" = C:\Programme\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"G:\Programme\Steam\steamapps\dj_husnie\counter-strike source\hl2.exe" = G:\Programme\Steam\steamapps\dj_husnie\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"G:\Programme\MediaMobsters\GangLand\GANGLAND.EXE" = G:\Programme\MediaMobsters\GangLand\GANGLAND.EXE:*:Enabled:GANGLAND -- ()
"G:\LAN, DIGGAH\Counter-Strike Source\hl2 -console.exe" = G:\LAN, DIGGAH\Counter-Strike Source\hl2 -console.exe:*:Enabled:hl2 -console -- File not found
"G:\Downloads\Call of Duty - World at War\CoDWaWmp.exe" = G:\Downloads\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R): World at War Multiplayer -- (Activision Blizzard, Inc.)
"G:\Downloads\Call of Duty - World at War\CoDWaW.exe" = G:\Downloads\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.)
"G:\Downloads\Call of Duty - World at War\CoDWaW.unpacked.exe" = G:\Downloads\Call of Duty - World at War\CoDWaW.unpacked.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.)
"G:\Downloads\Call of Duty - World at War\CoDWaW_LANFixed.exe" = G:\Downloads\Call of Duty - World at War\CoDWaW_LANFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{82BF01FD-1FC2-4E33-861B-B32E8DC22723}" = TSR Workshop
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"EA Installer.344028321" = EA Installer
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Foxit Reader" = Foxit Reader
"Free Studio_is1" = Free Studio version 4.9.13
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"S.A.D. Haushaltsbuch_is1" = S.A.D. Haushaltsbuch 2008
"Sandboxie" = Sandboxie 3.50
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebcamMax" = WebcamMax
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Airfield Mayhem" = Airfield Mayhem
"Basketball" = Basketball
"Blinkwang - a game of intuition" = Blinkwang - a game of intuition
"Chain Reaction" = Chain Reaction
"CubeOut" = CubeOut
"Defend Yourself" = Defend Yourself
"FunAquarium" = FunAquarium
"ISS" = ISS
"RealAquarium" = RealAquarium
"SimAquarium" = SimAquarium
"Sinuous" = Sinuous
"Torus" = Torus
"Twiget (Twitter Widget)" = Twiget (Twitter Widget)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2010 05:57:58 | Computer Name = MAX-45DC973D5D0 | Source = ESENT | ID = 490
Description = svchost (1176) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 18.12.2010 14:02:08 | Computer Name = MAX-45DC973D5D0 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
 in 0x800423f3) fehlgeschlagen.
 
[ System Events ]
Error - 17.12.2010 20:06:54 | Computer Name = MAX-45DC973D5D0 | Source = Service Control Manager | ID = 7034
Description = Dienst "MSCamSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 18.12.2010 08:52:51 | Computer Name = MAX-45DC973D5D0 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
 0024010447A9 wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 19.12.2010 03:20:32 | Computer Name = MAX-45DC973D5D0 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 0024010447A9 wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.12.2010 15:54:29 | Computer Name = MAX-45DC973D5D0 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.32 für die Netzwerkkarte mit der Netzwerkadresse
 001BFC456C3D wurde durch  den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.12.2010 18:06:46 | Computer Name = MAX-45DC973D5D0 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
 
< End of report >

maxdo123 20.12.2010 23:33
Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2010 23:04:19
mbam-log-2010-12-20 (23-04-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 253251
Laufzeit: 1 Stunde(n), 25 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords.XGen) -> Bad: (C:\Programme\rMBKnWIV\pcvvsgrr.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\rMBKnWIV\pcvvsgrr.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\dokumente und einstellungen\Max\lokale einstellungen\Temp\19792079 (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Max\lokale einstellungen\Temp\tmp154693c8\ALL.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Max\lokale einstellungen\Temp\tmp1f976d18\Output.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Max\startmenü\programme\autostart\pcvvsgrr.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0001004.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0001012.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0001013.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0002012.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0002013.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0002043.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP3\A0002044.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\pss\pcvvsgrr.exestartup (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

cosinus 23.12.2010 22:10
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
[2010.12.19 08:23:22 | 000,000,000 | ---D | C] -- C:\Programme\tmp
[2010.12.19 08:23:20 | 000,000,000 | ---D | C] -- C:\Programme\win
[2010.12.18 17:45:12 | 000,000,000 | ---D | C] -- C:\Programme\windows
[2010.12.18 13:49:26 | 000,000,000 | ---D | C] -- C:\Programme\rMBKnWIV
[2010.12.18 19:29:26 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\kb.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

maxdo123 24.12.2010 01:22
Hier der Log:

Code:
All processes killed
========== OTL ==========
C:\Programme\tmp folder moved successfully.
C:\Programme\win folder moved successfully.
C:\Programme\windows folder moved successfully.
C:\Programme\rMBKnWIV folder moved successfully.
File move failed. C:\WINDOWS\System32\kb.dll scheduled to be moved on reboot.
 
OTL by OldTimer - Version 3.2.17.3 log created on 12242010_011916

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\kb.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 24.12.2010 01:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

maxdo123 24.12.2010 02:12
Habe nach der Ausführung von OTL ein Problem. schreibe gerade vom Handy. Der von OTL durchgeführte Neustart lief einwandfrei. Danach kann der PC allerdings nicht mehr starten. Startet immer wieder nach dem WinXp Ladebildschirm neu.

cosinus 25.12.2010 00:40
Hast du einen zweiten Rechner parat? Mit dem müssen wir eine Datei über eine Live-CD ersetzen. Frag notfalls einen Bekannten oder Nachbarn, was du noch brauchst wäre ein CD-Rohling.

maxdo123 25.12.2010 16:19
Ja, hab ich beides hier. Musst mir nur sagen, was ich machen soll.

cosinus 25.12.2010 17:09
PartedMagic

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 70 MB sein
2. Entpack die ZIP-Datei in einen beliebigen Pfad, es wird eine ISO-Datei (CD-Abbild) von PartedMagic entpackt

3. Brenn die ISO-Datei per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows
4. Boote den Rechner mit defektem Windows von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://www.raiden.net/images/article...tedmagic40.jpg

5. Du müsstest ein Symbol Mount Devices finden, das doppelklicken
6. Mounte die Partition wo Windows installiert ist, meistens ist es /dev/sda1
7. Benenne auf sda1 (bzw. die Partition wo Windows ist, falls es nicht sda1 sein sollte) folgende Dateien um, einfach ein .vir dranhängen:

Code:
/windows/winlogon.exe.vir
8. Diese saubere winlogon.exe runterladen (zB auf den Desktop) - kopiere sie in den Windows-Systempfad:

Code:
winlogon.exe => /windows/system32/winlogon.exe
(müsste eigentlich alles ganz easy über den graphischen Dateibowser in Linux gehen)


9. Starte den Rechner neu und boote Windows
10. Falls Windows wieder normal bootet => die in Linux umbenannt Datei (die mit .vir) bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
11. Gib Bescheid wenn alles durch ist.

maxdo123 25.12.2010 22:52
So, der Pc lässt sich jetzt zwar starten, aber die explorer.exe stürzt leider ab. Trotzdem wollte ich dir schonmal sehr danken für deine Mühen. Wie gehen wir weiter vor?

cosinus 26.12.2010 19:10
Mach das gleiche mit Parted Magic nochmal, aber mit der explorer.exe. Hier der Download => File-Upload.net - explorer.exe
Die explorer.exe ist direkt im Windows-Ordner, nicht unter system32! Denk dran, die alte explorer.exe wieder umzubenennen.
Wenn du die explorer.exe ersetzt hast, sehen wir weiter.
Falls diese immer noch abstürzt, kannst du über den Taskmanager manuell "explorer.exe" starten, dann sollte der Desktop wie gewohnt da sein.

maxdo123 26.12.2010 20:10
Okay, jetzt funktioniert das System wieder. Ich hatte allerdings kurz nach Neustart die Meldung dass Microsoft Windows ein Problem festgestellt hat und beendet werden muss. Pc lief aber dennoch ganz normal weiter.

Ich hab beide Dateien hochgeladen.

Danke nochmal!

//EDIT: Achja, ich führe gerade Malwarebytes Vollscan durch, Antivir schlägt nicht mehr an.

cosinus 26.12.2010 20:17
Ok. Das waren bekannte Schädlingsdateien. Also von Schädlingen manipueliert, nun hast du saubere Dateien.
hast du combofix schon ausgeführt?

maxdo123 26.12.2010 21:03
Ja, hab ich gemacht, hier der Log:

Code:
ComboFix 10-12-25.03 - Max 26.12.2010  20:37:01.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3326.2846 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Max\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-11-26 bis 2010-12-26  ))))))))))))))))))))))))))))))
.

2010-12-26 20:00 . 2010-12-26 19:57        1036800        ----a-w-        c:\windows\explorer.exe
2010-12-26 19:15 . 2010-12-26 19:15        709456        ----a-w-        c:\windows\isRS-000.tmp
2010-12-25 22:23 . 2010-12-25 20:58        513024        ----a-w-        c:\windows\system32\winlogon.exe
2010-12-25 21:48 . 2010-12-26 17:12        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2010-12-24 00:19 . 2010-12-24 00:19        --------        d-----w-        C:\_OTL
2010-12-18 18:21 . 2010-12-18 18:22        --------        d-----w-        c:\programme\CCleaner
2010-12-17 01:29 . 2010-12-17 01:59        138464        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-12-17 01:29 . 2010-12-17 01:59        111928        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-12-17 01:29 . 2010-12-17 01:29        66872        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-12-17 01:28 . 2010-12-17 01:28        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Activision
2010-12-16 22:58 . 2003-03-15 23:15        90112        ----a-w-        c:\windows\unvise32.exe
2010-12-16 11:46 . 2010-11-02 15:17        40960        -c----w-        c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 11:46 . 2010-10-11 14:59        45568        -c----w-        c:\windows\system32\dllcache\wab.exe
2010-12-08 21:54 . 2010-12-08 21:54        --------        d-----w-        c:\dokumente und einstellungen\Max\Anwendungsdaten\Apple Computer
2010-12-08 09:07 . 2010-12-18 18:17        --------        d-----w-        c:\dokumente und einstellungen\Max\Anwendungsdaten\Sowi
2010-12-07 20:24 . 2010-12-07 20:24        45056        ----a-w-        c:\windows\system32\UninstallBeetle.exe
2010-12-07 13:37 . 2005-04-03 22:02        753664        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-12-07 13:37 . 2005-04-03 22:02        69714        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-12-07 13:37 . 2005-04-03 22:01        274432        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-12-07 13:37 . 2005-04-03 22:00        184320        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-12-07 13:37 . 2005-04-03 21:59        5632        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-12-07 13:37 . 2010-12-07 13:37        331908        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-12-07 13:37 . 2010-12-07 13:37        200836        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Apple
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\programme\Apple Software Update
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-12-03 16:59 . 2010-12-03 16:59        --------        d-----w-        C:\found.000
2010-11-29 19:16 . 2010-11-29 19:16        --------        d-----w-        c:\programme\Winamp
2010-11-29 19:15 . 2010-12-05 16:28        --------        d-----w-        c:\programme\Winamp Remote
2010-11-29 19:05 . 2010-11-29 19:05        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Nero
2010-11-29 18:45 . 2010-11-29 18:45        --------        d-----w-        c:\dokumente und einstellungen\Max\fontconfig
2010-11-29 18:16 . 2010-11-29 18:17        --------        d-----w-        c:\programme\ffmpeg
2010-11-29 18:16 . 2010-11-29 18:33        --------        d-----w-        C:\ffmpeg
2010-11-29 17:29 . 2009-12-05 18:42        85504        ----a-w-        c:\windows\system32\ff_vfw.dll
2010-11-29 17:29 . 2010-11-29 17:29        --------        d-----w-        c:\programme\ffdshow

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 19:56 . 2010-10-15 18:12        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-20 17:09 . 2010-10-18 17:13        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-18 17:13        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-24 19:20 . 2010-10-15 18:12        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2010-10-15 17:06        86016        ----a-w-        c:\windows\system32\isign32.dll
2010-11-06 00:21 . 2004-08-04 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-04 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-04 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2010-11-05 10:02 . 2010-11-05 10:02        724992        ----a-w-        c:\windows\iun6002.exe
2010-11-03 12:25 . 2004-08-04 12:00        385024        ----a-w-        c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00        40960        ----a-w-        c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 2004-08-04 12:00        290048        ----a-w-        c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-04 12:00        1853440        ----a-w-        c:\windows\system32\win32k.sys
2010-10-15 18:37 . 2010-10-15 18:37        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2010-10-15 18:37 . 2010-10-15 18:37        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-10-15 17:41 . 2010-10-15 17:41        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-09-30 21:25 . 2010-09-30 21:25        30376        ----a-w-        c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18        89256        ----a-w-        c:\windows\system32\ElbyCDIO.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-08-14 1708032]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Max^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Max^Startmenü^Programme^Autostart^pcvvsgrr.exe]
path=c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\pcvvsgrr.exe
backup=c:\windows\pss\pcvvsgrr.exeStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Max^Startmenü^Programme^Autostart^Xerox-Produktregistrierung.lnk]
path=c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\Xerox-Produktregistrierung.lnk
backup=c:\windows\pss\Xerox-Produktregistrierung.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16        357696        ----a-w-        c:\programme\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20        133432        ----a-w-        c:\programme\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07        1828136        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27        119152        ----a-w-        c:\programme\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29        2221352        ----a-w-        c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 15:14        570664        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32        1479680        ----a-w-        c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 09:08        1242448        ----a-w-        g:\programme\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2010-05-20 13:27        762736        ----a-w-        c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2010-02-20 09:18        6040408        ----a-w-        c:\programme\WebcamMax\WebcamMax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 18:05        204288        ------w-        c:\programme\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=
"g:\\Programme\\EA SPORTS\\FUSSBALL MANAGER 11\\Manager11.exe"=
"g:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Programme\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"g:\\Programme\\Steam\\steamapps\\dj_husnie\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"g:\\Programme\\MediaMobsters\\GangLand\\GANGLAND.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.10.2010 18:41 691696]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [15.10.2010 21:22 151552]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.10.2010 19:12 135336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.10.2010 19:33 1691480]
.
Inhalt des "geplante Tasks" Ordners

2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Playlist - c:\programme\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
IE: Free YouTube Download - c:\dokumente und einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\qencei7k.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-21689000 - c:\dokume~1\Max\LOKALE~1\Temp\21689000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-26 20:40
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(2512)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-12-26  20:41:07
ComboFix-quarantined-files.txt  2010-12-26 19:41

Vor Suchlauf: 8 Verzeichnis(se), 64.363.044.864 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 64.358.014.976 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut

- - End Of File - - EC761165F827C44833CCB7863BCF66F8

maxdo123 26.12.2010 21:40
Und hier ist der neue Malwarebytes-Log

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.12.2010 21:39:28
mbam-log-2010-12-26 (21-39-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 263560
Laufzeit: 38 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{b85b8dcb-2ded-4019-a8f5-ae8ae012548c}\RP1\A0000002.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12242010_011916\c_programme\tmp\34w.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
g:\system volume information\_restore{6bec2a33-919c-454e-b3f1-68f7a7678f68}\RP132\A0080138.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
g:\system volume information\_restore{7c01444e-836b-46da-b0d6-dd71d382f426}\RP256\A0142342.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

cosinus 27.12.2010 09:42
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Filelook::
c:\windows\explorer.exe
c:\windows\isRS-000.tmp
c:\windows\system32\winlogon.exe
c:\windows\system32\dllcache\ndproxy.sys
c:\windows\system32\dllcache\wab.exe

File::
c:\windows\isRS-000.tmp

Folder::
c:\dokumente und einstellungen\Max\Anwendungsdaten\Sowi
C:\found.000
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

maxdo123 27.12.2010 14:37
Okay und hier der neue Log:

Code:
ComboFix 10-12-26.01 - Max 27.12.2010  14:07:23.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3326.2869 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Max\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Max\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\isRS-000.tmp"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Max\Anwendungsdaten\Sowi
C:\found.000
c:\found.000\file0000.chk

.
(((((((((((((((((((((((  Dateien erstellt von 2010-11-27 bis 2010-12-27  ))))))))))))))))))))))))))))))
.

2010-12-26 20:00 . 2010-12-26 19:57        1036800        ----a-w-        c:\windows\explorer.exe
2010-12-26 19:33 . 2010-12-26 19:41        --------        d-----w-        C:\cofi
2010-12-25 22:23 . 2010-12-25 20:58        513024        ----a-w-        c:\windows\system32\winlogon.exe
2010-12-25 21:48 . 2010-12-26 17:12        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2010-12-24 00:19 . 2010-12-24 00:19        --------        d-----w-        C:\_OTL
2010-12-18 18:21 . 2010-12-18 18:22        --------        d-----w-        c:\programme\CCleaner
2010-12-17 01:29 . 2010-12-17 01:59        138464        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-12-17 01:29 . 2010-12-17 01:59        111928        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-12-17 01:29 . 2010-12-17 01:29        66872        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-12-17 01:28 . 2010-12-17 01:28        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Activision
2010-12-16 22:58 . 2003-03-15 23:15        90112        ----a-w-        c:\windows\unvise32.exe
2010-12-16 11:46 . 2010-11-02 15:17        40960        -c----w-        c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 11:46 . 2010-10-11 14:59        45568        -c----w-        c:\windows\system32\dllcache\wab.exe
2010-12-08 21:54 . 2010-12-08 21:54        --------        d-----w-        c:\dokumente und einstellungen\Max\Anwendungsdaten\Apple Computer
2010-12-07 20:24 . 2010-12-07 20:24        45056        ----a-w-        c:\windows\system32\UninstallBeetle.exe
2010-12-07 13:37 . 2005-04-03 22:02        753664        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-12-07 13:37 . 2005-04-03 22:02        69714        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-12-07 13:37 . 2005-04-03 22:01        274432        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-12-07 13:37 . 2005-04-03 22:00        184320        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-12-07 13:37 . 2005-04-03 21:59        5632        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-12-07 13:37 . 2010-12-07 13:37        331908        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-12-07 13:37 . 2010-12-07 13:37        200836        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Apple
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\programme\Apple Software Update
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-12-06 11:42 . 2010-12-06 11:42        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-11-29 19:16 . 2010-11-29 19:16        --------        d-----w-        c:\programme\Winamp
2010-11-29 19:15 . 2010-12-05 16:28        --------        d-----w-        c:\programme\Winamp Remote
2010-11-29 19:05 . 2010-11-29 19:05        --------        d-----w-        c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Nero
2010-11-29 18:45 . 2010-11-29 18:45        --------        d-----w-        c:\dokumente und einstellungen\Max\fontconfig
2010-11-29 18:16 . 2010-11-29 18:17        --------        d-----w-        c:\programme\ffmpeg
2010-11-29 18:16 . 2010-11-29 18:33        --------        d-----w-        C:\ffmpeg
2010-11-29 17:29 . 2009-12-05 18:42        85504        ----a-w-        c:\windows\system32\ff_vfw.dll
2010-11-29 17:29 . 2010-11-29 17:29        --------        d-----w-        c:\programme\ffdshow

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 19:56 . 2010-10-15 18:12        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-20 17:09 . 2010-10-18 17:13        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-18 17:13        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-24 19:20 . 2010-10-15 18:12        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2010-10-15 17:06        86016        ----a-w-        c:\windows\system32\isign32.dll
2010-11-06 00:21 . 2004-08-04 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-04 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-04 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2010-11-05 10:02 . 2010-11-05 10:02        724992        ----a-w-        c:\windows\iun6002.exe
2010-11-03 12:25 . 2004-08-04 12:00        385024        ----a-w-        c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00        40960        ----a-w-        c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 2004-08-04 12:00        290048        ----a-w-        c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-04 12:00        1853440        ----a-w-        c:\windows\system32\win32k.sys
2010-10-15 18:37 . 2010-10-15 18:37        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2010-10-15 18:37 . 2010-10-15 18:37        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-10-15 17:41 . 2010-10-15 17:41        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-09-30 21:25 . 2010-09-30 21:25        30376        ----a-w-        c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18        89256        ----a-w-        c:\windows\system32\ElbyCDIO.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.5512 (xpsp.080413-2105)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: EXPLORER.EXE
File size: 1036800
Created time: 2010-12-26 20:00
Modified time: 2010-12-26 19:57
MD5: 418045A93CD87A352098AB7DABE1B53E
SHA1: 98B9AD668E0727BE888B861F49AAC0F72725E634


--- c:\windows\system32\dllcache\ndproxy.sys ---
Company: Microsoft Corporation
File Description: NDIS Proxy
File Version: 5.1.2600.6048 (xpsp_sp3_gdr.101102-1900)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ndproxy.sys
File size: 40960
Created time: 2010-12-16 11:46
Modified time: 2010-11-02 15:17
MD5: 9282BD12DFB069D3889EB3FCC1000A9B
SHA1: F76E50CF3A2A40A2D71437C7662CFF8BE9BE037F


--- c:\windows\system32\dllcache\wab.exe ---
Company: Microsoft Corporation
File Description: Address Book
File Version: 6.00.2900.6040 (xpsp_sp3_gdr.101011-1837)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: WAB.EXE
File size: 45568
Created time: 2010-12-16 11:46
Modified time: 2010-10-11 14:59
MD5: 29A9A30CA99EA2C28E1153FFB1AF2B57
SHA1: 3C4E4F89C21BFC0DEDD2A9381641600CA85F2FDD


--- c:\windows\system32\winlogon.exe ---
Company: Microsoft Corporation
File Description: Windows NT-Anmeldung
File Version: 5.1.2600.5512 (xpsp.080413-2113)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: WINLOGON.EXE
File size: 513024
Created time: 2010-12-25 22:23
Modified time: 2010-12-25 20:58
MD5: F09A527B422E25C478E38CAA0E44417A
SHA1: B180BED1BCA42AE4CEF259697C3D21320026752B


(((((((((((((((((((((((((((((  SnapShot@2010-12-26_19.40.02  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-27 12:50 . 2010-12-27 12:50        16384              c:\windows\Temp\Perflib_Perfdata_7c.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-08-14 1708032]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Max^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Max^Startmenü^Programme^Autostart^pcvvsgrr.exe]
path=c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\pcvvsgrr.exe
backup=c:\windows\pss\pcvvsgrr.exeStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Max^Startmenü^Programme^Autostart^Xerox-Produktregistrierung.lnk]
path=c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\Xerox-Produktregistrierung.lnk
backup=c:\windows\pss\Xerox-Produktregistrierung.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16        357696        ----a-w-        c:\programme\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20        133432        ----a-w-        c:\programme\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07        1828136        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27        119152        ----a-w-        c:\programme\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29        2221352        ----a-w-        c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 15:14        570664        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32        1479680        ----a-w-        c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 09:08        1242448        ----a-w-        g:\programme\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2010-05-20 13:27        762736        ----a-w-        c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2010-02-20 09:18        6040408        ----a-w-        c:\programme\WebcamMax\WebcamMax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 18:05        204288        ------w-        c:\programme\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=
"g:\\Programme\\EA SPORTS\\FUSSBALL MANAGER 11\\Manager11.exe"=
"g:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Programme\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"g:\\Programme\\Steam\\steamapps\\dj_husnie\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"g:\\Programme\\MediaMobsters\\GangLand\\GANGLAND.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.10.2010 18:41 691696]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [15.10.2010 21:22 151552]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.10.2010 19:12 135336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.10.2010 19:33 1691480]
.
Inhalt des "geplante Tasks" Ordners

2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Playlist - c:\programme\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
IE: Free YouTube Download - c:\dokumente und einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Max\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\qencei7k.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-27 14:11
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Zeit der Fertigstellung: 2010-12-27  14:12:51
ComboFix-quarantined-files.txt  2010-12-27 13:12
ComboFix2.txt  2010-12-26 19:41

Vor Suchlauf: 11 Verzeichnis(se), 64.407.834.624 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 64.398.196.736 Bytes frei

- - End Of File - - FAD87BC5716BCDA392C86732C9E79318

cosinus 27.12.2010 14:38
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

maxdo123 01.01.2011 21:15
Sorry, aber in letzter Zeit hatte ich nicht so die Zeit, das alles zu machen. Hier die Logs:
GMER
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-28 18:37:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6 ST380815AS rev.3.AAA
Running: dery6iv9.exe; Driver: C:\DOKUME~1\Max\LOKALE~1\Temp\awaoqaob.sys


---- System - GMER 1.0.15 ----

SSDT            BA6B33A6                                                                                                            ZwCreateKey
SSDT            BA6B339C                                                                                                            ZwCreateThread
SSDT            BA6B33AB                                                                                                            ZwDeleteKey
SSDT            BA6B33B5                                                                                                            ZwDeleteValueKey
SSDT            spnr.sys                                                                                                            ZwEnumerateKey [0xB9ECDDA4]
SSDT            spnr.sys                                                                                                            ZwEnumerateValueKey [0xB9ECE132]
SSDT            BA6B33BA                                                                                                            ZwLoadKey
SSDT            spnr.sys                                                                                                            ZwOpenKey [0xB9EB50C0]
SSDT            BA6B3388                                                                                                            ZwOpenProcess
SSDT            BA6B338D                                                                                                            ZwOpenThread
SSDT            spnr.sys                                                                                                            ZwQueryKey [0xB9ECE20A]
SSDT            spnr.sys                                                                                                            ZwQueryValueKey [0xB9ECE08A]
SSDT            BA6B33C4                                                                                                            ZwReplaceKey
SSDT            BA6B33BF                                                                                                            ZwRestoreKey
SSDT            BA6B33B0                                                                                                            ZwSetValueKey

INT 0x62        ?                                                                                                                  8A698BF8
INT 0x63        ?                                                                                                                  8A4ADF00
INT 0x63        ?                                                                                                                  8A4ADF00
INT 0x73        ?                                                                                                                  8A698BF8
INT 0x94        ?                                                                                                                  8A4ADF00
INT 0xA4        ?                                                                                                                  8A4ADF00

Code            BA7F9C9C                                                                                                            ZwRequestPort
Code            BA7F9D3C                                                                                                            ZwRequestWaitReplyPort
Code            BA7F9BFC                                                                                                            ZwTraceEvent
Code            BA7F9C9B                                                                                                            NtRequestPort
Code            BA7F9D3B                                                                                                            NtRequestWaitReplyPort
Code            BA7F9BFB                                                                                                            NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!NtTraceEvent                                                                                          80535128 5 Bytes  JMP BA7F9C00
PAGE            ntkrnlpa.exe!NtRequestPort                                                                                          805A2A10 5 Bytes  JMP BA7F9CA0
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort                                                                                805A2D3C 5 Bytes  JMP BA7F9D40
?              spnr.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB9158000, 0x273B67, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                              B910F8AC 5 Bytes  JMP 8A4AD4E0
.text          ae1o8a6i.SYS                                                                                                        B9082386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text          ae1o8a6i.SYS                                                                                                        B90823AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text          ae1o8a6i.SYS                                                                                                        B90823C4 3 Bytes  [00, 80, 02]
.text          ae1o8a6i.SYS                                                                                                        B90823C9 1 Byte  [30]
.text          ae1o8a6i.SYS                                                                                                        B90823C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                               
.text          win32k.sys!EngAcquireSemaphore + 20F0                                                                              BF8082F4 5 Bytes  JMP BA7F9480
.text          win32k.sys!EngFreeUserMem + 5BD2                                                                                    BF80EE7B 5 Bytes  JMP BA7F93E0
.text          win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E                                                                            BF81E78D 5 Bytes  JMP BA7F9A20
.text          win32k.sys!EngMultiByteToWideChar + 2F32                                                                            BF86FF5D 5 Bytes  JMP BA7F98E0
.text          win32k.sys!EngSetLastError + 7692                                                                                  BF87E6B3 5 Bytes  JMP BA7F95C0
.text          win32k.sys!EngCreateBitmap + 202E                                                                                  BF88FBEB 5 Bytes  JMP BA7F9700
.text          win32k.sys!EngCreateBitmap + 1116E                                                                                  BF89ED2B 5 Bytes  JMP BA7F9520
.text          win32k.sys!FONTOBJ_pxoGetXform + B03A                                                                              BF8B91F2 5 Bytes  JMP BA7F9660
.text          win32k.sys!EngAlphaBlend + 3E8                                                                                      BF8C3223 5 Bytes  JMP BA7F97A0
.text          win32k.sys!PATHOBJ_bCloseFigure + 19F1                                                                              BF8F98ED 5 Bytes  JMP BA7F9980
.text          win32k.sys!EngCreateClip + 19B2                                                                                    BF913826 5 Bytes  JMP BA7F9AC0
.text          win32k.sys!EngCreateClip + 1F42                                                                                    BF913DB6 5 Bytes  JMP BA7F9B60
.text          win32k.sys!EngCreateClip + 2588                                                                                    BF9143FC 5 Bytes  JMP BA7F9840

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EB6042] spnr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EB613E] spnr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                [B9EB60C0] spnr.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                        [B9EB6800] spnr.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                [B9EB66D6] spnr.sys
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!KeGetCurrentIrql]                                                9E880000
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!HalTranslateBusAddress]                                          8986C636
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!READ_PORT_USHORT]                                                001C9686
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                        86C60200
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                00001CB2
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT            \SystemRoot\System32\Drivers\ae1o8a6i.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8A6971F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                      893081F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    8A47E1F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    8A47E1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                          8A70A1F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                            8A70A1F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8A70A1F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                              8A70A1F8
Device          \Driver\usbohci \Device\USBPDO-2                                                                                    8A47E1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{4CD21C77-0E87-48C7-B85A-DD4C639A0C6F}                                            89D201F8
Device          \Driver\usbohci \Device\USBPDO-3                                                                                    8A47E1F8
Device          \Driver\usbohci \Device\USBPDO-4                                                                                    8A47E1F8
Device          \Driver\usbehci \Device\USBPDO-5                                                                                    8A4451F8
Device          \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1                                                8A70A1F8
Device          \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1                                              8A70A1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A6991F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A6991F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        8A4B0500
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1b                                                                        [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e                                                                        [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6                                                                        [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                        8A4B0500
Device          \Driver\sptd \Device\3519612686                                                                                    spnr.sys
Device          \Driver\USBSTOR \Device\00000081                                                                                    89DE6500
Device          \Driver\USBSTOR \Device\00000082                                                                                    89DE6500
Device          \Driver\USBSTOR \Device\00000083                                                                                    89DE6500
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            89D201F8
Device          \Driver\USBSTOR \Device\00000084                                                                                    89DE6500
Device          \Driver\USBSTOR \Device\00000085                                                                                    89DE6500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    89D201F8
Device          \Driver\PCI_PNP6436 \Device\0000004c                                                                                spnr.sys
Device          \Driver\USBSTOR \Device\00000088                                                                                    89DE6500
Device          \Driver\USBSTOR \Device\00000089                                                                                    89DE6500
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    8A47E1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{10F07D1E-CB8E-45B9-ABEE-33F14E96BEA2}                                            89D201F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    8A47E1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                  89A5A1F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                    8A47E1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                        89A5A1F8
Device          \Driver\usbohci \Device\USBFDO-3                                                                                    8A47E1F8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                    8A47E1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A6991F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                    8A4451F8
Device          \Driver\ae1o8a6i \Device\Scsi\ae1o8a6i1                                                                            8A4371F8
Device          \Driver\ae1o8a6i \Device\Scsi\ae1o8a6i1Port4Path0Target0Lun0                                                        8A4371F8
Device          \FileSystem\Fastfat \Fat                                                                                            893081F8

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                              89EED500

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA3 0x86 0x48 0xC5 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x74 0x5C 0x34 0x87 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA6 0x8C 0xE6 0xA9 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x13 0xC8 0x46 0x1B ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x74 0x5C 0x34 0x87 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xED 0x98 0x16 0x13 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xA3 0x86 0x48 0xC5 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x74 0x5C 0x34 0x87 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA6 0x8C 0xE6 0xA9 ...

---- EOF - GMER 1.0.15 ----
OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:13:25 on 01.01.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 11.00

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ANIO Service" (ANIO) - ? - C:\WINDOWS\system32\ANIO.SYS
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"at6c6q83" (at6c6q83) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\at6c6q83.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Max\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieDrv.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Max\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Programme\Sandboxie\SbieCtrl.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"amd_dc_opt" - "AMD" - C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"ANIWZCS2Service" - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"D-Link D-Link Wireless G DWL-G122_DWA-110" - "D-Link Corp." - C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ANIWConn Service" (ANIWConnService) - ? - C:\WINDOWS\system32\ANIWConnService.exe
"ANIWZCSd Service" (ANIWZCSdService) - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Programme\Microsoft LifeCam\MSCamS32.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieSvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRcheck
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000005c

Kernel Drivers (total 132):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9EB4000 spjw.sys
  0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
  0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
  0xB9E6D000 ACPI.sys
  0xB9E5C000 pci.sys
  0xBA0A8000 ohci1394.sys
  0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xBA0C8000 isapnp.sys
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA0D8000 MountMgr.sys
  0xB9E3D000 ftdisk.sys
  0xBA5AC000 dmload.sys
  0xB9E17000 dmio.sys
  0xBA330000 PartMgr.sys
  0xBA0E8000 VolSnap.sys
  0xB9DFF000 atapi.sys
  0xBA0F8000 disk.sys
  0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9DDF000 fltmgr.sys
  0xB9DCD000 sr.sys
  0xB9DB6000 KSecDD.sys
  0xB9D29000 Ntfs.sys
  0xB9CFC000 NDIS.sys
  0xBA5AE000 speedfan.sys
  0xB9CE2000 Mup.sys
  0xBA671000 giveio.sys
  0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xBA2E8000 \SystemRoot\system32\DRIVERS\processr.sys
  0xB969B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0xB9687000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB965F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xBA3F0000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xB963B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xBA318000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB9622000 \SystemRoot\System32\Drivers\AnyDVD.sys
  0xBA148000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB95FF000 \SystemRoot\system32\DRIVERS\ks.sys
  0xBA400000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
  0xB95C6000 \SystemRoot\System32\Drivers\at6c6q83.SYS
  0xBA168000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB9CA2000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xBA7B8000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB9C9E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB95AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA468000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB959E000 \SystemRoot\system32\DRIVERS\psched.sys
  0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB94DA000 \SystemRoot\System32\drivers\dmboot.sys
  0xBA470000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA478000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB94AA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA488000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA5EA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB944C000 \SystemRoot\system32\DRIVERS\update.sys
  0xB9C19000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xBA1D8000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
  0xBA1E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA5F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xACD51000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xACD2D000 \SystemRoot\system32\drivers\portcls.sys
  0xBA228000 \SystemRoot\system32\drivers\drmk.sys
  0xBA5F8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA7AA000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA5FA000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA4B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xBA340000 \SystemRoot\System32\drivers\vga.sys
  0xBA5FC000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA5FE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA348000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA370000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB9CA6000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xACCAA000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xACC51000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xACC29000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xACC03000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xBA248000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xACBE1000 \SystemRoot\System32\drivers\afd.sys
  0xBA258000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xBA378000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xBA268000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xACBB6000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xACB1E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
  0xBA298000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0xACA58000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xBA602000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xBA388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xACD11000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xBA308000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xAC9E3000 \SystemRoot\system32\DRIVERS\Dr71WU.sys
  0xACD05000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xACCF1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xAC9A3000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xBA628000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB9CAE000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA3A0000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA72A000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvag.dll
  0xBF060000 \SystemRoot\System32\ati2cqag.dll
  0xBF108000 \SystemRoot\System32\atikvmag.dll
  0xBF1B1000 \SystemRoot\System32\atiok3x2.dll
  0xBF216000 \SystemRoot\System32\ati3duag.dll
  0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xA9E3D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA9D04000 \??\C:\Programme\Sandboxie\SbieDrv.sys
  0xA9E25000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA9AA7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xA9952000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9B2C000 \SystemRoot\system32\drivers\sysaudio.sys
  0xBA390000 \??\C:\WINDOWS\system32\ANIO.SYS
  0xA95C9000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA9481000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA8B52000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll
  0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 42):
      0 System Idle Process
      4 System
    548 C:\WINDOWS\system32\smss.exe
    756 csrss.exe
    792 C:\WINDOWS\system32\winlogon.exe
    836 C:\WINDOWS\system32\services.exe
    848 C:\WINDOWS\system32\lsass.exe
    1040 C:\WINDOWS\system32\ati2evxx.exe
    1052 C:\WINDOWS\system32\svchost.exe
    1156 svchost.exe
    1196 C:\Programme\Sandboxie\SbieSvc.exe
    1216 C:\WINDOWS\system32\svchost.exe
    1352 svchost.exe
    1396 C:\WINDOWS\system32\ati2evxx.exe
    1456 svchost.exe
    1716 C:\WINDOWS\system32\spoolsv.exe
    1844 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1952 svchost.exe
    208 C:\WINDOWS\explorer.exe
    748 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    812 C:\WINDOWS\RTHDCPL.EXE
    900 C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    976 C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe
    1788 C:\Programme\Sandboxie\SbieCtrl.exe
    1872 C:\WINDOWS\system32\ctfmon.exe
    680 C:\WINDOWS\system32\ANIWConnService.exe
    700 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1444 C:\WINDOWS\system32\svchost.exe
    1536 C:\Programme\Java\jre6\bin\jqs.exe
    1576 C:\Programme\Microsoft LifeCam\MSCamS32.exe
    1612 C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
    2072 C:\WINDOWS\system32\IoctlSvc.exe
    2096 C:\WINDOWS\system32\PnkBstrA.exe
    2164 C:\WINDOWS\system32\svchost.exe
    2708 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    2716 wmpnetwk.exe
    2116 C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    3472 alg.exe
    3488 C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    3640 C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
    388 C:\Programme\Opera\opera.exe
    3736 C:\Dokumente und Einstellungen\Max\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAA 
PhysicalDrive1 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

      Size  Device Name          MBR Status
  --------------------------------------------
    74 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    465 GB  \\.\PhysicalDrive1  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
So, das sind die Logs.

cosinus 02.01.2011 11:07
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19