Taskleiste hängt sich auf, wird weiß, Task Manager lässt sich nicht öffnen!!!

    zum ersten der log

    Antivirus Version letzte aktualisierung Ergebnis a-squared4.5.0.502010.05.03-AhnLab-V32010.05.03.002010.05.03-AntiVir8.2.1.2242010.05.03-Antiy-AVL2.0.3.72010.04.30-Authentium5.2.0.52010.05.03-Avast4.8.1351.02010.05.03-Avast55.0.332.02010.05.03-AVG9.0.0.7872010.05.03-BitDefender7.22010.05.03-CAT-QuickHeal10.002010.05.03-ClamAV0.96.0.3-git2010.05.03-Comodo47502010.05.03-DrWeb5.0.2.033002010.05.03-eSafe7.0.17.02010.05.03-eTrust-Vet35.2.74652010.05.03-F-Prot4.5.1.852010.05.03-F-Secure9.0.15370.02010.05.03-Fortinet4.0.14.02010.05.03-GData212010.05.03-IkarusT3.1.1.80.02010.05.03-Jiangmin13.0.9002010.05.03-Kaspersky7.0.0.1252010.05.03-McAfee5.400.0.11582010.05.03-McAfee-GW-Edition6.8.52010.05.03-Microsoft1.57032010.05.03-NOD3250822010.05.03-Norman6.04.122010.05.03-nProtect2010-05-03.012010.05.03-Panda10.0.2.72010.05.02-PCTools7.0.3.52010.05.03-Prevx3.02010.05.03-Rising22.45.04.032010.04.30-Sophos4.53.02010.05.03-Sunbelt62502010.05.02-Symantec20091.2.0.412010.05.03-TheHacker6.5.2.0.2752010.05.03-TrendMicro9.120.0.10042010.05.03-TrendMicro-HouseCall9.120.0.10042010.05.03-VBA323.12.12.42010.05.03-ViRobot2010.5.3.23012010.05.03-VirusBuster5.0.27.02010.05.03-
    weitere Informationen File size: 455048 bytesMD5...: 58ddc97602991aa598a3e24f09036b55SHA1..: 0659615b4ef6ba0ae2ee82543138f7edd2590388SHA256: c9606146bda1793b892ba3edf22c265f62555cc4baab7aa4d4d6eddc92691fb8ssdeep: 6144:4ESQdtRrH8+qbavdj2jJSVkh+x3840aCOusOkTBksi3Kjqccgg2wV:4ES8H
    pqevJ2jCkhqFC5MWsqbBV
    PEiD..: -PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1338f
    timedatestamp.....: 0x49b7410a (Wed Mar 11 04:41:46 2009)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x5a82e 0x5aa00 6.71 839a84f9e2048a87bf64a6fc630ecb9b
    .data 0x5c000 0xc178 0x7800 4.71 59e53451189eb911f63310bed006fe40
    .rsrc 0x69000 0x5000 0x5000 4.96 4457aa0d9229bceb9ffdc1fe8f5c184d
    .reloc 0x6e000 0x5fe6 0x6000 4.97 cbc708b39bb6659ea65de5c3795aacbf

    ( 13 imports )
    > ADVAPI32.dll: RegCloseKey, RegSetValueExW, RegCreateKeyExW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, FreeSid, CheckTokenMembership, DuplicateToken, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, CreateProcessAsUserW, DuplicateTokenEx, RevertToSelf, ImpersonateLoggedOnUser, RegQueryInfoKeyW, RegEnumValueW, OpenThreadToken, GetLengthSid, CopySid, LookupAccountNameW, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExW, RegQueryValueExW, RegQueryValueExA, RegOpenKeyExA
    > KERNEL32.dll: SetEndOfFile, CreateMutexW, GetLocalTime, SystemTimeToFileTime, GetSystemDirectoryW, CreateEventW, ResetEvent, Sleep, CreateProcessW, LoadLibraryW, VirtualProtect, WaitForSingleObject, InitializeCriticalSectionAndSpinCount, DeviceIoControl, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, ReleaseMutex, GetComputerNameW, CompareFileTime, TryEnterCriticalSection, GetExitCodeProcess, GetCurrentProcess, GetProcessHeap, DeleteFileA, MoveFileA, LocalAlloc, GetTempPathA, GetCurrentDirectoryW, CreateMutexA, HeapAlloc, GetVersion, HeapFree, GetSystemDirectoryA, FindFirstFileA, ReadProcessMemory, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, WTSGetActiveConsoleSessionId, GetCurrentProcessId, ProcessIdToSessionId, CompareStringW, RemoveDirectoryW, DeleteFileW, MoveFileExW, FindFirstFileW, CopyFileW, FindNextFileW, FindClose, CreateDirectoryW, GetFileAttributesW, SetFileAttributesW, LocalFree, GetModuleFileNameW, FormatMessageW, CreateThread, CreateFileW, GetFileSize, ReadFile, WaitForMultipleObjects, GetLastError, GetModuleHandleW, OpenEventW, SetEvent, CloseHandle, GetVersionExA, GetStartupInfoW, RtlUnwind, SetUnhandledExceptionFilter, GetProcAddress, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, HeapSize, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, FreeLibrary, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RaiseException, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetLocaleInfoA, GetUserDefaultLCID
    > GDI32.dll: StartPage, StartDocA, SetMapMode, GetDeviceCaps, GetStockObject, SetBkMode, SetTextColor, CreateFontA, GetTextFaceA, GetTextMetricsW, SelectObject, DeleteObject, CreateSolidBrush, EndDoc, EndPage, DeleteDC
    > USER32.dll: GetParent, ShowWindow, GetDlgItem, SetTimer, DrawMenuBar, PostMessageW, GetSystemMenu, EnableWindow, SetWindowTextW, SendMessageW, KillTimer, LoadStringW, SetWindowLongW, EnableMenuItem, CheckDlgButton, GetDesktopWindow, LoadStringA, GetSysColor, MessageBoxW, GetDC, GetClientRect, MapWindowPoints, MoveWindow, ReleaseDC, GetWindowLongW, GetDlgCtrlID, SetCursor, CallWindowProcW, FillRect, DrawTextW, DrawFocusRect, LoadCursorW, DestroyCursor, SetDlgItemTextA, IsWindow, IsDlgButtonChecked, SetDlgItemTextW, GetWindowRect, GetSystemMetrics, SetWindowPos
    > ole32.dll: CoCreateInstance, CoUninitialize, CoSetProxyBlanket, CoInitialize, CoCreateGuid, StringFromGUID2, CLSIDFromProgID
    > comdlg32.dll: CommDlgExtendedError, PrintDlgA
    > COMCTL32.dll: PropertySheetW, CreatePropertySheetPageW
    > USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock
    > VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
    > WTSAPI32.dll: WTSQueryUserToken, WTSEnumerateSessionsW, WTSFreeMemory
    > CRYPT32.dll: CryptUnprotectData
    > SHELL32.dll: ShellExecuteA
    > OLEAUT32.dll: -, -, -, -, -, -, -

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -pdfid.: -trid..: Win32 Executable Generic (68.0%)
    Generic Win/DOS Executable (15.9%)
    DOS Executable Generic (15.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) 1995-2008 Microsoft Corporation
    product......: Microsoft Genuine Advantage
    description..: Setup von Windows Genuine Advantage-Benachrichtigungen
    original name: WGASetup.exe
    internal name: WGASetup
    file version.: 1.9.0012.0
    comments.....: n/a
    signers......: Microsoft Corporation
    Microsoft Code Signing PCA
    Microsoft Root Authority
    signing date.: 7:17 AM 3/11/2009
    verified.....: -
    zum zweiten:

    Antivirus Version letzte aktualisierung Ergebnis a-squared4.5.0.502010.05.03-AhnLab-V32010.05.03.002010.05.03-AntiVir8.2.1.2242010.05.03-Antiy-AVL2.0.3.72010.04.30-Authentium5.2.0.52010.05.03-Avast4.8.1351.02010.05.03-Avast55.0.332.02010.05.03-AVG9.0.0.7872010.05.03-BitDefender7.22010.05.03-CAT-QuickHeal10.002010.05.03-ClamAV0.96.0.3-git2010.05.03-Comodo47502010.05.03-DrWeb5.0.2.033002010.05.03-eSafe7.0.17.02010.05.03-eTrust-Vet35.2.74652010.05.03-F-Prot4.5.1.852010.05.03-F-Secure9.0.15370.02010.05.03-Fortinet4.0.14.02010.05.03-GData212010.05.03-IkarusT3.1.1.80.02010.05.03-Jiangmin13.0.9002010.05.03-Kaspersky7.0.0.1252010.05.03-McAfee5.400.0.11582010.05.03-McAfee-GW-Edition6.8.52010.05.03-Microsoft1.57032010.05.03-NOD3250822010.05.03-Norman6.04.122010.05.03-nProtect2010-05-03.012010.05.03-Panda10.0.2.72010.05.02-PCTools7.0.3.52010.05.03-Prevx3.02010.05.03-Rising22.45.04.032010.04.30-Sophos4.53.02010.05.03-Sunbelt62502010.05.02-Symantec20091.2.0.412010.05.03-TheHacker6.5.2.0.2752010.05.03-TrendMicro9.120.0.10042010.05.03-TrendMicro-HouseCall9.120.0.10042010.05.03-VBA323.12.12.42010.05.03-ViRobot2010.5.3.23012010.05.03-VirusBuster5.0.27.02010.05.03-
    weitere Informationen File size: 36272 bytesMD5...: f91f52f4ea5d88dab6245682a16f3a72SHA1..: cd8f3d00eae82c6205a24359a92f4c1c44930d45SHA256: ae3e06748af12d8beb8172dad5c06df427a0a6c35784e667b6c2c66c748ea3cassdeep: 768:bsJ2Nrzl9EZtrEx+PnMwdVVG608vypDkmOfvUq5LWUbCq:bseHXEzrE8M0/M
    OfvUq5aQCq
    PEiD..: -PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x3e34
    timedatestamp.....: 0x4bb826d4 (Sun Apr 04 05:42:44 2010)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x366c 0x3800 6.17 260cfb257b02de636710bd07e48f6c94
    .rdata 0x5000 0x2e16 0x3000 4.40 0edabdc14dddb7e15010ac469c98058c
    .data 0x8000 0x778 0x400 4.19 a088a8440ead64ea4047fe77acb5ba6a
    .rsrc 0x9000 0x6fc 0x800 4.80 3c6a39b729361e357f2f9f79563a204b

    ( 6 imports )
    > KERNEL32.dll: CloseHandle, TerminateThread, CreateThread, InitializeCriticalSection, CreateEventA, GetSystemInfo, UnmapViewOfFile, CreateFileA, VirtualQueryEx, GetCurrentProcess, MapViewOfFile, CreateFileMappingA, GetFileAttributesA, FindClose, FindNextFileA, FindFirstFileA, ReadFile, DeleteCriticalSection, GetTempPathA, GetWindowsDirectoryA, GetSystemDirectoryA, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime, GetCurrentThread, GetModuleHandleA, GetModuleFileNameA, EnterCriticalSection, SetEvent, SetThreadPriority, LeaveCriticalSection, SetFilePointer, WaitForSingleObject
    > USER32.dll: GetMessageA, SetTimer, DispatchMessageA, TranslateMessage, KillTimer, DestroyWindow, UnregisterClassA, LoadIconA, LoadCursorA, RegisterClassExA, CreateWindowExA, DefWindowProcA, PostQuitMessage, FindWindowA
    > ADVAPI32.dll: OpenSCManagerA, QueryServiceStatus, CloseServiceHandle, RegOpenKeyA, RegQueryValueExA, RegCloseKey, RegQueryValueA, OpenServiceA
    > SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
    > MSVCP80.dll: _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z
    > MSVCR80.dll: _onexit, _decode_pointer, _invoke_watson, _controlfp_s, _lock, __dllonexit, strrchr, memset, malloc, __CxxFrameHandler3, __1exception@std@@UAE@XZ, __3@YAXPAX@Z, __0exception@std@@QAE@XZ, _invalid_parameter_noinfo, __2@YAPAXI@Z, _CxxThrowException, __0exception@std@@QAE@ABV01@@Z, ___V@YAXPAX@Z, strchr, free, _terminate@@YAXXZ, _amsg_exit, __getmainargs, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _encode_pointer, __set_app_type, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, _except_handler4_common, _unlock

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -pdfid.: -trid..: Win64 Executable Generic (80.9%)
    Win32 Executable Generic (8.0%)
    Win32 Dynamic Link Library (generic) (7.1%)
    Generic Win/DOS Executable (1.8%)
    DOS Executable Generic (1.8%)sigcheck:
    publisher....: Adobe Systems Incorporated
    copyright....: Copyright 1984-2010 Adobe Systems Incorporated and its licensors. All rights reserved.
    product......: Adobe Acrobat
    description..: Adobe Acrobat SpeedLauncher
    original name: AcroSpeedLaunch.exe
    internal name: n/a
    file version.: 9.3.2.163
    comments.....:
    signers......: Adobe Systems, Incorporated
    VeriSign Class 3 Code Signing 2009-2 CA
    Class 3 Public Primary Certification Authority
    signing date.: 7:57 AM 4/4/2010

    mawi schrieb:

    Die letzte finde ich nicht

    c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk

    im ordner autostart finde ich diese datei nicht


    Lasse dir in Ordneroptionen unter "Ansicht" versteckte Dateien und geschützte Systemdateien anzeigen.
    a-squared4.5.0.502010.05.03-AhnLab-V32010.05.03.002010.05.03-AntiVir8.2.1.2242010.05.03-Antiy-AVL2.0.3.72010.04.30-Authentium5.2.0.52010.05.03-Avast4.8.1351.02010.05.03-Avast55.0.332.02010.05.03-AVG9.0.0.7872010.05.03-BitDefender7.22010.05.03-CAT-QuickHeal10.002010.05.03-ClamAV0.96.0.3-git2010.05.03-Comodo47502010.05.03-DrWeb5.0.2.033002010.05.03-eSafe7.0.17.02010.05.03Win32.TrojanHorseeTrust-Vet35.2.74652010.05.03-F-Prot4.5.1.852010.05.03-F-Secure9.0.15370.02010.05.03-Fortinet4.0.14.02010.05.03-GData212010.05.03-IkarusT3.1.1.80.02010.05.03-Jiangmin13.0.9002010.05.03-Kaspersky7.0.0.1252010.05.03-McAfee5.400.0.11582010.05.03-McAfee-GW-Edition6.8.52010.05.03-Microsoft1.57032010.05.03-NOD3250822010.05.03-Norman6.04.122010.05.03-nProtect2010-05-03.012010.05.03-Panda10.0.2.72010.05.02-PCTools7.0.3.52010.05.03-Prevx3.02010.05.03-Rising22.45.04.032010.04.30-Sophos4.53.02010.05.03-Sunbelt62502010.05.02-Symantec20091.2.0.412010.05.03-TheHacker6.5.2.0.2752010.05.03-TrendMicro9.120.0.10042010.05.03-TrendMicro-HouseCall9.120.0.10042010.05.03-VBA323.12.12.42010.05.03-ViRobot2010.5.3.23012010.05.03-VirusBuster5.0.27.02010.05.03-
    weitere Informationen File size: 14336 bytesMD5...: 4fbc75b74479c7a6f829e0ca19df3366SHA1..: 97c7c354c12b89c797740b35ed81879be58f3debSHA256: a42568851b48fb9924b3fe18c8a0f3ceecd850254257cfe6c5f168c08f408ef0ssdeep: 384:Wdi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:KcG6xlCRaJKGOA7SHJ
    PEiD..: -PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x2509
    timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653
    .data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
    .rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882

    ( 4 imports )
    > ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
    > KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
    > ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
    > RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -pdfid.: -trid..: Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Generic Host Process for Win32 Services
    original name: svchost.exe
    internal name: svchost.exe
    file version.: 5.1.2600.5512 (xpsp.080413-2111)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    Schön.

    * Lade dir das Tool Avenger und speichere es auf dem Desktop:
    swandog46.geekstogo.com/avenger2/download.php
    * Doppelklick auf das Avenger-Symbol
    * Kopiere nun genau folgenden Text in das weiße Feld/Fenster bei -> "input script here"


    Registry keys to delete:
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\omvgrxdn

    Files to delete:
    c:\windows\system32\okhlnzi.dll



    * Schliesse nun alle Programme und Browser-Fenster

    * Um den Avenger zu starten klicke auf -> Execute
    * Dann bestätigen mit "Yes" das der Rechner neu startet

    * Nachdem das System neu gestartet wurde, findest du einen Report vom Avenger unter -> C:\avenger.txt

    * Öffne die Datei mit dem Editor und kopiere dann den gesamten Text in deinen Beitrag hier.

    mawi schrieb:



    NUR ma so nebenbei ich muss leider in 20 min weg!!!!!!!!!!!!!!!!!


    Gut. Mach das noch mit dem Avenger und poste das Log. Danach mache ich dir noch eine abschliessende Liste, die du durchführen solltest, im Laufe von heute/morgen und dann ist die Bereinigung fertig.

    GAV.
    Logfile of The Avenger Version 2.0, (c) by Swandog46
    swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Registry key "HKEY_LOCAL_MACHINE\System\ControlSet003\Services\omvgrxdn" deleted successfully.

    Error: file "c:\windows\system32\okhlnzi.dll" not found!
    Deletion of file "c:\windows\system32\okhlnzi.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Completed script processing.

    *******************

    Finished! Terminate.

    !!!sagst mir dann noch schnell ob alles passt bis daher, wurden meine ext. medien nun auch untersucht oder nicht?

    mawi schrieb:



    sagst mir dann noch schnell ob alles passt bis daher, wurden meine ext. medien nun auch untersucht oder nicht?


    Passt alles bisher, ja. Combofix hat die infizierte Autorun Datei (Conficker) von dem auf G angesteckten USB Stick gelöscht.

    Bitte weder Combofix noch Avenger selber ausführen! Dieses Tool sind Spezial Tools.

    Ich erstelle dir dann noch die Liste, und wenn das alles gut läuft sind wir morgen fertig.

    GAV.
    Hier die Liste:

    - Lade dir dieses kleine Tool runter: virus-protect.org/artikel/tools/mbr.html
    • Download mbr.exe zum Desktop
    • Doppelklick mbr.exe um das Tool zu starten. Ein Fenster öffnet sich kurz.
    • Es wird ein Log erstellt und auf deinem Desktop oder unter C:/ zu finden sein.
    • poste dessen Inhalt in deinen Beitrag

    - Gehe auf Start > Ausführen > schreibe rein > cmd > In das sich öffnende Comandfenster schreibe rein: sfc/scannow
    Klicke Enter.
    "Werden falsche oder beschädigte Dateien gefunden, werden diese durch die Original-Versionen ersetzt. Dies geschieht, bildschirmgeführt, mit der Windows-CD." Heisst, du musst deine Windows XP CD bereit halten.
    - Führe das danach nochmal durch schreibe aber diesmal rein: sfc/purgecache

    - Lade dir dieses Tool auf dein Desktop normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe (Als Administrator)
    Führe einen Scan durch und poste das Log, das auf deinem Desktop abgelegt wird.

    - Deinstalliere den Firefox Browser und installiere ihn hier erneut: mozilla-europe.org/de/firefox/

    - Poste mir danach ein RSIT log: virus-protect.org/artikel/tools/random.html

    Wenn das sauber ist, sind wir durch.
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    !!!!!!sag mal kann ich den scan von norman auch stückchenweise durchführen, also erst externe festplatte 1 dann 2 und dann pc das dauert ja ewig an einem stück?
    Normal Log:

    Norman Malware Cleaner
    Version 1.6.2
    Copyright © 1990 - 2009, Norman ASA. Built 2010/05/04 11:00:34

    Norman Scanner Engine Version: 6.04.08
    Nvcbin.def Version: 6.04.00, Date: 2010/05/04 11:00:34, Variants: 5495612

    Scan started: 04/05/2010 19:07:23

    Running pre-scan cleanup routine:
    Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
    Logged on user: MEINS\Homer J Simpson

    Set registry value: HKCR\.scr\ = "AutoCADScriptFile" -> "scrfile"
    Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
    Removed registry value: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
    Removed registry value: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
    Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
    Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
    Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

    Scanning bootsectors...

    Number of sectors found: 0
    Number of sectors scanned: 0
    Number of sectors not scanned: 0
    Number of infections found: 0
    Number of infections removed: 0
    Total scanning time: 0s


    Scanning running processes and process memory...

    Number of processes/threads found: 5509
    Number of processes/threads scanned: 5509
    Number of processes/threads not scanned: 0
    Number of infected processes/threads terminated: 0
    Total scanning time: 2m 48s


    Scanning file system...

    Scanning: prescan

    Scanning: C:\*.*

    C:\cleanup.exe (Infected with W32/Zapchast.CTP)
    Deleted file

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/componentstree.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/destination.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/maintenance.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/setuptype.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_download.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_install.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_notify_download.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_notify_install.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_reboot.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_setup_finish.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/update_setup_welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))

    C:\Dokumente und Einstellungen\Homer J Simpson\Desktop\Flash_Disinfector.exe (Infected with Suspicious_Gen2.IZHW)
    Deleted file

    C:\Qoobox\Quarantine\G\autorun.inf.vir (Infected with BAT/Autorun.IWC)
    File marked for defered cleaning (reboot required)

    Scanning: D:\*.*

    D:\Programme\COD 5\CoDWaW.exe (Infected with Obfuscated.J)
    Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> D:\Programme\COD 5\CoDWaW.exe = "D:\Programme\COD 5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
    Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> D:\Programme\COD 5\CoDWaW.exe = "D:\Programme\COD 5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
    Deleted file

    D:\Programme\ICQ 6\ICQ6.5\ConfigFiles\TopSearches.7z/TopSearches.xml (Error whilst scanning file: I/O Error (0x00220000))

    D:\Programme\ICQ 6\ICQ6.5\ConfigFiles\TopSearchesDe.7z/TopSearchesDe.xml (Error whilst scanning file: I/O Error (0x00220000))

    D:\Programme\Rally Extrem\selbe\XRX.exe (Infected with Vundo.gen214)
    Deleted file

    D:\Programme\Rally Extrem\XRX.exe (Infected with Vundo.gen214)
    Deleted file

    D:\Programme\T online 6.0\T-Online_Software_6\Messenger\Clean.exe (Infected with W32/Malware.JK)
    Deleted file

    D:\Programme\winzip\pb\PnkBstrK.sys (Infected with W32/Rootkit.AXXA)
    Deleted file

    D:\System Volume Information\_restore{65F7B6CF-96B0-4F8C-88F9-F1E019A1FD42}\RP125\A0005767.sys (Infected with W32/Rootkit.AXXA)
    Deleted file

    D:\System Volume Information\_restore{65F7B6CF-96B0-4F8C-88F9-F1E019A1FD42}\RP136\A0007788.sys (Infected with W32/Rootkit.AXXA)
    Deleted file

    Scanning: G:\*.*

    G:\Programme\Apple Logic Pro 7.pkg.zip/Logic Pro.pkg/Contents/Archive.pax.gz (Error whilst scanning file: I/O Error (0x00220005))

    G:\Programme\Apple Logic Pro 7.pkg.zip/Logic Pro.pkg/Contents/Archive.pax.gz/file0 (Error whilst scanning file: I/O Error (0x00220005))

    G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Infected with Conficker.HQ)
    Deleted file

    G:\Sicherung\Eigene Dateien 30.3.08\Sport\Fitness\dings\pzdvc10t.exe (Infected with W32/Smalltroj.QQYF)
    Deleted file

    G:\Sicherung\Spiele\Call.of.Duty.5.World.at.War - Install\COD 5 NOCD\CoDWaW.exe (Infected with Obfuscated.J)
    Deleted file

    G:\Sicherung\Spiele\Frank\Hellgate Londen\gns-hgld.7z/genesis.exe (Infected with W32/Suspicious_Gen2.UNDZ)

    G:\System Volume Information\_restore{65F7B6CF-96B0-4F8C-88F9-F1E019A1FD42}\RP130\A0006241.dll (Infected with W32/Bancodor.KH)
    Deleted file

    G:\System Volume Information\_restore{B5F44F33-2885-4EC5-A153-6FBA57F6B0E6}\RP10\A0004190.exe (Infected with Suspicious_Gen2.ADKSV)
    Deleted file

    Scanning: J:\*.*

    J:\Music\Eigene Musik\Sonstiges\Billy Idol\Billy_Idol_-_Devils_Playground-(Advance)_for_www.goldesel.to\Billy_Idol_-_Devils_Playground-(Advance)_for_www.goldesel.to.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

    J:\Music\Eigene Musik\Sonstiges\Musik\Bloodhound Gang\Billy Idol\Billy_Idol_-_Devils_Playground-(Advance)_for_www.goldesel.to\Billy_Idol_-_Devils_Playground-(Advance)_for_www.goldesel.to.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

    J:\Spiele Sicherung\Spiele\Call.of.Duty.5.World.at.War - Install\COD 5 NOCD\CoDWaW.exe (Infected with Obfuscated.J)
    Deleted file

    Scanning: postscan


    Running post-scan cleanup routine:
    Failed to locate shared service executable: C:\WINDOWS\system32\okhlnzi.dll
    Removed service: omvgrxdn

    Number of files found: 759210
    Number of archives unpacked: 4088
    Number of files scanned: 759176
    Number of files not scanned: 34
    Number of files skipped due to exclude list: 0
    Number of infected files found: 29
    Number of infected files repaired/deleted: 25
    Number of infections removed: 25
    Total scanning time: 3h 43m 50s
    RSTI LOG

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Homer J Simpson at 2010-05-04 23:09:01
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 23 GB (58%) free of 40 GB
    Total RAM: 2047 MB (65% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:09:10, on 04.05.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
    D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe
    D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe
    C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    D:\Programme\SpyDoc\Spyware Doctor\BDT\BDTUpdateService.exe
    D:\Programme\Hotkeys\Qliner Hotkeys\HotKeys.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
    D:\Programme\AntiVir\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programme\Wireless Console 2\wcourier.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
    D:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe
    C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    D:\Programme\Eraser\Eraser\Eraser.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
    D:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Dokumente und Einstellungen\Homer J Simpson\Desktop\Norman_Malware_Cleaner.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Dokumente und Einstellungen\Homer J Simpson\Desktop\RSIT.exe
    D:\Programme\HjiackThis\Homer J Simpson.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\SpyDoc\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\SpyDoc\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [00Hotkeys] "D:\Programme\Hotkeys\Qliner Hotkeys\HotKeys.exe"
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Eraser] D:\Programme\Eraser\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: PandaUSBVaccine.lnk = D:\Programme\Panda\Panda USB Vaccine\USBVaccine.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ 6\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ 6\ICQ6.5\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - D:\Programme\SpyDoc\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programme\SpyDoc\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programme\SpyDoc\Spyware Doctor\pctsSvc.exe
    O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\winvnc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9758 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    PC Tools Browser Guard BHO - D:\Programme\SpyDoc\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-10-23 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-10-23 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-23 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - D:\Programme\SpyDoc\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-11-03 28160]
    "00Hotkeys"=D:\Programme\Hotkeys\Qliner Hotkeys\HotKeys.exe [2006-12-02 45056]
    "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-24 110592]
    "IntelWireless"=C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
    "IntelZeroConfig"=C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
    "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-07-20 86016]
    "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "Wireless Console 2"=C:\Programme\Wireless Console 2\wcourier.exe [2005-10-17 987136]
    "Symantec PIF AlertEng"=C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    "snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
    "LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
    "avgnt"=D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Eraser"=D:\Programme\Eraser\Eraser\Eraser.exe [2007-12-23 916240]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    D:\Programme\Adope Reader\Reader\Reader_sl.exe [2010-04-04 36272]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    D:\Programme\Deamon Tool\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    D:\Programme\Eraser\Eraser\Eraser.exe [2007-12-23 916240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    C:\WINDOWS\KHALMNPR.EXE [2005-11-03 28160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    D:\Programme\Quick Cam\QuickCam10.exe [2007-02-08 774168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\System32\NvCpl.dll [2006-07-20 7581696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    D:\Programme\Quick Time Player\QTTask.exe [2008-09-06 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    D:\Programme\Home Cinema\PowerDVD\PDVDServ.exe [2004-11-02 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Programme\Java\jre6\bin\jusched.exe [2008-10-23 136600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
    D:\Programme\T online 6.0\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [2005-06-27 278528]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk]
    C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]
    C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
    D:\PROGRA~1\MICROS~2\Office10\OSA.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Homer J Simpson^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
    D:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

    C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
    Logitech SetPoint.lnk - C:\Programme\SetPoint\SetPoint.exe

    C:\Dokumente und Einstellungen\Homer J Simpson\Startmenü\Programme\Autostart
    PandaUSBVaccine.lnk - D:\Programme\Panda\Panda USB Vaccine\USBVaccine.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableStatusMessages"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoWinKeys"=
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Programme\EA GAMES\Battlefield 2\BF2.exe"="C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
    "D:\Programme\Microsoft Word\Office12\ONENOTE.EXE"="D:\Programme\Microsoft Word\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "D:\Programme\winzip\iw3mp.exe"="D:\Programme\winzip\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
    "D:\Programme\ICQ 6\ICQ6.5\ICQ.exe"="D:\Programme\ICQ 6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "D:\Programme\COD 5\CoDWaWmp.exe"="D:\Programme\COD 5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
    "D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .scr - config -
    ======List of files/folders created in the last 1 months======

    2010-05-04 23:09:01 ----D---- C:\rsit
    2010-05-04 21:40:38 ----SHD---- C:\RECYCLER
    2010-05-04 18:49:04 ----A---- C:\WINDOWS\system32\OLD58F.tmp
    2010-05-04 18:48:59 ----A---- C:\WINDOWS\system32\OLD585.tmp
    2010-05-04 18:43:22 ----D---- C:\WINDOWS\LastGood
    2010-05-03 18:37:16 ----D---- C:\Avenger
    2010-05-03 18:37:16 ----A---- C:\avenger.txt
    2010-05-03 16:50:00 ----A---- C:\ComboFix.txt
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\zip.exe
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\SWREG.exe
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\sed.exe
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\PEV.exe
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\NIRCMD.exe
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\MBR.exe
    2010-05-03 16:34:45 ----A---- C:\WINDOWS\grep.exe
    2010-05-03 16:34:44 ----A---- C:\WINDOWS\SWXCACLS.exe
    2010-05-03 16:34:44 ----A---- C:\WINDOWS\SWSC.exe
    2010-05-03 16:34:30 ----D---- C:\WINDOWS\ERDNT
    2010-05-03 16:28:46 ----AD---- C:\Qoobox
    2010-05-03 14:55:51 ----A---- C:\WINDOWS\BDTSupport.dll
    2010-05-03 14:55:50 ----A---- C:\WINDOWS\SGDetectionTool.dll
    2010-05-03 14:55:50 ----A---- C:\WINDOWS\PCTBDRes.dll
    2010-05-03 14:55:50 ----A---- C:\WINDOWS\PCTBDCore.dll
    2010-05-03 14:50:32 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools
    2010-05-03 14:50:31 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\PC Tools
    2010-05-03 14:50:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
    2010-05-03 14:49:58 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
    2010-05-02 22:41:00 ----D---- C:\WINDOWS\Performance
    2010-05-02 22:39:40 ----D---- C:\Programme\Microsoft Windows 7 Upgrade Advisor
    2010-05-02 16:43:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security
    2010-05-01 21:47:50 ----D---- C:\WINDOWS\system32\NtmsData
    2010-05-01 21:47:27 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\Avira
    2010-05-01 21:41:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
    2010-05-01 20:27:46 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\Malwarebytes
    2010-05-01 20:27:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
    2010-04-16 06:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
    2010-04-16 06:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
    2010-04-16 06:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
    2010-04-16 06:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
    2010-04-16 06:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
    2010-04-16 06:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
    2010-04-16 06:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
    2010-04-16 06:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
    2010-04-11 20:39:40 ----D---- C:\Programme\Syncrosoft
    2010-04-11 20:39:39 ----A---- C:\WINDOWS\system32\Synsopos.exe
    2010-04-11 20:39:38 ----A---- C:\WINDOWS\system32\SYNSOACC.dll
    2010-04-11 20:38:22 ----A---- C:\WINDOWS\system32\FeMakro.ini
    2010-04-11 20:38:22 ----A---- C:\WINDOWS\system32\FeAnim.ini
    2010-04-11 20:38:12 ----A---- C:\WINDOWS\system32\AcShlExt.dll
    2010-04-11 20:30:42 ----A---- C:\WINDOWS\system32\vbar2232.dll
    2010-04-11 20:30:42 ----A---- C:\WINDOWS\system32\VB5DE.DLL
    2010-04-11 20:30:41 ----A---- C:\WINDOWS\system32\VB40032.DLL
    2010-04-11 20:30:40 ----A---- C:\WINDOWS\system32\msjter32.dll
    2010-04-11 20:30:40 ----A---- C:\WINDOWS\system32\msjt3032.dll
    2010-04-11 20:30:39 ----A---- C:\WINDOWS\system32\msjint32.dll
    2010-04-11 20:30:36 ----A---- C:\WINDOWS\system32\dao350.dll
    2010-04-10 11:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

    ======List of files/folders modified in the last 1 months======

    2010-05-04 23:07:02 ----RD---- C:\Programme
    2010-05-04 23:06:18 ----D---- C:\WINDOWS\Temp
    2010-05-04 19:13:19 ----D---- C:\WINDOWS\Registration
    2010-05-04 18:54:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-05-04 18:49:05 ----D---- C:\WINDOWS\system32
    2010-05-04 18:48:59 ----D---- C:\WINDOWS
    2010-05-04 05:59:29 ----SD---- C:\WINDOWS\Tasks
    2010-05-03 18:40:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-05-03 18:37:16 ----D---- C:\WINDOWS\system32\drivers
    2010-05-03 16:44:13 ----A---- C:\WINDOWS\system.ini
    2010-05-03 16:39:31 ----D---- C:\WINDOWS\AppPatch
    2010-05-03 16:39:30 ----D---- C:\Programme\Gemeinsame Dateien
    2010-05-03 16:39:25 ----D---- C:\WINDOWS\system32\Restore
    2010-05-03 14:50:47 ----SHD---- C:\WINDOWS\Installer
    2010-05-03 14:50:47 ----D---- C:\Config.Msi
    2010-05-03 14:50:45 ----D---- C:\WINDOWS\WinSxS
    2010-05-02 19:10:37 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\ICQ
    2010-05-02 14:00:44 ----D---- C:\Programme\Windows NT
    2010-05-02 13:06:52 ----A---- C:\WINDOWS\NeroDigital.ini
    2010-05-01 21:48:03 ----HD---- C:\WINDOWS\inf
    2010-05-01 21:47:50 ----D---- C:\WINDOWS\repair
    2010-05-01 21:45:10 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
    2010-05-01 21:45:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
    2010-05-01 21:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
    2010-05-01 21:39:21 ----D---- C:\Programme\Symantec
    2010-04-26 21:57:13 ----SHD---- C:\System Volume Information
    2010-04-17 13:54:06 ----D---- C:\WINDOWS\Help
    2010-04-16 19:31:28 ----D---- C:\WINDOWS\Debug
    2010-04-16 06:06:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
    2010-04-16 06:05:40 ----HD---- C:\WINDOWS\$hf_mig$
    2010-04-14 19:36:25 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\Skype
    2010-04-14 18:56:20 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\skypePM
    2010-04-11 21:20:55 ----D---- C:\Dokumente und Einstellungen\Homer J Simpson\Anwendungsdaten\Help
    2010-04-11 20:27:59 ----HD---- C:\Programme\InstallShield Installation Information
    2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-04-06 15:33:45 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-08-06 82380]
    R1 avgio;avgio; \??\D:\Programme\AntiVir\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
    R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-08-04 21419]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-10 278728]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
    R2 irda;IrDA-Protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-10 25416]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
    R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-07-21 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-07-21 55936]
    R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2006-08-02 12544]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-21 142848]
    R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
    R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
    R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys [2005-11-03 13440]
    R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042mou.Sys [2005-11-03 55424]
    R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2005-11-03 27136]
    R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-11-03 36608]
    R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [2005-11-03 69376]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
    R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
    R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2010-03-28 5760]
    R3 NDISKIO;NDISKIO; \??\C:\DOKUME~1\HOMERJ~1\LOKALE~1\Temp\00000d81.nmc\nse\bin\ndiskio.sys []
    R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
    R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
    R3 nsak;nsak; \??\C:\DOKUME~1\HOMERJ~1\LOKALE~1\Temp\00000d81.nmc\nse\bin\nsak.sys []
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
    R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 rimmptsk;rimmptsk; C:\WINDOWS\System32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
    R3 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
    R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\System32\DRIVERS\rixdptsk.sys [2005-09-30 310016]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
    R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-14 79232]
    R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2006-03-12 48128]
    R3 smserial;smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [2006-08-07 980608]
    R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
    S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
    S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
    S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
    S3 abvhk945;abvhk945; C:\WINDOWS\system32\drivers\abvhk945.sys []
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
    S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
    S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
    S3 mbr;mbr; \??\C:\DOKUME~1\HOMERJ~1\LOKALE~1\Temp\mbr.sys []
    S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
    S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\D:\PROGRA~1\TONLIN~1.0\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS []
    S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
    S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-14 40320]
    S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
    S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
    S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
    S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
    S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
    S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-10-15 345728]
    S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
    S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
    S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
    S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    R2 AntiVirService;Avira AntiVir Guard; D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
    R2 Browser Defender Update Service;Browser Defender Update Service; D:\Programme\SpyDoc\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
    R2 CLCapSvc;CyberLink Background Capture Service (CBCS); D:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-02-10 188494]
    R2 CLSched;CyberLink Task Scheduler (CTS); D:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2005-02-10 110668]
    R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-02-10 24576]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
    R2 Irmon;Infrarotüberwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-10-23 152984]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 LVPrcSrv;Process Monitor; c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-07-20 143426]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-29 75064]
    R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-20 215104]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
    S2 winvnc;VNC Server; C:\winvnc.exe [2008-12-24 311296]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-04 867080]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
    S3 sdAuxService;PC Tools Auxiliary Service; D:\Programme\SpyDoc\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
    S3 sdCoreService;PC Tools Security Service; D:\Programme\SpyDoc\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
    S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------