Windows Vista 32bit von Bundespolizei uKash infiziert.

Aphex# · 09.10.2011, 18:16

Ich habe hier den Rechner eines Freundes der von der Bundespolizei Malware betroffen ist.

Er wird aufgefordert 100€ zu zahlen.

Ich habe bereits in anderen Threads bezüglich dieses Malwareprogramms gelesen und das srep ausgeführt.

Leider führte dies nicht zur beheben des Problems, die .log Datei kann ich gerne Posten wenn dies hilft.

Wie sollte ich nun weiter fortfahren.
OTLPENet?

Bei diesem Programm wurde ich aus den anderen Threads nicht ganz schlau wie ihr auf diese OTL: Befehle kommt.

Warte auf Anweisung wie ich nun weiter vorgehen soll.
Die OTLPENet CD habe ich bereits gebrannt.

kira · 10.10.2011, 06:36

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.

Zitat:

Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration

3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Aphex# · 10.10.2011, 08:26

Dieses OTL.exe kann ich leider nicht ausführen, da ich kein Zugang zu dem System habe.
Diese Bundespolizei Meldung überlagert alle anderen Fenster und lässt mich nicht einmal den Taskmanager öffnen.

Leider kann ich den Tag der Infizierung nicht genau bestimmen, da es sich nicht um meinen eigenen Computer handelt. Ich soll diese Malware für einen Freund entfernen.

Ich habe mir jedoch eine Live-CD aus einem anderem Thread heruntergeladen die dieses OTL.exe beinhaltet.
hxxp://oldtimer.geekstogo.com/OTLPENet.exe

Wenn ich heute Abend zu hause bin, werde ich versuchen das OTLPE über diese Live-CD zu starten und die Log-Dateien zu posten.

Aphex# · 10.10.2011, 16:25

Ich habe die OTL.log Datei erstellt und den Inhalt hier angehangen. Hoffe das mit den Code-Tags klappt.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/10/2011 7:09:51 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium  (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.41 Gb Total Space | 110.62 Gb Free Space | 51.12% Space Free | Partition Type: NTFS
Drive I: | 107.22 Gb Total Space | 103.42 Gb Free Space | 96.46% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (CLTNetCnService)
SRV - [2009/07/15 03:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/10/24 07:41:30 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/24 07:41:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/19 20:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007/10/11 16:04:17 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 09:52:12 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/09/04 04:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007/06/04 09:20:38 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006/12/08 04:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2009/07/15 03:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/28 03:40:32 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/28 03:40:28 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 03:40:26 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/04/19 14:15:16 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/12/18 20:00:00 | 000,401,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2007/11/06 21:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/03 04:44:58 | 000,091,648 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/06 07:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/03 10:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 10:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 10:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/07/02 11:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/07/02 11:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/13 17:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/05/02 05:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007/05/02 05:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007/05/02 05:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006/11/16 11:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/02 04:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\PRO-Markt_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\PRO-Markt_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
IE - HKU\PRO-Markt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/19 14:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/19 14:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2011/06/12 05:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/20 16:55:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/04 15:44:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/31 15:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/10 14:55:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 05:56:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/03 14:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/12/03 14:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/03 14:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/12/03 14:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/12/03 14:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\PRO-Markt_ON_C\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O3 - HKU\PRO-Markt_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\PRO-Markt_ON_C..\Run: [4Y3Y0C3AXV3U1JYISSSYBVJK]  File not found
O4 - HKU\PRO-Markt_ON_C..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\PRO-Markt_ON_C..\Run: [avupdate] C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe ()
O4 - HKU\PRO-Markt_ON_C..\Run: [MBPlayer] C:\Program Files\MB application\MBPlayer.exe (MusicBrigade)
O4 - HKU\PRO-Markt_ON_C..\Run: [mmplayer.exe]  File not found
O4 - HKU\PRO-Markt_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\PRO-Markt_ON_C..\Run: [YUYC4I1Y1GXUVUWFXDYXAWVNFYJVT]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKU\PRO-Markt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/09 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\PRO-Markt\Desktop\malware
[1 C:\Users\PRO-Markt\AppData\Roaming\*.tmp files -> C:\Users\PRO-Markt\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/09 13:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 13:14:38 | 000,000,680 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Local\d3d9caps.dat
[2011/10/09 13:00:06 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 13:00:06 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 12:55:15 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{479A0566-1B2C-4861-8998-76DD1225FEA6}.job
[2011/10/03 16:36:47 | 000,169,472 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe
[1 C:\Users\PRO-Markt\AppData\Roaming\*.tmp files -> C:\Users\PRO-Markt\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/10/09 12:00:35 | 000,000,680 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Local\d3d9caps.dat
[2011/10/03 16:36:47 | 000,169,472 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe
[2010/05/30 12:44:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/05/30 12:44:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/07/25 05:58:50 | 000,167,852 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/04/08 05:26:09 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2008/04/07 11:29:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll
[2008/04/07 11:29:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\MMAVILNG.exe
[2008/03/30 13:46:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008/03/30 13:36:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/30 12:27:54 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2008/03/28 11:02:55 | 000,023,580 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Roaming\UserTile.png
[2008/03/27 15:14:30 | 000,146,314 | ---- | C] () -- C:\Windows\hpoins18.dat
[2008/03/27 10:34:38 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2008/01/15 12:51:32 | 000,000,000 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Roaming\wklnhst.dat
[2007/12/14 11:23:10 | 000,117,248 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/10/11 18:19:21 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007/02/28 19:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006/11/02 11:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,310,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 03:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003/06/24 10:14:07 | 000,194,048 | ---- | C] () -- C:\Windows\System32\xvid.dll
 
========== LOP Check ==========
 
[2008/03/30 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\DisplayTune
[2008/04/04 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\eMule
[2009/05/10 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\FRITZ!
[2011/06/16 10:35:00 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Gutscheinmieze
[2008/04/07 18:01:35 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\ICQ Toolbar
[2011/08/19 04:33:00 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Image Zone Express
[2010/11/06 07:42:28 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\LolClient
[2011/01/29 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Opera
[2010/05/30 12:52:22 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\PC Suite
[2008/03/28 11:02:55 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\PeerNetworking
[2008/03/27 15:27:47 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Printer Info Cache
[2010/05/30 12:44:49 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Samsung
[2008/01/15 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Template
[2010/06/06 13:59:27 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\uTorrent
[2011/05/10 14:56:38 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Yandex
[2007/12/14 10:10:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/12/14 10:10:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/04/04 17:09:57 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2007/12/14 10:10:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/06/12 08:16:56 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc
[2007/12/14 11:13:06 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc-reg
[2010/05/30 12:52:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2011/08/24 19:09:12 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/12/14 10:10:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/04/24 01:58:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/12/14 10:10:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/10 13:43:57 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/10/09 12:56:43 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/09 12:55:15 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{479A0566-1B2C-4861-8998-76DD1225FEA6}.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\Users\PRO-Markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\PRO-Markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс
< End of report >

--- --- ---
[\code]

Aphex# · 10.10.2011, 18:28

und hier noch die Extras.txt, hab ich vorhin ganz vergessen.

Code:

ATTFilter

OTL Extras logfile created on: 10/10/2011 9:21:40 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium  (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.41 Gb Total Space | 110.62 Gb Free Space | 51.12% Space Free | Partition Type: NTFS
Drive I: | 107.22 Gb Total Space | 103.42 Gb Free Space | 96.46% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Users\PRO-Markt\Downloads\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Users\PRO-Markt\Downloads\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cradle of Rome" = Cradle of Rome (remove only)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"eMule" = eMule
"ffdshow" = ffdshow (remove only)
"GTA San Andreas" = GTA San Andreas
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmswitch" = Morgan Stream Switcher
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Poker Superstars II" = Poker Superstars II (remove only)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.8a
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"XviD" = XviD Video Codec 24062003-1 (Koepi's developer build)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\PRO-Markt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
< End of report >

kira · 10.10.2011, 20:06

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKU\PRO-Markt_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKU\PRO-Markt_ON_C..\Run: [4Y3Y0C3AXV3U1JYISSSYBVJK]  File not found
O4 - HKU\PRO-Markt_ON_C..\Run: [avupdate] C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe ()
O4 - HKU\PRO-Markt_ON_C..\Run: [YUYC4I1Y1GXUVUWFXDYXAWVNFYJVT]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
[2011/10/03 16:36:47 | 000,169,472 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

Zitat:

*** Kannst den Rechner normal starten?

2.

Code:

ATTFilter

eMule

Zitat:

Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!

Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...

Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!

3.
deinstalliere falls unter `Systemsteuerung -->Software -->Ändern/Entfernen...` existieren:

Code:

ATTFilter

 Adware -Toolbar:
Ask Toolbar

Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

4.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Aphex# · 10.10.2011, 20:25

Nach der Durchführung des OTL Fix startet der Computer ganz normal und ich kann wieder mit ihm arbeiten.

Danke schonmal dafür! =)

Den Scan mit Malwarebytes bin ich gerade am durchführen, mal sehen wie lange das dauert. Eventuell kann ich heute Abend noch eine Rückmeldung geben.

Hier schonmal der Log von OTL, in den moved Files befand sich außerdem ein Virus, wird dieser noch irgendwie benötigt?

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\PRO-Markt_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\PRO-Markt_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4Y3Y0C3AXV3U1JYISSSYBVJK deleted successfully.
Registry value HKEY_USERS\PRO-Markt_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe moved successfully.
Registry value HKEY_USERS\PRO-Markt_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\YUYC4I1Y1GXUVUWFXDYXAWVNFYJVT deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
File C:\Users\PRO-Markt\AppData\Roaming\mahmud.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: PRO-Markt
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155852453 bytes
 
Total Files Cleaned = 149.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 10102011_231038

Aphex# · 10.10.2011, 21:58

Ich habe ihm mal diese Ask! Toolbar und das eMule deinstalliert, werde ihm dann deine Tipps weitergeben.

Habe nun noch 3 Log-Dateien:

1. Malwarebytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7622

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

11.10.2011 00:32:34
mbam-log-2011-10-11 (00-32-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 319847
Laufzeit: 1 Stunde(n), 8 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Value: scui.cpl -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Value: wscui.cpl -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\asdjhasuhas (Trojan.SpyEyes) -> No action taken.

Infizierte Dateien:
c:\Users\pro-markt\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\PM42H67J\info[1].exe (Trojan.Ransom.BP) -> No action taken.
c:\_OTL\movedfiles\10102011_231038\C_Users\pro-markt\AppData\Roaming\mahmud.exe (Trojan.Ransom.BP) -> No action taken.
c:\Users\pro-markt\AppData\Roaming\microsoft\Windows\start menu\winpc defender.lnk (Rogue.WinPCDefender) -> No action taken.
c:\asdjhasuhas\456965ec735d5f3 (Trojan.SpyEyes) -> No action taken.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

2. OTL.txt

Code:

ATTFilter

OTL logfile created on: 11.10.2011 00:41:38 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\PRO-Markt\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,22% Memory free
4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 110,98 Gb Free Space | 51,28% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 103,42 Gb Free Space | 96,45% Space Free | Partition Type: NTFS
Drive F: | 7,47 Gb Total Space | 4,48 Gb Free Space | 59,96% Space Free | Partition Type: FAT32
 
Computer Name: KESSLER | User Name: PRO-Markt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.10 22:37:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\PRO-Markt\Desktop\OTL.exe
PRC - [2011.08.24 22:04:34 | 003,077,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2009.07.15 09:18:48 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.07.15 09:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.07.14 13:10:52 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 13:41:30 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 13:41:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.07.20 18:00:36 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.03.28 14:21:48 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.12.20 02:04:00 | 001,748,992 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2007.12.20 02:04:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2007.10.11 22:04:17 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.28 15:52:12 | 000,065,536 | ---- | M] () -- C:\Programme\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007.09.11 15:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.09.03 18:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.11.02 11:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.24 22:04:34 | 003,077,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
MOD - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007.02.09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Programme\Portrait Displays\Pivot Software\Winphook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2009.07.15 09:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.24 13:41:30 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 13:41:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.12.20 02:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007.10.11 22:04:17 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.28 15:52:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.07.15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.28 09:40:32 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.28 09:40:28 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.28 09:40:26 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.04.19 20:15:16 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.12.19 02:00:00 | 000,401,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2007.11.07 03:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.03 10:44:58 | 000,091,648 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.06 13:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006.11.16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: yasearch@yandex.ru:5.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\PRO-Markt\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.19 20:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.19 20:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.08.17 18:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.08.17 18:07:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2008.09.12 16:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PRO-Markt\AppData\Roaming\mozilla\Extensions
[2011.08.25 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PRO-Markt\AppData\Roaming\mozilla\Firefox\Profiles\qq54shu2.default\extensions
[2011.07.12 21:46:48 | 000,000,000 | ---D | M] (Ð¯Ð½Ð´ÐµÐºÑ.Ð‘Ð°Ñ€) -- C:\Users\PRO-Markt\AppData\Roaming\mozilla\Firefox\Profiles\qq54shu2.default\extensions\yasearch@yandex.ru
[2011.06.12 12:31:42 | 000,002,387 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\askcom.xml
[2011.10.03 13:46:05 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-1.xml
[2009.07.06 22:33:30 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-10.xml
[2009.07.22 23:13:44 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-11.xml
[2009.08.29 15:28:33 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-12.xml
[2009.09.17 12:22:27 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-13.xml
[2009.09.18 19:49:56 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-14.xml
[2009.11.13 10:09:29 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-15.xml
[2009.12.24 16:17:49 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-16.xml
[2010.01.18 20:30:08 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-17.xml
[2010.02.21 19:40:46 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-18.xml
[2010.04.09 20:58:18 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-19.xml
[2008.04.18 20:02:47 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-2.xml
[2010.12.20 23:40:00 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-20.xml
[2010.12.29 12:28:34 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-21.xml
[2008.06.22 10:55:29 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-3.xml
[2008.07.31 20:46:13 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-4.xml
[2008.09.12 16:34:34 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-5.xml
[2008.09.30 21:30:28 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-6.xml
[2009.01.22 11:45:59 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-7.xml
[2009.02.08 21:15:40 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-8.xml
[2009.03.21 12:29:48 | 000,000,950 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin-9.xml
[2008.02.19 18:16:46 | 000,000,951 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\icqplugin.xml
[2011.07.12 21:46:50 | 000,002,167 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Roaming\Mozilla\Firefox\Profiles\qq54shu2.default\searchplugins\ybqs-yandex.xml
[2011.06.12 11:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.20 22:55:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.04 21:44:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.31 21:22:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.10 20:55:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.12 11:56:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [MBPlayer] C:\Program Files\MB application\MBPlayer.exe (MusicBrigade)
O4 - HKCU..\Run: [mmplayer.exe] C:\Users\PRO-Markt\AppData\Roaming\Adobe\mmplayer.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE2323-1719-4635-88A5-92C1E92E2705}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\PRO-Markt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\PRO-Markt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{57f88d00-fc02-11dc-aacc-001921471d82}\Shell - "" = AutoRun
O33 - MountPoints2\{57f88d00-fc02-11dc-aacc-001921471d82}\Shell\AutoRun\command - "" = K:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.11 05:10:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.10.11 00:41:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\PRO-Markt\Desktop\OTL.exe
[2011.10.10 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\PRO-Markt\AppData\Roaming\Malwarebytes
[2011.10.10 23:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.10 23:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.10 23:17:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.10 23:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.09 19:04:03 | 000,000,000 | ---D | C] -- C:\Users\PRO-Markt\Desktop\malware
[1 C:\Users\PRO-Markt\AppData\Roaming\*.tmp files -> C:\Users\PRO-Markt\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.11 00:45:05 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{479A0566-1B2C-4861-8998-76DD1225FEA6}.job
[2011.10.11 00:42:37 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.11 00:42:37 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.11 00:42:37 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.11 00:42:37 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.11 00:35:47 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.11 00:35:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.11 00:35:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.11 00:35:40 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.10 23:16:16 | 000,117,760 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.10 22:37:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\PRO-Markt\Desktop\OTL.exe
[2011.10.09 19:14:38 | 000,000,680 | ---- | M] () -- C:\Users\PRO-Markt\AppData\Local\d3d9caps.dat
[1 C:\Users\PRO-Markt\AppData\Roaming\*.tmp files -> C:\Users\PRO-Markt\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.10 23:14:11 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.09 18:00:35 | 000,000,680 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Local\d3d9caps.dat
[2010.05.30 18:44:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.30 18:44:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.07.25 11:58:50 | 000,167,852 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008.04.08 11:26:09 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2008.04.07 17:29:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll
[2008.04.07 17:29:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\MMAVILNG.exe
[2008.03.30 19:46:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.30 19:36:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.03.30 18:27:54 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2008.03.28 17:02:55 | 000,023,580 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Roaming\UserTile.png
[2008.03.27 21:14:30 | 000,146,314 | ---- | C] () -- C:\Windows\hpoins18.dat
[2008.03.27 16:34:38 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2008.01.15 18:51:32 | 000,000,000 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Roaming\wklnhst.dat
[2007.12.14 17:23:10 | 000,117,760 | ---- | C] () -- C:\Users\PRO-Markt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.12 00:19:21 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.03.01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006.11.02 17:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,310,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003.06.24 16:14:07 | 000,194,048 | ---- | C] () -- C:\Windows\System32\xvid.dll
 
========== LOP Check ==========
 
[2008.03.30 18:46:23 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\DisplayTune
[2008.04.04 23:08:52 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\eMule
[2009.05.10 16:54:54 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\FRITZ!
[2011.06.16 16:35:00 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Gutscheinmieze
[2008.04.08 00:01:35 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\ICQ Toolbar
[2011.08.19 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Image Zone Express
[2010.11.06 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\LolClient
[2011.01.29 20:37:52 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Opera
[2010.05.30 18:52:22 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\PC Suite
[2008.03.28 17:02:55 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\PeerNetworking
[2008.03.27 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Printer Info Cache
[2010.05.30 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Samsung
[2008.01.15 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Template
[2010.06.06 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\uTorrent
[2011.05.10 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\PRO-Markt\AppData\Roaming\Yandex
[2011.10.11 00:33:39 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.10.11 00:45:05 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{479A0566-1B2C-4861-8998-76DD1225FEA6}.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\Users\PRO-Markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\PRO-Markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс

< End of report >

3. Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 11.10.2011 00:41:38 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\PRO-Markt\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,22% Memory free
4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 110,98 Gb Free Space | 51,28% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 103,42 Gb Free Space | 96,45% Space Free | Partition Type: NTFS
Drive F: | 7,47 Gb Total Space | 4,48 Gb Free Space | 59,96% Space Free | Partition Type: FAT32
 
Computer Name: KESSLER | User Name: PRO-Markt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Users\PRO-Markt\Downloads\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Users\PRO-Markt\Downloads\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004991DC-9C4A-4E74-8608-848F70807B51}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{022B5334-6728-4BD5-91E5-8E2827E90C45}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{03A21D28-5B42-4FF7-931B-EE7AA69CBA22}" = lport=6996 | protocol=6 | dir=in | name=league of legends launcher | 
"{03A3EA2E-A3F3-4C42-97EA-30B824ACF112}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{047B593F-58C7-4E84-83B4-F87C5975677B}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{053E2DF7-274E-4506-A47D-B8D8A684DB13}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1A45A181-FC51-49EE-9FFD-A014D12C142C}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | 
"{1F94BCF9-2414-4607-AF62-3AFA3B107C31}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2492F70D-6195-496F-9D0B-E5934F81E8D7}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{3248C885-D009-4779-97B8-9A52532CC7EC}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{34E0C33C-C03F-4BDC-8FA9-64649AA51BA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34FB65E7-5EA1-4239-9688-B13273E6279A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{366CB814-A20E-479B-A676-4F0D5EA1827B}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher | 
"{3BF93A73-9106-4781-92FE-DCF8D71EA0B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DB1028D-E8BC-4F90-BB1A-BA058FC737FF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{44BFCB8B-744F-47C4-BBA2-FCA39BBA6BB2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4870172F-8882-444F-B5E2-FA0715F1B9A4}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{4CA5E2FF-1EF8-49B7-8F31-98E4FAB99786}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher | 
"{4F1B3462-7439-469D-B238-7503A1924CED}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | 
"{5D6FFDC4-CDD3-41A4-9F79-945A6DED7597}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{64E88006-582A-4BEB-824D-93322E071D0B}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | 
"{6E0C8800-7ACE-4149-9ADD-7EA43188675F}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{7475E243-E337-400C-A4F7-641C02C4B529}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{75454155-584C-4B8A-A228-EE7EA8D3A6FE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{799906BB-69A8-4316-A493-7050D211D833}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85B8C198-A05E-4472-8B50-777D75226A47}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{8779D5EA-5BAB-482A-A520-716AEE5A9609}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | 
"{8931668F-885C-42C3-913C-B64B66BEC103}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8A213CB9-D888-42A9-B68A-FC6D9833B8B9}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{8DC87316-1D87-46F8-9F2E-2C849FE27B60}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8DD0BBA5-B622-44E8-8B30-C4756E1B3331}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{945358C6-090C-4597-9F06-6861B0ABD663}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{997197C4-8ADE-4756-ABAF-7D8715476DE1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9F271844-B073-4357-94A9-7B65CEEC99E5}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{A31DBB59-FB82-495C-83D0-BE5A850891D6}" = lport=6928 | protocol=6 | dir=in | name=league of legends launcher | 
"{AC3A0A2A-58D0-4714-AD08-EF216C074F53}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{B00FDA2D-39DF-4039-93D2-AD22AB9A137E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2BD4B2C-166A-441D-A2D3-0F0867177A7C}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher | 
"{B6277641-7779-40AC-89C1-3C4530656D81}" = lport=6928 | protocol=17 | dir=in | name=league of legends launcher | 
"{BF51C5CC-3350-4BFB-B7AF-AB649C563A3C}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{BFF67A9A-34E7-4478-9B60-4B37FF9F0B47}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher | 
"{C114672E-A8F7-4B05-948C-67E68AD658CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CEA617ED-994D-4CB7-8EDA-EDDA0E8494AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CF1C4367-2F25-4972-9105-0EEC007C9A16}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{DE2D9ED0-3464-49FA-9402-CC00232EBC12}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{E1601759-A77B-488B-8D63-27803EEC667D}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | 
"{E9326672-E534-4795-B59B-B0A9CBA14251}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{EC1926D2-9830-44B1-A2DE-ED00BD04AEBC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EDEA719C-3272-43D7-8F03-B687E2E88BD7}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | 
"{F9FF01CC-F57F-4782-B4C5-D1BE35B5232A}" = lport=6996 | protocol=17 | dir=in | name=league of legends launcher | 
"{FFE0C28C-5641-4E5B-92A4-CCD6F6A4DD69}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062FBE5B-3B38-4491-AB26-42BEA232DFBD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{06908401-A48B-4D16-88A3-49B1A27F2B50}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0D32F01F-563F-4D00-BCBE-E68691D14919}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{13D88980-1553-44D0-A4B4-2022B1C9AA10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{141C8A53-91E3-4E8E-8585-D94EB9929688}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1777F4F9-F4C8-4DE8-9CDE-083F7CDBE3BA}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{227F8BB5-7F3A-4FF8-902B-79F1F325F3C3}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{22826838-C33A-42CB-A16D-136B97A39E77}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{288FDD28-4F4C-4A06-9290-C76102129CCA}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{2A2ACAB8-293E-4835-B891-77F77AF15F97}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{2CA0D60F-DB83-4D8A-9411-66C39F3214D4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3466EA88-B6D1-44ED-AD41-53A7D965F3D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3689D401-5DED-4702-A787-FA1713646AC6}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{3781A814-2AFC-4473-8CA7-D135AB5C4CA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37CB4941-36B0-495D-AE88-C3E4C39C275F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{5121E5AB-695A-4CCA-B8D2-412E841B3EB2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{57B8643E-54C2-43DF-91EF-80C1C7557A60}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | 
"{610156EC-1CE7-4DFF-B942-51E0743AD627}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{6740612B-A5BF-42A4-858C-7B7DCD615123}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68BD9DD6-B4E7-4821-8318-8D16FD1E859C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{707417CA-127E-4467-8269-5800D8D9F4A5}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{7640542F-F93A-4582-8958-C58A9C941EAD}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{7795AE6C-ED90-44F6-869F-9107DB8BD91F}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{8D2BDC70-9F1F-4116-A15B-AB2D657A01A6}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{9599FA59-2104-4681-B0B5-B6ABB7D49C9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{96EA4760-EC09-41A5-9AB3-4D18A2E897B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9FB5C795-1B98-4E7E-9937-B2A64C085D07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABC05ADD-FD76-476E-90C1-7912563F4AEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B58148EF-7C0D-42AB-8D6A-178C69E4AF0C}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{BECC3CF3-8EA0-49AE-9A21-029042C41E66}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | 
"{C01C698F-C187-485D-8766-574C2E8C6D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2BF9A1A-7C54-41E5-A950-FDD934B2B16E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{CDA45025-A051-4EF5-98FC-134A51674124}" = protocol=6 | dir=out | app=system | 
"{CEB14E71-CF9D-4877-A7EB-0D62B0A3FE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D6FBC591-A8D8-4C31-AFC2-C845C192E8C7}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{DE623124-613D-4CAF-A79B-4E32C6BB8D77}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{E0B6BD1A-1A91-4220-8764-9E6D39CF07C9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E4B0D2DE-0323-4209-A1F1-EFA5840EAE32}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E4DC9E3D-FD17-4C50-AF67-784EE2511A54}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{E7697571-BA46-445D-B34B-10097FA5EE4E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EADDDDB6-887E-400E-9C98-B956EFADDC21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F6B93446-390F-4AD9-AF6C-04540B446C1C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F750F954-820F-4607-80D8-B3491A1D7D11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FD94136F-4C02-49DC-8648-94C413CF67AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FDF4FE55-E3EE-4FDF-A364-F920DBE583B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{00A5C328-1F13-40E4-BD99-AB27F0CC5EA0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{00DB1144-51C2-484D-8B13-4E96A957EE39}C:\program files\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{1A7410A5-E5B1-42DB-8F7B-29740A9EE787}C:\users\pro-markt\downloads\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\users\pro-markt\downloads\vlc\vlc.exe | 
"TCP Query User{500EBF49-0712-43A5-BE25-E489E82BDC8C}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{9130C69F-7220-4305-BB7E-A401D2C24BE6}C:\program files\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{B1E11970-C79E-49E1-8576-8E961C3C48B0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D3315FEB-486A-491A-86FE-A06B76F08CCB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D5697808-C9EB-48D2-A942-8A04459AAD91}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{F017C032-121B-4E20-8E57-B82568C604A0}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{363C1DA5-C135-40E5-B139-A68605DE2B24}C:\program files\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{40239DC0-CBC9-4CA6-8EB5-151204A30E74}C:\users\pro-markt\downloads\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\users\pro-markt\downloads\vlc\vlc.exe | 
"UDP Query User{5DAB2DB1-FE76-4C4F-AB82-551025337674}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{AA9B2CAD-D29A-4C5E-909D-DD52AF1140B3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{B0406C5B-4D3C-4AC1-A624-7C9A77F3A395}C:\program files\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{B0604BEE-7C7E-4251-A929-7E5E29B8A7F7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{BA9D3669-093D-4CFD-A1C9-CA441F3DD332}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{C07BD19F-4252-44A6-80A5-07A5D385C669}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{DDDC86A5-D375-4AC8-A46C-D5869342E07F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cradle of Rome" = Cradle of Rome (remove only)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ffdshow" = ffdshow (remove only)
"GTA San Andreas" = GTA San Andreas
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmswitch" = Morgan Stream Switcher
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Poker Superstars II" = Poker Superstars II (remove only)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.8a
"XviD" = XviD Video Codec 24062003-1 (Koepi's developer build)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:48:08 | Computer Name = KESSLER | Source = WerSvc | ID = 5007
Description = 
 
Error - 12.08.2011 04:18:45 | Computer Name = KESSLER | Source = WerSvc | ID = 5007
Description = 
 
Error - 12.08.2011 04:19:59 | Computer Name = KESSLER | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2011 04:21:41 | Computer Name = KESSLER | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2011 07:48:06 | Computer Name = KESSLER | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2011 08:39:41 | Computer Name = KESSLER | Source = WerSvc | ID = 5007
Description = 
 
Error - 13.08.2011 09:28:34 | Computer Name = KESSLER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x001a986a,  Prozess-ID 0x1138, 
Anwendungsstartzeit 01cc59bb80474c15.
 
Error - 13.08.2011 14:38:03 | Computer Name = KESSLER | Source = WerSvc | ID = 5007
Description = 
 
Error - 15.08.2011 04:58:02 | Computer Name = KESSLER | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2011 05:48:46 | Computer Name = KESSLER | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 09.10.2011 12:58:53 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:02:11 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:02:11 | Computer Name = KESSLER | Source = LSM | ID = 1048
Description = 
 
Error - 09.10.2011 13:02:17 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:02:25 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:02:27 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:02:27 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:02:27 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:03:00 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
Error - 09.10.2011 13:03:02 | Computer Name = KESSLER | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >

Windows Vista 32bit von Bundespolizei uKash infiziert.

Plagegeister aller Art und deren Bekämpfung: Windows Vista 32bit von Bundespolizei uKash infiziert.