Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer lang

**bravestar2401** · 12.08.2010, 12:01

Hallo,
muß mich kurzhalten, der Rechner zeigt nach kurzer Benutzung nur noch den leeren Desktop und den mauszeiger an.
Habe gestern eine Tan abfrage der Sparkasse bekommen, die ich dummer weise ausdgefüllt habe.
(ist bereits alles gesperrt worden) seit dem geht hier kaum noch etwas. Inet geht nur eingeschrenkt. Programme schliessen sich.

Hier der Logife

allerdings ohne rootkit die Seite geht wie zb. ebay nicht mehr zu öffnen.

Code:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ricky at 2010-08-12 12:56:07
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 58 GB (49%) free of 119 GB
Total RAM: 3326 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:57, on 12.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Ricky\Desktop\RSIT.exe
C:\Program Files\trend micro\Ricky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [{F8644983-585A-B248-5F59-2133111EAD05}] C:\Users\Ricky\AppData\Roaming\Ubgoe\ogzog.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/de/securityadvisor...fo/webscan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{596E58C2-CD46-4C2E-863E-E965342389E8}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC16F33B-AF2F-49A6-8890-49187A46A479}: NameServer = 68.2.16.30,68.2.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AUC Helper (AUCAutostartWinService) - Unknown owner - C:\Program Files\AUC\AUC Autostart.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlashCP-Service - Unknown owner - C:\Program Files\FlashCP\FlashCP-Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c987bb76d4be61) (gupdate1c987bb76d4be61) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9278 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{9DB2C38C-D994-4711-8158-D428514B1294}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-02-13 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"{F8644983-585A-B248-5F59-2133111EAD05}"=C:\Users\Ricky\AppData\Roaming\Ubgoe\ogzog.exe [2008-10-06 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-09-12 357800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-15 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
C:\Program Files\DeskSpace\deskspace.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashCP]
C:\Program Files\FlashCP\FlashCP-Autorun.exe [2005-10-21 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2009-02-25 2553088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-20 202256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81}
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB}
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2009-02-25 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2009-02-25 591176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install - 
.scr - config - 

======List of files/folders created in the last 1 months======

2010-08-12 12:37:22 ----D---- C:\rsit
2010-08-07 22:23:10 ----D---- C:\ProgramData\FreePDF
2010-08-03 06:52:37 ----A---- C:\Windows\system32\shell32.dll
2010-07-27 19:31:28 ----D---- C:\Program Files\gs
2010-07-27 19:29:30 ----A---- C:\Windows\system32\unredmon.exe
2010-07-27 19:29:30 ----A---- C:\Windows\system32\redmonnt.dll
2010-07-27 19:23:53 ----D---- C:\Program Files\Ask.com
2010-07-27 19:23:48 ----D---- C:\Program Files\Foxit Software
2010-07-27 19:09:40 ----D---- C:\Program Files\GIMP-2.0

======List of files/folders modified in the last 1 months======

2010-08-12 12:56:20 ----D---- C:\Windows\Temp
2010-08-12 12:56:18 ----D---- C:\Program Files\Trend Micro
2010-08-12 12:55:27 ----D---- C:\Users\Ricky\AppData\Roaming\Cadu
2010-08-12 12:26:24 ----A---- C:\Windows\NeroDigital.ini
2010-08-12 12:25:55 ----D---- C:\Windows\Tasks
2010-08-12 12:25:22 ----D---- C:\Windows\Prefetch
2010-08-12 06:29:45 ----D---- C:\Users\Ricky\AppData\Roaming\FileZilla
2010-08-07 22:28:44 ----RD---- C:\Program Files
2010-08-07 22:23:10 ----HD---- C:\ProgramData
2010-08-07 22:20:07 ----D---- C:\Windows\system32\Tasks
2010-08-07 22:15:18 ----D---- C:\Windows
2010-08-07 15:17:53 ----D---- C:\Windows\Debug
2010-08-07 11:11:36 ----D---- C:\Windows\system32\oodag
2010-08-06 10:57:03 ----D---- C:\Windows\system32\catroot2
2010-08-05 13:34:18 ----D---- C:\Users\Ricky\AppData\Roaming\ICQ
2010-08-03 19:53:16 ----D---- C:\Windows\System32
2010-08-03 07:01:15 ----D---- C:\Windows\winsxs
2010-08-03 06:50:48 ----D---- C:\Windows\system32\catroot
2010-08-02 06:37:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-02 06:37:40 ----D---- C:\Windows\inf
2010-07-27 19:24:00 ----SHD---- C:\Windows\Installer
2010-07-27 19:14:51 ----D---- C:\Users\Ricky\AppData\Roaming\gtk-2.0
2010-07-26 06:39:58 ----D---- C:\Users\Ricky\AppData\Roaming\BOM
2010-07-25 12:28:53 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 19:35:18 ----D---- C:\Program Files\Cheat Engine
2010-07-15 19:29:33 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-07-15 06:18:16 ----D---- C:\Program Files\FileZilla FTP Client
2010-07-14 19:02:57 ----D---- C:\Program Files\Windows Mail
2010-07-14 19:01:37 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-06-17 157248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-15 691696]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251); C:\Windows\system32\DRIVERS\tdrpm251.sys [2010-06-17 902432]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-06-17 570016]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-21 25888]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2008-05-26 33488]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-06-17 159168]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 357376]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 195072]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 akdq7xb2;akdq7xb2; C:\Windows\system32\drivers\akdq7xb2.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2005-01-19 22016]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
S3 RT61;LevelOne WNC-0301 11g Wireless PCI Adapter Driver; C:\Windows\system32\DRIVERS\RT61.sys [2005-08-26 352768]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-07-10 91472]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-09-12 660936]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-17 2326920]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432]
R2 AUCAutostartWinService;AUC Helper; C:\Program Files\AUC\AUC Autostart.exe [2010-03-20 97280]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
R2 FlashCP-Service;FlashCP-Service; C:\Program Files\FlashCP\FlashCP-Service.exe [2005-10-21 126976]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2009-02-25 1352960]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-09 2232296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c987bb76d4be61;Google Update Service (gupdate1c987bb76d4be61); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 194032]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-13 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-22 104944]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-07-15 435008]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]

-----------------EOF-----------------

Nachtrag:
CCleaner wurde durchgeführt.
Spybot, Tuneup 2010, als auch Anitvir finden nichts.
Derweil versuche ich Rootkit zu installieren und den File hier zu posten

Habe eben geschafft den rootkit Scanner GMER herunterzuladen.
Nach Ausführung als admin kam die Meldung Programm funktioniert nicht mehr und danach ein Bluescreen mit sofortigem Herunterfahren.

BITTE UM HILFEE

**bravestar2401** · 12.08.2010, 16:34

Wie im Titel beschrieben.
Habe gut gläubig ein Phishing Fenster ausgefüllt und bestätigt.
Der Rechner ist seit dem Sehr langsam, fährt alleine runter,
öffnet MS-DOS Fenster ohne Text.

Vielleicht kann mir einer helfen.

Code:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ricky at 2010-08-12 17:27:20
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 57 GB (48%) free of 119 GB
Total RAM: 3326 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:53, on 12.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Ricky\Desktop\RSIT.exe
C:\Program Files\trend micro\Ricky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [{F8644983-585A-B248-5F59-2133111EAD05}] C:\Users\Ricky\AppData\Roaming\Ubgoe\ogzog.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/de/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{596E58C2-CD46-4C2E-863E-E965342389E8}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC16F33B-AF2F-49A6-8890-49187A46A479}: NameServer = 68.2.16.30,68.2.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AUC Helper (AUCAutostartWinService) - Unknown owner - C:\Program Files\AUC\AUC Autostart.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlashCP-Service - Unknown owner - C:\Program Files\FlashCP\FlashCP-Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c987bb76d4be61) (gupdate1c987bb76d4be61) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9278 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{9DB2C38C-D994-4711-8158-D428514B1294}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-02-13 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"{F8644983-585A-B248-5F59-2133111EAD05}"=C:\Users\Ricky\AppData\Roaming\Ubgoe\ogzog.exe [2008-10-06 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-09-12 357800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-15 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
C:\Program Files\DeskSpace\deskspace.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashCP]
C:\Program Files\FlashCP\FlashCP-Autorun.exe [2005-10-21 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2009-02-25 2553088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-20 202256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81}
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB}
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2009-02-25 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2009-02-25 591176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install - 
.scr - config - 

======List of files/folders created in the last 1 months======

2010-08-12 12:37:22 ----D---- C:\rsit
2010-08-07 22:23:10 ----D---- C:\ProgramData\FreePDF
2010-08-03 06:52:37 ----A---- C:\Windows\system32\shell32.dll
2010-07-27 19:31:28 ----D---- C:\Program Files\gs
2010-07-27 19:29:30 ----A---- C:\Windows\system32\unredmon.exe
2010-07-27 19:29:30 ----A---- C:\Windows\system32\redmonnt.dll
2010-07-27 19:23:53 ----D---- C:\Program Files\Ask.com
2010-07-27 19:23:48 ----D---- C:\Program Files\Foxit Software
2010-07-27 19:09:40 ----D---- C:\Program Files\GIMP-2.0

======List of files/folders modified in the last 1 months======

2010-08-12 17:27:36 ----D---- C:\Windows\Prefetch
2010-08-12 17:27:30 ----D---- C:\Windows\Temp
2010-08-12 17:27:26 ----D---- C:\Program Files\Trend Micro
2010-08-12 17:11:33 ----D---- C:\Users\Ricky\AppData\Roaming\Cadu
2010-08-12 16:32:55 ----SHD---- C:\System Volume Information
2010-08-12 16:15:21 ----D---- C:\Windows\Tasks
2010-08-12 14:39:04 ----A---- C:\Windows\NeroDigital.ini
2010-08-12 14:37:38 ----D---- C:\Windows\Minidump
2010-08-12 14:37:33 ----D---- C:\Windows
2010-08-12 14:17:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-12 14:11:06 ----D---- C:\Users\Ricky\AppData\Roaming\FileZilla
2010-08-07 22:28:44 ----RD---- C:\Program Files
2010-08-07 22:23:10 ----HD---- C:\ProgramData
2010-08-07 22:20:07 ----D---- C:\Windows\system32\Tasks
2010-08-07 15:17:53 ----D---- C:\Windows\Debug
2010-08-07 11:11:36 ----D---- C:\Windows\system32\oodag
2010-08-06 10:57:03 ----D---- C:\Windows\system32\catroot2
2010-08-05 13:34:18 ----D---- C:\Users\Ricky\AppData\Roaming\ICQ
2010-08-03 19:53:16 ----D---- C:\Windows\System32
2010-08-03 07:01:15 ----D---- C:\Windows\winsxs
2010-08-03 06:50:48 ----D---- C:\Windows\system32\catroot
2010-08-02 06:37:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-02 06:37:40 ----D---- C:\Windows\inf
2010-07-27 19:24:00 ----SHD---- C:\Windows\Installer
2010-07-27 19:14:51 ----D---- C:\Users\Ricky\AppData\Roaming\gtk-2.0
2010-07-26 06:39:58 ----D---- C:\Users\Ricky\AppData\Roaming\BOM
2010-07-25 12:28:53 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 19:35:18 ----D---- C:\Program Files\Cheat Engine
2010-07-15 19:29:33 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-07-15 06:18:16 ----D---- C:\Program Files\FileZilla FTP Client
2010-07-14 19:02:57 ----D---- C:\Program Files\Windows Mail
2010-07-14 19:01:37 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-06-17 157248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-15 691696]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251); C:\Windows\system32\DRIVERS\tdrpm251.sys [2010-06-17 902432]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-06-17 570016]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-21 25888]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2008-05-26 33488]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-06-17 159168]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 357376]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 195072]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 a1onremz;a1onremz; C:\Windows\system32\drivers\a1onremz.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2005-01-19 22016]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
S3 RT61;LevelOne WNC-0301 11g Wireless PCI Adapter Driver; C:\Windows\system32\DRIVERS\RT61.sys [2005-08-26 352768]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-07-10 91472]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-09-12 660936]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-17 2326920]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432]
R2 AUCAutostartWinService;AUC Helper; C:\Program Files\AUC\AUC Autostart.exe [2010-03-20 97280]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
R2 FlashCP-Service;FlashCP-Service; C:\Program Files\FlashCP\FlashCP-Service.exe [2005-10-21 126976]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2009-02-25 1352960]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-09 2232296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c987bb76d4be61;Google Update Service (gupdate1c987bb76d4be61); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 194032]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-13 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-22 104944]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-07-15 435008]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]

-----------------EOF-----------------

**pc-jedi** · 12.08.2010, 16:39

Willkommen im HijackThis.de Supportforum bravestar2401,

ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
Bitte folgende Punkte beachten:

Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert.
Während der Bereinigung alle vorhandenen externen Speichermedien (USB Sticks, Festplatten) anschließen,
und keine Programme ohne Absprache installieren oder deinstallieren.
Programme ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
Logfiles in Code-Tags posten und ggfs. persönliche Daten anonymisieren.
Arbeite jeden Punkt der Reihe nach ab und berichte, dass Du ihn erledigt hast.
Wenn es ein Problem gibt, stoppen und es so genau wie möglich beschreiben.

Achtung: Das Verschwinden der Symptome bedeutet nicht das Dein Rechner schon sauber ist.
Bitte arbeite solange mit bis wir sagen, dass der Rechner sauber ist.
Nur Anleitungen/Anweisungen eines hier aufgeführten Team-Mitglieds ausführen.
Es gibt grundsätzlich keinen Support per PN oder Mail.
Wir bereinigen keine Rechner, die geschäftlich genutzt werden.
Der Besitz legaler Software ist Vorraussetzung für die Support.
Sollten wir illegale Software finden, wird der Support eingestellt.

Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal-Ausgabe
Unter Extra-Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 2
Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Gmer ist geeignet für => NT/W2K/XP/VISTA/WIN 7 (nur 32Bit).
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Poste bitte bei deiner nächsten Antwort

OTL Logfiles
GMER Logfile

**bravestar2401** · 12.08.2010, 17:48

Hier die gewünschten Logfiles

(achja beim ausführen von GMER hatte ich 4 mal einen Bluescreen und einmal das alle Icons auf dem Desktop verschwanden und der Rechner von allein neugestartet hat)

Code:

OTL logfile created on: 12.08.2010 17:49:14 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ricky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 4987 4987 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,25 Gb Total Space | 69,71 Gb Free Space | 59,97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 116,64 Gb Total Space | 81,49 Gb Free Space | 69,86% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 132,07 Gb Free Space | 56,71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RICKY-PC
Current User Name: Ricky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ricky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\AUC\AUC Autostart.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\FlashCP\FlashCP-Service.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ricky\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Usbccenepes) --  File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AUCAutostartWinService) -- C:\Program Files\AUC\AUC Autostart.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (FlashCP-Service) -- C:\Programme\FlashCP\FlashCP-Service.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 12:28:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 19:26:23 | 000,000,000 | ---D | M]
 
[2010.03.07 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\mozilla\Extensions
[2010.08.11 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\mozilla\Firefox\Profiles\cebae93w.default\extensions
[2010.05.27 14:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricky\AppData\Roaming\mozilla\Firefox\Profiles\cebae93w.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.07.11 04:22:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ricky\AppData\Roaming\mozilla\Firefox\Profiles\cebae93w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.27 20:17:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ricky\AppData\Roaming\mozilla\Firefox\Profiles\cebae93w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.11 04:22:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ricky\AppData\Roaming\mozilla\Firefox\Profiles\cebae93w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.06 13:12:07 | 000,002,341 | ---- | M] () -- C:\Users\Ricky\AppData\Roaming\Mozilla\FireFox\Profiles\cebae93w.default\searchplugins\anderes-wortde.xml
[2010.08.11 20:42:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 14:28:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008.11.28 19:26:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\t-online@partners.mozilla.com
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.07.25 09:10:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 09:10:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.25 09:10:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 09:10:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 09:10:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.20 14:30:08 | 000,408,436 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: ::1 	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14126 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{F8644983-585A-B248-5F59-2133111EAD05}] C:\Users\Ricky\AppData\Roaming\Ubgoe\ogzog.exe (fres)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/de/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06a00786-5374-11de-baea-00508db7efeb}\Shell - "" = AutoRun
O33 - MountPoints2\{06a00786-5374-11de-baea-00508db7efeb}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{6f07e1fd-d349-11dd-9cc9-00508db7efeb}\Shell - "" = AutoRun
O33 - MountPoints2\{6f07e1fd-d349-11dd-9cc9-00508db7efeb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bf4ff554-297e-11de-b565-00508db7efeb}\Shell - "" = AutoRun
O33 - MountPoints2\{bf4ff554-297e-11de-b565-00508db7efeb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.12 17:48:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ricky\Desktop\OTL.exe
[2010.08.12 12:37:22 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.07 22:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF
[2010.08.02 06:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Desktop\Neuer Ordner
[2010.07.27 19:31:28 | 000,000,000 | ---D | C] -- C:\Programme\gs
[2010.07.27 19:30:03 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\FreePDF_XP
[2010.07.27 19:23:53 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2010.07.27 19:23:48 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2010.07.27 19:09:59 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\gegl-0.0
[2010.07.27 19:09:59 | 000,000,000 | ---D | C] -- C:\Users\Ricky\.gimp-2.6
[2010.07.27 19:09:40 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.12 17:49:30 | 008,388,608 | ---- | M] () -- C:\Users\Ricky\NTUSER.DAT
[2010.08.12 17:48:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ricky\Desktop\OTL.exe
[2010.08.12 17:47:00 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9DB2C38C-D994-4711-8158-D428514B1294}.job
[2010.08.12 17:46:02 | 000,190,464 | ---- | M] () -- C:\Users\Ricky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 17:17:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.12 16:15:21 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.12 16:12:52 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 16:12:50 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 16:12:46 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.12 16:12:45 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.12 16:12:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.12 16:12:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 16:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 16:12:03 | 001,395,761 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.08.12 14:43:32 | 000,524,288 | -HS- | M] () -- C:\Users\Ricky\NTUSER.DAT{f2f12c94-7b9f-11df-96a6-00508db7efeb}.TMContainer00000000000000000001.regtrans-ms
[2010.08.12 14:43:32 | 000,065,536 | -HS- | M] () -- C:\Users\Ricky\NTUSER.DAT{f2f12c94-7b9f-11df-96a6-00508db7efeb}.TM.blf
[2010.08.12 14:43:23 | 003,630,928 | -H-- | M] () -- C:\Users\Ricky\AppData\Local\IconCache.db
[2010.08.12 14:39:04 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.12 14:37:33 | 239,459,353 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.12 12:36:10 | 000,339,991 | ---- | M] () -- C:\Users\Ricky\Desktop\RSIT.exe
[2010.08.06 23:39:30 | 004,437,504 | ---- | M] () -- C:\Users\Ricky\Desktop\Klaus Hallen I m your angel.mpeg3
[2010.08.06 23:31:49 | 006,903,561 | ---- | M] () -- C:\Users\Ricky\Desktop\tr15.mp3
[2010.08.02 06:37:41 | 001,453,716 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.02 06:37:41 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.02 06:37:41 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.02 06:37:41 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.02 06:37:41 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.30 17:09:41 | 000,002,453 | ---- | M] () -- C:\Users\Ricky\Desktop\O&O Defrag.lnk
[2010.07.30 17:09:38 | 000,878,542 | ---- | M] () -- C:\Users\Ricky\Documents\rauchhaus.sh3d
[2010.07.27 19:14:51 | 000,000,874 | ---- | M] () -- C:\Users\Ricky\.recently-used.xbel
[2010.07.27 19:09:55 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.07.26 20:23:42 | 451,891,125 | ---- | M] () -- C:\Users\Ricky\Desktop\Moon.flv
[2010.07.25 12:47:30 | 000,090,034 | ---- | M] () -- C:\Users\Ricky\Desktop\ga.jpg
[2010.07.25 12:47:23 | 000,110,897 | ---- | M] () -- C:\Users\Ricky\Desktop\kg.jpg
[2010.07.25 12:47:14 | 000,101,449 | ---- | M] () -- C:\Users\Ricky\Desktop\dg.jpg
[2010.07.25 12:47:05 | 000,106,912 | ---- | M] () -- C:\Users\Ricky\Desktop\eg.jpg
[2010.07.15 19:29:32 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.07.15 19:29:32 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.12 14:26:12 | 239,459,353 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.12 12:36:08 | 000,339,991 | ---- | C] () -- C:\Users\Ricky\Desktop\RSIT.exe
[2010.08.06 23:35:42 | 004,437,504 | ---- | C] () -- C:\Users\Ricky\Desktop\Klaus Hallen I m your angel.mpeg3
[2010.08.06 23:31:48 | 006,903,561 | ---- | C] () -- C:\Users\Ricky\Desktop\tr15.mp3
[2010.07.27 19:29:30 | 000,119,152 | ---- | C] () -- C:\Windows\System32\redmon.hlp
[2010.07.27 19:29:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.07.27 19:29:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.07.27 19:14:51 | 000,000,874 | ---- | C] () -- C:\Users\Ricky\.recently-used.xbel
[2010.07.27 19:09:55 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.07.26 19:47:40 | 451,891,125 | ---- | C] () -- C:\Users\Ricky\Desktop\Moon.flv
[2010.07.25 12:47:30 | 000,090,034 | ---- | C] () -- C:\Users\Ricky\Desktop\ga.jpg
[2010.07.25 12:47:23 | 000,110,897 | ---- | C] () -- C:\Users\Ricky\Desktop\kg.jpg
[2010.07.25 12:47:14 | 000,101,449 | ---- | C] () -- C:\Users\Ricky\Desktop\dg.jpg
[2010.07.25 12:47:04 | 000,106,912 | ---- | C] () -- C:\Users\Ricky\Desktop\eg.jpg
[2010.06.03 16:06:12 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.05.24 21:33:00 | 004,670,829 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010.05.24 21:33:00 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010.05.24 21:33:00 | 001,447,921 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010.05.24 21:33:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010.05.24 21:33:00 | 000,810,113 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.24 21:33:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010.05.24 21:33:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010.05.24 21:33:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010.05.24 21:33:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010.05.24 21:33:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010.05.24 21:33:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010.05.24 21:33:00 | 000,139,944 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010.05.24 21:33:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010.05.24 21:33:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010.05.24 21:33:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.24 21:33:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010.05.24 21:33:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010.05.19 22:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010.05.19 22:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010.05.19 22:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010.05.19 22:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010.05.19 22:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010.05.19 22:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010.05.19 22:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010.05.19 22:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010.05.19 22:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010.05.19 22:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010.04.21 18:08:08 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.04.21 18:08:07 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.04.20 19:49:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.18 19:03:34 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.02.28 17:26:49 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2010.02.27 21:37:18 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.02.27 21:35:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.02.27 21:34:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.27 21:33:54 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.31 17:33:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\BReWErS.dll
[2009.09.16 17:23:21 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.08.04 08:16:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008.11.21 07:41:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.06.21 19:13:49 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2008.06.11 21:11:06 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.06.11 21:11:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.06.04 19:36:47 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2008.05.27 21:38:41 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2008.05.17 20:43:06 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008.04.23 20:54:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.04.05 16:06:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.04.04 07:25:17 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.04.03 10:44:36 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2008.04.03 10:43:25 | 000,000,205 | ---- | C] () -- C:\Windows\disneysy.ini
[2008.04.01 17:13:26 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.06 15:51:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\FlashCP.ini
[2005.03.02 13:12:14 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5B56640
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0F8F5844
< End of report >

Code:

OTL Extras logfile created on: 12.08.2010 17:49:14 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ricky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 4987 4987 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,25 Gb Total Space | 69,71 Gb Free Space | 59,97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 116,64 Gb Total Space | 81,49 Gb Free Space | 69,86% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 132,07 Gb Free Space | 56,71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RICKY-PC
Current User Name: Ricky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3405140367-461484965-3253473089-1001]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004DC21B-F5BD-4BB9-A00F-7C6099E54E12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{312D54E0-85BB-4EAA-9E17-57EADAD16D1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{37CE6B48-E95E-4165-BCE8-B5FBF0A03156}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4196B5F6-FC7F-42DE-BFB6-BAA54005959F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{47919BF2-0F3C-4363-8DE8-D8A0D48D398E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6A2D5E43-35E8-4FEF-9C3C-AB25BE63B6B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{765B2668-4200-422B-A99D-45873D24602E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E23DA01-0D2F-4B9B-A86D-94CC2825C1D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{90A4A7BA-860A-41E2-940A-728F5E6D724F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9135C6D3-567F-4E3C-AF8F-E2BCBF3B62F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{914168C6-68A4-4DA3-A3D0-3C6C8E2E226B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A2678FD8-0382-4231-9CDB-B751CCD8EAEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AA33A466-5025-4422-BF1B-7AB013380417}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D030D13B-9843-4590-848B-884F244EE354}" = lport=5190 | protocol=6 | dir=in | name=icq | 
"{D546CDB4-AEBD-41B0-ACF5-F4392BFBB0BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD7ED8F2-C4B2-44DB-95BB-F345B840549B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F2E7B177-F3DB-479B-B31A-C8E37E5F46E1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F89E8749-7952-40ED-BD76-9D5CE03CCC69}" = rport=2869 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0865E10A-80F7-403E-BC29-51808DF9AF22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0904BFF9-DA03-484C-B14F-DBE5AABC33AB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0F49703F-1F17-47E5-A148-47AE8A712CE1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0F8843FF-694D-4E84-81BA-884D0232C20C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{10452C9D-B952-4EAB-921F-86000912C170}" = protocol=6 | dir=in | app=e:\games\fuel\fuel.exe | 
"{15AE872D-8E8C-455B-8406-606EF48612E9}" = protocol=6 | dir=in | app=e:\games\assassins.creed.ii-skidrow\assassinscreediigame.exe | 
"{1B6A6616-9E9A-45E5-99FC-4BBB7098AAFC}" = protocol=17 | dir=in | app=e:\games\bioshock.2.proper-reloaded\sp\builds\binaries\bioshock2.exe | 
"{296F59E0-C88B-42FE-A5BF-777901EAC59A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2A3CB14C-F9B2-4E98-9E82-72A0FB9D901F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2D7599C2-C932-41CD-9309-9953EDE134DA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{32666678-3F48-4248-9D78-5EA5E3875508}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{3337799B-3DFC-4ED6-9003-8F7AE9FD0D60}" = protocol=17 | dir=in | app=e:\games\anno 1404\addon.exe | 
"{34BC8E66-E0E3-4746-8AC9-A500E3B7BCC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{430097DE-ED85-4B5D-8CF9-711EF675AA18}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{653CC818-42C1-423B-A581-4B475055CEC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A56D9C6-0651-4EDB-80AE-3936567935AC}" = protocol=6 | dir=in | app=e:\games\assassins.creed.ii-skidrow\uplaybrowser.exe | 
"{8B03A845-7903-4379-A73F-DE5863ADEA1C}" = protocol=17 | dir=in | app=e:\games\anno 1404\tools\addonweb.exe | 
"{9185B5F2-0B5B-4FE1-9F6F-50DF4ED94A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{91CA6844-E7D9-4231-B367-B85EAEE2C380}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A1D4C34-75C5-4675-B7D3-A05ED240D9AE}" = protocol=6 | dir=in | app=e:\games\bioshock.2.proper-reloaded\mp\builds\binaries\bioshock2.exe | 
"{9B8885F3-639B-4CA2-AFD6-62D4B3B055C3}" = protocol=6 | dir=in | app=e:\games\anno 1404\anno4.exe | 
"{A0561A2C-EB8E-4979-94DC-01505F59E0DF}" = protocol=6 | dir=in | app=e:\games\anno 1404\addon.exe | 
"{A0C2B351-2138-43D0-BF41-E8CAD41DE6B2}" = protocol=6 | dir=in | app=e:\games\anno 1404\tools\anno4web.exe | 
"{A6BC56B3-0EDE-4C70-98D7-9A2D578382F5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A89ADCDE-A9B2-40C8-B961-34949A63C8D1}" = protocol=17 | dir=in | app=e:\games\assassins.creed.ii-skidrow\uplaybrowser.exe | 
"{AAE46173-71D7-40B8-9431-33C14106A1F4}" = protocol=17 | dir=in | app=e:\games\assassins.creed.ii-skidrow\assassinscreedii.exe | 
"{B58A0012-84AE-4D4B-AB48-BD4CD55208EB}" = protocol=6 | dir=in | app=e:\games\bioshock.2.proper-reloaded\sp\builds\binaries\bioshock2.exe | 
"{B59CC89E-3911-4F8C-B6BB-A34CEC8B3AEA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B8F677EF-415F-48B7-8989-0CB390F2CDC1}" = protocol=17 | dir=in | app=e:\games\assassins.creed.ii-skidrow\assassinscreediigame.exe | 
"{B9D618FE-996F-4070-9DB7-A4DF723ACF8E}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{BFF7BD0B-86B0-4372-9E8D-5C38830140EE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{C1009BF3-60E2-457D-82E1-99CDB93FE651}" = protocol=6 | dir=in | app=e:\games\assassins.creed.ii-skidrow\assassinscreedii.exe | 
"{C30AE4C8-EB6C-4B39-B555-07E56AEF7D77}" = protocol=17 | dir=in | app=e:\games\anno 1404\tools\anno4web.exe | 
"{C32C8279-218D-4680-A2B7-7691EA92F54D}" = protocol=6 | dir=in | app=e:\games\anno 1404\tools\addonweb.exe | 
"{CE4F4FAB-0D7D-40D1-B921-D06B8C3DC2B5}" = protocol=17 | dir=in | app=e:\games\anno 1404\anno4.exe | 
"{CF933228-12DA-4058-9AC8-223D3F1C32EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E30CAC29-9A48-4B80-B326-DD743FEE0192}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E9787856-DBA6-4646-9565-4D4FB3C86F5E}" = protocol=17 | dir=in | app=e:\games\fuel\fuel.exe | 
"{F5FAC78E-4F72-4964-9EF3-C86C95EE890E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F87D250F-02A0-44AE-84EB-E274FF70B59C}" = protocol=17 | dir=in | app=e:\games\bioshock.2.proper-reloaded\mp\builds\binaries\bioshock2.exe | 
"TCP Query User{0B5DF6A1-A138-40D9-B1E8-0D9EA90AAB8E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{0BDA0A88-D5C5-4776-95EB-6A0B499CB573}E:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\games\tmnationsforever\tmforever.exe | 
"TCP Query User{28A0C509-D6BC-4E4F-A7FA-F6F1A1B780E7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{2AE10006-616B-4ACA-B4F3-E7C9FDBDC533}E:\games\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead\left4dead.exe | 
"TCP Query User{83C215A0-B765-41E4-99FE-E4884A4F16AF}E:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\games\tmnationsforever\tmforever.exe | 
"TCP Query User{A12B86EA-21FB-4327-8C7F-1824EF442714}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A8367738-5EE2-4EE3-8946-1BFC6A144DA3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D2DF0837-F281-4734-BCA3-C42038110485}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DC9156E3-6AE2-49AB-B1FA-D6E1954787DB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E1F20DFF-108E-400C-8828-31526B06F25F}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"UDP Query User{0F253F9E-A8F2-4AF5-94CE-54FB553B9CCE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{16D35912-843F-496E-BB3C-31D30F149F09}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{1EC53DDC-1DFA-47FD-A7C7-916F122A9BBF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{26617615-4C73-41C5-8C1F-608918E3E9FF}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"UDP Query User{4B310B30-D1FA-434D-B50E-61B915D77B9B}E:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\games\tmnationsforever\tmforever.exe | 
"UDP Query User{B6E9E305-A182-452F-B449-07C4B2A63C50}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C48A63B8-0569-432B-86B5-F281A0556F28}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C9656CB5-F6B2-4AC5-ABC6-B9CDD38D082A}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{F615C677-6981-4AB4-B089-78F76F4D3831}E:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\games\tmnationsforever\tmforever.exe | 
"UDP Query User{FE636CA9-7901-42C6-947E-772A70CB87EF}E:\games\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead\left4dead.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05FA911F-E9CE-4C36-A272-A45CCE52C1C0}" = AeroPeek
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{381D847E-7E56-4E82-B261-F799E0F40EB4}" = PHOTOfunSTUDIO 4.0 HD Edition
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{50BC0FF8-F19C-42C3-AB28-55280DA21031}" = Nero 8 Essentials
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C3CE73B-E7B8-4979-8740-1476C5CBDEBA}" = Corona Visualization Plug-in for WMP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{d5230bad-c79f-4fe2-8e53-d46c46f2f533}" = Nero 9 Lite
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FDF6A2C0-FFB7-4969-B855-769E0A205D17}" = FlashCP Service
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.12.0" = Biet-O-Matic v2.12.0
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 11.1.0 11.1.0.***unknown variable buildnummer***" = ElsterFormular 11.1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.3
"Google Updater" = Google Updater
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP4 Player" = MP4 Player 
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"pdfsam" = pdfsam
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMend Folder Hidden_is1" = WinMend Folder Hidden 1.4.0
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 08:28:05 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 08:28:05 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 08:30:04 | Computer Name = Ricky-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung emhlgt7u.exe, Version 1.0.15.15281, Zeitstempel
 0x4b2763f0, fehlerhaftes Modul emhlgt7u.exe, Version 1.0.15.15281, Zeitstempel 
0x4b2763f0, Ausnahmecode 0xc0000005, Fehleroffset 0x0005c887,  Prozess-ID 0xa8, Anwendungsstartzeit
 01cb3a1a145ec685.
 
Error - 12.08.2010 08:35:12 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 08:35:12 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 08:38:57 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 08:38:57 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 10:13:25 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 10:13:25 | Computer Name = Ricky-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 10:48:49 | Computer Name = Ricky-PC | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 26.04.2008 13:44:48 | Computer Name = Ricky-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 26.04.2008 13:49:48 | Computer Name = Ricky-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 30.04.2008 16:52:12 | Computer Name = Ricky-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 28.04.2009 08:47:21 | Computer Name = Ricky-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 04.06.2008 13:55:02 | Computer Name = Ricky-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 128028
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 25.08.2008 10:30:43 | Computer Name = Ricky-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 189257
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 21.04.2009 15:08:23 | Computer Name = Ricky-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 48
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2010 13:40:40 | Computer Name = Ricky-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2010 13:41:40 | Computer Name = Ricky-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.08.2010 08:30:07 | Computer Name = Ricky-PC | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung
 im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.101.
 Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte
 zu vermeiden.
 
Error - 12.08.2010 08:34:42 | Computer Name = Ricky-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.08.2010 um 14:33:17 unerwartet heruntergefahren.
 
Error - 12.08.2010 08:35:01 | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.08.2010 08:37:38 | Computer Name = Ricky-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.08.2010 um 14:36:42 unerwartet heruntergefahren.
 
Error - 12.08.2010 08:38:46 | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.08.2010 10:13:08 | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.08.2010 10:13:27 | Computer Name = Ricky-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 12.08.2010 10:13:27 | Computer Name = Ricky-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 169.254.141.24 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 12.08.2010 10:13:28 | Computer Name = Ricky-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 12.08.2010 10:13:31 | Computer Name = Ricky-PC | Source = ipnathlp | ID = 30005
Description = Ein DHCP-Server mit der IP-Adresse 192.168.0.1 wurde von der DHCP-Zuweisung
 im selben Netzwerk gefunden, wie die Schnittstelle mit der IP-Adresse 192.168.0.101.
 Die Zuweisung wurde auf der Schnittstelle automatisch deaktiviert, um DHCP-Clientkonflikte
 zu vermeiden.
 
 
< End of report >

Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 18:41:08
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Ricky\AppData\Local\Temp\fwlcrpoc.sys


---- System - GMER 1.0.15 ----

INT 0x51        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0x62        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0x72        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          84F2DBF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          84F2DBF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          84F2DBF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          84F2DBF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0x92        ?                                                                                                                                                                                                                                                                                                                                                                                                          84F2DBF8
INT 0xA2        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0xA2        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0xA2        ?                                                                                                                                                                                                                                                                                                                                                                                                          86CD5BF8
INT 0xB2        ?                                                                                                                                                                                                                                                                                                                                                                                                          84F2DBF8

---- Kernel code sections - GMER 1.0.15 ----

?               System32\Drivers\spzn.sys                                                                                                                                                                                                                                                                                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                                                                                                                                                                                                                                                                                                      8B97941B 5 Bytes  JMP 86CD51D8 
.text           aqzmaszw.SYS                                                                                                                                                                                                                                                                                                                                                                                               8B355000 22 Bytes  [82, 03, 9C, 82, 6C, 02, 9C, ...]
.text           aqzmaszw.SYS                                                                                                                                                                                                                                                                                                                                                                                               8B355017 181 Bytes  [00, 32, 27, 79, 80, 3D, 25, ...]
.text           aqzmaszw.SYS                                                                                                                                                                                                                                                                                                                                                                                               8B3550CE 10 Bytes  [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text           aqzmaszw.SYS                                                                                                                                                                                                                                                                                                                                                                                               8B3550DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text           aqzmaszw.SYS                                                                                                                                                                                                                                                                                                                                                                                               8B3550E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text           ...                                                                                                                                                                                                                                                                                                                                                                                                        
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                                                                                                                                                                                                                                                                                     section is writeable [0xA2EF9300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                                                                                                                                                                                                                                                                                     section is writeable [0xA2F51300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\taskeng.exe[764] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                                  77659390 5 Bytes  JMP 01623724 
.text           C:\Windows\system32\taskeng.exe[764] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                                         77695804 5 Bytes  JMP 016235FB 
.text           C:\Windows\system32\taskeng.exe[764] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                                     77569B95 5 Bytes  JMP 016237C6 
.text           C:\Windows\system32\taskeng.exe[764] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                                           777801AD 5 Bytes  JMP 01635481 
.text           C:\Windows\system32\taskeng.exe[764] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                                           777A715A 5 Bytes  JMP 016355EE 
.text           C:\Windows\system32\taskeng.exe[764] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                                        756C9521 5 Bytes  JMP 01632823 
.text           C:\Windows\system32\taskeng.exe[764] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                                                7623330C 5 Bytes  JMP 01632CFA 
.text           C:\Windows\system32\taskeng.exe[764] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                                    76234496 5 Bytes  JMP 01632D53 
.text           C:\Windows\system32\taskeng.exe[764] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                                       7623659B 5 Bytes  JMP 01632D32 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                                          75E9654B 5 Bytes  JMP 0162BA1E 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                                            75E9878D 5 Bytes  JMP 0162BAD3 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                                       75E99088 5 Bytes  JMP 0162B9DB 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                                                75E9BF7F 5 Bytes  JMP 0162BAA7 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                                          75E9FABE 5 Bytes  JMP 0162B7FB 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                                          75EAEE89 5 Bytes  JMP 0162B84F 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                                       75EB3381 5 Bytes  JMP 0162BA5D 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                                        75F0A70A 5 Bytes  JMP 0162B93F 
.text           C:\Windows\system32\taskeng.exe[764] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                                        75F0A763 5 Bytes  JMP 0162B8A3 
.text           C:\Windows\Explorer.EXE[952] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                                          77659390 5 Bytes  JMP 04613724 
.text           C:\Windows\Explorer.EXE[952] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                                                 77695804 5 Bytes  JMP 046135FB 
.text           C:\Windows\Explorer.EXE[952] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                                             77569B95 5 Bytes  JMP 046137C6 
.text           C:\Windows\Explorer.EXE[952] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                                                   777801AD 5 Bytes  JMP 04625481 
.text           C:\Windows\Explorer.EXE[952] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                                                   777A715A 5 Bytes  JMP 046255EE 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                                                  75E9654B 5 Bytes  JMP 0461BA1E 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                                                    75E9878D 5 Bytes  JMP 0461BAD3 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                                               75E99088 5 Bytes  JMP 0461B9DB 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                                                        75E9BF7F 5 Bytes  JMP 0461BAA7 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                                                  75E9FABE 5 Bytes  JMP 0461B7FB 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                                                  75EAEE89 5 Bytes  JMP 0461B84F 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                                               75EB3381 5 Bytes  JMP 0461BA5D 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                                                75F0A70A 5 Bytes  JMP 0461B93F 
.text           C:\Windows\Explorer.EXE[952] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                                                75F0A763 5 Bytes  JMP 0461B8A3 
.text           C:\Windows\Explorer.EXE[952] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                                                756C9521 5 Bytes  JMP 04622823 
.text           C:\Windows\Explorer.EXE[952] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                                                        7623330C 5 Bytes  JMP 04622CFA 
.text           C:\Windows\Explorer.EXE[952] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                                            76234496 5 Bytes  JMP 04622D53 
.text           C:\Windows\Explorer.EXE[952] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                                               7623659B 5 Bytes  JMP 04622D32 
.text           C:\Windows\system32\Dwm.exe[1152] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                                     77659390 5 Bytes  JMP 01493724 
.text           C:\Windows\system32\Dwm.exe[1152] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                                            77695804 5 Bytes  JMP 014935FB 
.text           C:\Windows\system32\Dwm.exe[1152] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                                        77569B95 5 Bytes  JMP 014937C6 
.text           C:\Windows\system32\Dwm.exe[1152] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                                              777801AD 5 Bytes  JMP 014A5481 
.text           C:\Windows\system32\Dwm.exe[1152] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                                              777A715A 5 Bytes  JMP 014A55EE 
.text           C:\Windows\system32\Dwm.exe[1152] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                                                   7623330C 5 Bytes  JMP 014A2CFA 
.text           C:\Windows\system32\Dwm.exe[1152] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                                       76234496 5 Bytes  JMP 014A2D53 
.text           C:\Windows\system32\Dwm.exe[1152] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                                          7623659B 5 Bytes  JMP 014A2D32 
.text           C:\Windows\system32\Dwm.exe[1152] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                                           756C9521 5 Bytes  JMP 014A2823 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                                             75E9654B 5 Bytes  JMP 0149BA1E 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                                               75E9878D 5 Bytes  JMP 0149BAD3 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                                          75E99088 5 Bytes  JMP 0149B9DB 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                                                   75E9BF7F 5 Bytes  JMP 0149BAA7 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                                             75E9FABE 5 Bytes  JMP 0149B7FB 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                                             75EAEE89 5 Bytes  JMP 0149B84F 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                                          75EB3381 5 Bytes  JMP 0149BA5D 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                                           75F0A70A 5 Bytes  JMP 0149B93F 
.text           C:\Windows\system32\Dwm.exe[1152] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                                           75F0A763 5 Bytes  JMP 0149B8A3 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                   77659390 5 Bytes  JMP 007F3724 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                          77695804 5 Bytes  JMP 007F35FB 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                      77569B95 5 Bytes  JMP 007F37C6 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                            777801AD 5 Bytes  JMP 00805481 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                            777A715A 5 Bytes  JMP 008055EE 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                         756C9521 5 Bytes  JMP 00802823 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                                 7623330C 5 Bytes  JMP 00802CFA 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                     76234496 5 Bytes  JMP 00802D53 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                        7623659B 5 Bytes  JMP 00802D32 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                           75E9654B 5 Bytes  JMP 007FBA1E 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                             75E9878D 5 Bytes  JMP 007FBAD3 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                        75E99088 5 Bytes  JMP 007FB9DB 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                                 75E9BF7F 5 Bytes  JMP 007FBAA7 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                           75E9FABE 5 Bytes  JMP 007FB7FB 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                           75EAEE89 5 Bytes  JMP 007FB84F 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                        75EB3381 5 Bytes  JMP 007FBA5D 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                         75F0A70A 5 Bytes  JMP 007FB93F 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2640] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                         75F0A763 5 Bytes  JMP 007FB8A3 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                77659390 5 Bytes  JMP 025B3724 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                       77695804 5 Bytes  JMP 025B35FB 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                   77569B95 5 Bytes  JMP 025B37C6 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                         777801AD 5 Bytes  JMP 025C5481 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                         777A715A 5 Bytes  JMP 025C55EE 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                              7623330C 5 Bytes  JMP 025C2CFA 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                  76234496 5 Bytes  JMP 025C2D53 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                     7623659B 5 Bytes  JMP 025C2D32 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                      756C9521 5 Bytes  JMP 025C2823 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                        75E9654B 5 Bytes  JMP 025BBA1E 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                          75E9878D 5 Bytes  JMP 025BBAD3 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                     75E99088 5 Bytes  JMP 025BB9DB 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                              75E9BF7F 5 Bytes  JMP 025BBAA7 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                        75E9FABE 5 Bytes  JMP 025BB7FB 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                        75EAEE89 5 Bytes  JMP 025BB84F 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                     75EB3381 5 Bytes  JMP 025BBA5D 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                      75F0A70A 5 Bytes  JMP 025BB93F 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2712] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                      75F0A763 5 Bytes  JMP 025BB8A3 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                                 77659390 5 Bytes  JMP 00133724 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                                        77695804 5 Bytes  JMP 001335FB 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                                    77569B95 5 Bytes  JMP 001337C6 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                                          777801AD 5 Bytes  JMP 00145481 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                                          777A715A 5 Bytes  JMP 001455EE 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                                               7623330C 5 Bytes  JMP 00142CFA 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                                   76234496 5 Bytes  JMP 00142D53 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                                      7623659B 5 Bytes  JMP 00142D32 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                                       756C9521 5 Bytes  JMP 00142823 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                                         75E9654B 5 Bytes  JMP 0013BA1E 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                                           75E9878D 5 Bytes  JMP 0013BAD3 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                                      75E99088 5 Bytes  JMP 0013B9DB 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                                               75E9BF7F 5 Bytes  JMP 0013BAA7 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                                         75E9FABE 5 Bytes  JMP 0013B7FB 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                                         75EAEE89 5 Bytes  JMP 0013B84F 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                                      75EB3381 5 Bytes  JMP 0013BA5D 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                                       75F0A70A 5 Bytes  JMP 0013B93F 
.text           C:\Users\Ricky\Desktop\gmer.exe[2852] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                                       75F0A763 5 Bytes  JMP 0013B8A3 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                                           77659390 5 Bytes  JMP 001B3724 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] ntdll.dll!NtCreateUserProcess                                                                                                                                                                                                                                                                                                                                  77695804 5 Bytes  JMP 001B35FB 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] kernel32.dll!GetFileAttributesExW                                                                                                                                                                                                                                                                                                                              77569B95 5 Bytes  JMP 001B37C6 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                                                    777801AD 5 Bytes  JMP 001C5481 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                                                    777A715A 5 Bytes  JMP 001C55EE 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                                         7623330C 5 Bytes  JMP 001C2CFA 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                                             76234496 5 Bytes  JMP 001C2D53 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                                                7623659B 5 Bytes  JMP 001C2D32 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                                                 756C9521 5 Bytes  JMP 001C2823 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                                                   75E9654B 5 Bytes  JMP 001BBA1E 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                                                     75E9878D 5 Bytes  JMP 001BBAD3 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                                                75E99088 5 Bytes  JMP 001BB9DB 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                                         75E9BF7F 5 Bytes  JMP 001BBAA7 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                                                   75E9FABE 5 Bytes  JMP 001BB7FB 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                                                   75EAEE89 5 Bytes  JMP 001BB84F 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                                                75EB3381 5 Bytes  JMP 001BBA5D 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                                                 75F0A70A 5 Bytes  JMP 001BB93F 
.text           C:\Windows\system32\wbem\unsecapp.exe[3276] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                                                 75F0A763 5 Bytes  JMP 001BB8A3 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                                                                                                                                                                     85CEE1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                                                                                                                                                                     tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                                                                                                                                                                                                                                                                       85CEB1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\PCI_PNP4516 \Device\00000051                                                                                                                                                                                                                                                                                                                                                                       spzn.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                                                                                                                                                                                                                                                                           86D121F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                                                                                                                                                                                                     85CEB1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                                                                                                                                                                                                     tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                                                                                                                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                                                                                                                                                                                                     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\USBSTOR \Device\00000071                                                                                                                                                                                                                                                                                                                                                                           8755B1F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                                                                                                                                                                                                                                                                                           86D121F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                                                                                                                                                                                                     85CEB1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                                                                                                                                                                                                     tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                                                                                                                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                                                                                                                                                                                                     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\cdrom \Device\CdRom0                                                                                                                                                                                                                                                                                                                                                                               86CF81F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                                                                                                                                                                                                     85CEB1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                                                                                                                                                                                                     tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                                                                                                                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                                                                                                                                                                                                     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\cdrom \Device\CdRom1                                                                                                                                                                                                                                                                                                                                                                               86CF81F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                                                                                                                                                                                                                                                                                85CED1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                                                                                                                                                                                                                                                                                                                85CED1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                                                                                                                                                                                                         85CED1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                                                                                                                                                                                                         85CED1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                                                                                                                                                                                                                                                                         85CED1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                                                                                                                                                                                                                                                                         85CED1F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                                                                                                                                                                                                                                                                                         85CED1F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                                                                                                                                                                                                                                                                                         85CED1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3                                                                                                                                                                                                                                                                                                                                                                85CED1F8
Device                                                                                                                                                                                                                                                                                                                                                                                                                     85CEB1F8

AttachedDevice                                                                                                                                                                                                                                                                                                                                                                                                             tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice                                                                                                                                                                                                                                                                                                                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                                                                                                                                                                                                                                                                                                    873A7500
Device          \Driver\Smb \Device\NetbiosSmb                                                                                                                                                                                                                                                                                                                                                                             874311F8
Device          \Driver\sptd \Device\1157887016                                                                                                                                                                                                                                                                                                                                                                            spzn.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                                                                                                                                                                                                                                                                                         86CE11F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\USBSTOR \Device\0000006e                                                                                                                                                                                                                                                                                                                                                                           8755B1F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                                                                                                                                                                                                                                                                                           86D121F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\netbt \Device\NetBT_Tcpip_{AC16F33B-AF2F-49A6-8890-49187A46A479}                                                                                                                                                                                                                                                                                                                                   873A7500
Device          \Driver\netbt \Device\NetBT_Tcpip_{596E58C2-CD46-4C2E-863E-E965342389E8}                                                                                                                                                                                                                                                                                                                                   873A7500
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                                                                                                                                                                                                                                                                                           86CDB500
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                                                                                                                                                                                                                                                                                           86D121F8
Device          \Driver\aqzmaszw \Device\Scsi\aqzmaszw1                                                                                                                                                                                                                                                                                                                                                                    86D001F8
Device          \Driver\aqzmaszw \Device\Scsi\aqzmaszw1Port7Path0Target0Lun0                                                                                                                                                                                                                                                                                                                                               86D001F8
Device          \FileSystem\cdfs \Cdfs                                                                                                                                                                                                                                                                                                                                                                                     88048500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                                                                                                                                                                                                                                                       
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                                                                                                                                                                                                                            C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                                                                                                                                                                                            0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                                                                                                                                                                                         0x68 0xA7 0x3B 0x2F ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                                                                                                                                                                                                                                                                              
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                                                                                                                                                                                                                                                                                   0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                                                                                                                                                                                                0x2C 0xD5 0x53 0x73 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                                                                                                                                                                                                                                                                        
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                                                                                                                                                                                          0x25 0xA3 0x61 0x44 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                                                                                                                                                                                                                                                         771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                                                                                                                                                                                                                                                         285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                                                                                                                                                                                                                                                         2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                                                                                                                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                                                                                                                                                                        1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                                                                                                                                                                     0xFF 0x3A 0x92 0xC6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                                                                                                                                                        C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                                                                                                                                                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                                                                                                                                                                            0x4C 0x6E 0x17 0x08 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                                                                                                                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                                                                                                                                                                                                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                                                                                                                                                                       0x7E 0xDC 0x48 0xED ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                                                                                                                                                                                                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                                                                                                                                                                                        0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                                                                                                                                                                                     0x7E 0xA5 0x82 0x6D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                                                                                                                                                                                                                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                                                                                                                                                                                            0x2C 0xD5 0x53 0x73 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                                                                                                                                                                                                                                                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                                                                                                                                                                                      0xC9 0xCD 0xAC 0x30 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                                                                                                                                                                       
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                                                                                                                                                                            1
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                                                                                                                                                                         0xFF 0x3A 0x92 0xC6 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                                                                                                                                                                            C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                                                                                                                                                                                              
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                                                                                                                                                                                0x4C 0x6E 0x17 0x08 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                                                                                                                                                                   0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                                                                                                                                                                                                         
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                                                                                                                                                                           0x7E 0xDC 0x48 0xED ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                                                                                                                                                                                                                                                       
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                                                                                                                                                                                            0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                                                                                                                                                                                         0x7E 0xA5 0x82 0x6D ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                                                                                                                                                                                                                                                                              
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                                                                                                                                                                                                0x2C 0xD5 0x53 0x73 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                                                                                                                                                                                                                                                                        
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                                                                                                                                                                                          0xC9 0xCD 0xAC 0x30 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                                                                                                                                                                                                                                                                      
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION                                                                                                                                                                                                                                                                                                                       159798E42954C9A242BA97827811BDCC2D3EB55C503E53862A24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CFEBC9E127BECC74C0E6104A82ADDD2E04FCC7DB8014FE212D0418B46B7ED9C0186A437900B0A7526E8E2403DDA20264B4ED8F2DC8B29BDB9E07C0A49023AD43C95701EC921EAC0ED404CAD8C6A17E2DA2FC7AB719EE581725A2C219DF42DAEC4229BE46BE118C9989DA2D61AEEA505C3F99E395D9F74806266F10F3267E37657968510893479F595CCA3A93E7EA028C97C1793DFF63833C5F3A0F1C8B46E9D41223F078B846C4D6B5D3CF42438538FC9469B13879208B36C35C4CCF63AD037E9388F17ABC043FD33A312F04D3B7B9F31ADCD763A65ADC0B81F9A07A6DB8279C81070EF77DE40581A38FCB40B2C496481CC03E13164E9BDA26D146C94FE7043E82592A654D49F51E0F606BF0534668AD17F42DAF8886EB0341DD5AC538FF992EB3556B2F61F0C02DC80EE71B98069E34DE648C9F1D0E3C58DF03A5AC8FAF28B8545D3716ABDA7A679382B11F6C062E62F680700CFBDE2CA626E4FECAEB4A4F57E1BD3A28E3307A031C66047612A52AC4DACA1AE1DD5FC33F96055C113B348BEB1C2566B140833F595976C21EF74B0730B2370EB36A2B396AE54C215D6F11
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION                                                                                                                                                                                                                                                                                                                       400B58BCFDB57F58C0302E4AF9C8D268F4688A9696EC5C1E2D44BABC7BD9803A5F34FA5DBEC2BC009146C1373D5723C4186CE5BC3F5D211EA2D90A496A489912966EE0588677C861BC2E3C5C157185DB40CD6B17B3B640C8744B7188CFA6615BF99C7E712B716EBC246545DEB31B091DB9429A49A409AC5EFD28E34079ADD0C911C75B2FB8B14DD51B0C9BA602BC91FD462583BC76C6B0A50D2269FAE9F63893599A13DC6C9AD6756C678F5F1AA557F61DF34F9FC0C5696766129D06D5823873C1655809397552E55361867ACB06E505E7CF36E2D0BFC6F1C0702E742635C5A72F1C6D08C56F5A778205792A9BF39DA7C480073B28540E17465DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B98082A42E7BDE0D43FD9B0D3E4BC791056CD064437E93A373B29F58512AA0FCA3B2C5C22DF0688A4A0E2C8656A3AA59E477AEB7ECC59714AF632D8C93A03E5388A53969813A324C8F4B7FD9144C5811B096BED9C0476DE7E9253C9E8CDB8CC77CCE5C7F1BB02895A14F796A52DD547EFFA19C80DB3E142AC9F7B19105E32AC755DEB77BDCBF2E7F548646D330FC5870BF59DCA02631F3135213E2BB1323EBEA18E95BDD0E4ADBB3C4D64EF108B52285D45B758F0539417F
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{15DAB393-431E-C15E-DCF7-04885ECE3D91}                                                                                                                                                                                                                                                                                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{15DAB393-431E-C15E-DCF7-04885ECE3D91}@oakioiehmkjnoabcbcenpncpeomfgf                                                                                                                                                                                                                                                             0x6A 0x61 0x65 0x6E ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{15DAB393-431E-C15E-DCF7-04885ECE3D91}@paihmopdlemhocflajonhlijlolpbnfg                                                                                                                                                                                                                                                           0x6A 0x61 0x70 0x6D ...

---- Files - GMER 1.0.15 ----

File            C:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\WinMend-Folder-Hidden\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\842925246-2025429265-HidePassword.ini  50 bytes

---- EOF - GMER 1.0.15 ----

**pc-jedi** · 12.08.2010, 18:45

Hi

Hast du bevor du GMER hast laufen lassen folgendes gemacht:
Rootkit-Scanner Anleitungen

EDIT:
Mach dann noch bitte folgendes:
Schritt 1
Kontrolle, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Downloade die MBR.exe von Gmer und
speichere das Programm auf Deinem Desktop.
Mache einen Doppelklick auf das Programm, um es zu starten.
Wenn Dein Antiviren-Programm anschlägt, bitte ignorieren bzw. die Aktion zulassen.
Nun wirst Du ein Logfile auf Deinem Desktop namens mbr.log finden.
Poste mir den Inhalt dieser Logdatei hier in den Thread.

**bravestar2401** · 12.08.2010, 19:11

oh, nein nach dieser anleitung habe ich nicht gearbeitet.
Ich habe zwar alles deaktiviert aber keinen 2. durchlauf gemacht.
Ergänzung folgt in Kürze.

**bravestar2401** · 12.08.2010, 19:31

Ich bin jetzt einwenig verwirrt.
Dadurch das das Inet so langsam ist bauen sich die Seiten auch dementsprechend auf.
Wenn ich auf den Link für die Anleitung von GMER klicke dann öffnet sich zunächst eine Anleitung mit 2. Scan und Neustart etc.
Wenn ich länger warte ändert sich die Seite und es wird dann von Sophos oder so gesprochen.
Welche Anleitung ist nun die Richtige?
Oder anders, habe ich bislang alles richtig gemacht?

Code:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

**Petra** · 12.08.2010, 20:55

Ist das der gleiche Computer, wie in diesem Thread?

Ich kopiere diese Beiträge in den Thread, den pc-yedi bereits bearbeitet, dann ist alles zusammen.

**pc-jedi** · 12.08.2010, 21:06

Hi

Ware länger bis sich die Seite vollständig aufgebaut hat. Danach sollte das richtige ganz oben stehen ohne das du scrollen musst.

**bravestar2401** · 13.08.2010, 05:45

Morgen,

hier ist mal ein auschnitt von dem was mir zuerst angezeigt wird.
Rootkit-Scanner Anleitungen

Code:

Xeranox

Rootkit-Scanner Anleitungen

Lasse Dir auf jeden Fall von einem Team-Mitglied bei der Beseitigung von Rootkits helfen!
Mit den Scans alleine ist es nicht getan!

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

* alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
* keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
* nichts am Rechner getan werden,
* nach jedem Scan der Rechner neu gestartet werden.
* Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

* Gmer ist geeignet für => NT/W2K/XP/VISTA (nur 32Bit).
* Alle anderen Programme sollen geschlossen sein.
* Starte gmer.exe (hat einen willkürlichen Programm-Namen).
* Vista-User mit Rechtsklick und als Administrator starten.
* Gmer startet automatisch einen ersten Scan.
* Sollte sich ein Fenster mit folgender Warnung öffnen:
Code:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

* Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
* Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
* Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
* Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
* Wichtig: "Show all" darf nicht angehakt sein!
* Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
* Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
* Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

=====

Zweiter Lauf mit Gmer

* Starte Gmer erneut.
* Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
* Dann klickst Du auf "Scan" und erlaubst damit Gmer erneut zu scannen.
* Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
* Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
* Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
* Speichere das Dokument und poste mir den Inhalt hier in den Thread.

usw...
=====

..und hier das was mir danach angezeigt wird.
Rootkit-Scanner Anleitungen

Code:

Petra

AW: Rootkit-Scanner Anleitungen

Rootkit-Suche mit Sophos Anti-Rootkit

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

* alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
* keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
* nichts am Rechner getan werden,
* nach jedem Scan der Rechner neu gestartet werden.
* Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

* Gehe zu Sophos und lade deren Rootkitescanner herunter.
(Bebilderte Anleitung in Englisch) - Kurzanleitung in Deutsch.
* Zum Download ist eine Registrierung nötig.
* Das Programm ist auch für Vista und Windows 7 geeignet.
Du bekommst eine Installationsdatei sarsfx.exe.
* Starte diese, akzeptiere die Lizenzbestimmungen und lasse das Programm installieren,
ändere den vorgegebenen Pfad C:\programme\sophos\sophos anti-rootkit nicht.
* Schließe alle anderen Programme und gehe mit dem Explorer in diesen Ordner und starte sargui.exe.

* Lasse unter Area alles angehakt und starte den Scan mit "Start scan".
Der Scan dauert einige Zeit, wenn er fertig ist, poppt ein Fenster auf mit
einer Zusammenfassung, klicke dort "Ok".
* Beende den Sophos Rootkitscanner, dieser Scan dient zunächst nur der Analyse.
* Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche),
dort gibt es eine Datei namens sarscan.log, deren Inhalt bitte posten.

Das sind ja zwei verschiedene Programme.

Vor dem Scan habe ich alles so gemacht wie im ersten Log..aber ohne 2. Scan.

Soll ich nun nach Xenerox oder nach Petra verfahren.

Thema: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer lang

Themen-Optionen

Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer lang

Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer lang

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

AW: HILFE Fishing Alarm

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

AW: Firefox reagiert nach Sparkassen Phishing Trojaner kaum noch, Rechner wird immer

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Rechner hakt und reagiert manchmal kaum

Firefox-Seitenaufbau wird immer langsamer

Der Rechner spinnt noch immer!

Nach 20 mal Formatieren immer noch da HILFE!

Netscape immer noch für Firefox-Lücken anfällig

Berechtigungen