| |
| |||||||
Log-Analyse und Auswertung: Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.06.2012, 22:29
| #1 |
| |  Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe Hallo! Mein PC ist vom (Trojan.Spyeyes) (Adware.Onlinegames) (Trojan.Agent.Gen) befallen! Bitte helft mir! alle Dateien aus Eigene Dateien weg bzw unsichtbar... Was habe ich bis jetzt ungternommen?: Die Punkte wie hier beschrieben durchgearbeitet. Die Schädlinge sind noch drauf da es geheißen hat sie nicht ohne Anweisung zu löschen..... 1.OTLOTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 15.06.2012 20:53:31 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 82,10% Memory free 5,09 Gb Paging File | 4,76 Gb Available in Paging File | 93,36% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,08 Gb Total Space | 126,88 Gb Free Space | 42,57% Space Free | Partition Type: NTFS Drive J: | 149,05 Gb Total Space | 75,51 Gb Free Space | 50,66% Space Free | Partition Type: NTFS Drive K: | 7,36 Gb Total Space | 5,45 Gb Free Space | 74,02% Space Free | Partition Type: FAT32 Computer Name: MARCO | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.15 20:01:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2011.10.28 20:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.12.09 00:03:44 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2011.12.05 13:55:56 | 000,193,904 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2011.12.05 13:54:51 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011.10.28 20:35:28 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Viprebridge.dll MOD - [2011.10.28 20:35:28 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll MOD - [2011.10.28 20:35:26 | 000,591,232 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2010.02.10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.01 19:59:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 19:59:20 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.01 19:59:20 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.01 19:59:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.28 20:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.12.13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010.09.17 21:02:56 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.02.05 14:43:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Programme\Gigabyte\EasySaver\essvr.exe -- (ES lite Service) SRV - [2008.05.29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.12.11 15:00:00 | 000,692,808 | ---- | M] (Mirko Böer) [Auto | Stopped] -- c:\Programme\trafficmonitor\TMPacketServiceInit.exe -- (TMPService) SRV - [2007.05.11 03:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Marco_St\LOKALE~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.15 18:43:11 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2012.05.01 19:59:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.01 19:59:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2011.10.28 20:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.04.14 16:23:17 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.12.13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2010.02.25 17:12:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.25 17:12:31 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010.01.21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.12.30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.09.02 14:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009.01.20 12:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.11.04 04:21:04 | 000,083,296 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.09.26 10:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.09.25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs) DRV - [2008.08.28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.24 11:30:30 | 000,022,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mam3Wdm.sys -- (MAM3_01) DRV - [2008.06.24 11:30:12 | 000,028,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mam3.sys -- (MAM3_AA) Service for ESI MAYA44 Audio Driver (EWDM) DRV - [2008.01.14 10:46:08 | 001,867,840 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp) DRV - [2007.04.16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2005.06.02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005.02.23 19:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K) DRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI) DRV - [2001.11.05 11:56:00 | 000,032,960 | ---- | M] (ALCATech GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL) DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS -- (MarxDev3) DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS -- (MarxDev2) DRV - [2001.05.28 15:30:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS -- (MarxDev1) DRV - [1997.12.23 02:00:00 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ASPI32.OLD -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.03.03 11:46:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.23 06:50:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.22 17:56:06 | 000,000,000 | ---D | M] [2011.12.12 23:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.21 15:08:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.04.15 08:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.08 21:34:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.10 20:11:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.04.21 01:20:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.21 01:20:52 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.05.26 18:36:21 | 000,002,047 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml [2011.04.21 01:20:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.21 01:20:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.21 01:20:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [bjowggdyhclfonx] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bjowggdy.exe () O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Cmaudio8788GX] C:\WINDOWS\system\CMGxMon.exe () O4 - HKLM..\Run: [CnOServerLauncher] C:\WINDOWS\System32\CNOServerLauncher.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268222350281 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{475A6CB9-B217-45DA-8FD4-57A5C96EBC8A}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.10 16:05:32 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 20:52:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.06.15 20:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc [2012.06.15 19:56:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE [2012.06.15 19:56:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012.06.15 19:55:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.15 19:55:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.15 19:55:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.15 19:55:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.15 18:55:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2012.06.15 18:49:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2012.06.15 18:38:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mqkeqkmdcximyst [2012.05.25 22:15:15 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2012.05.25 22:15:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.05.25 22:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip [2012.05.25 22:04:53 | 000,000,000 | ---D | C] -- C:\Programme\WinZip [2012.05.19 17:22:27 | 000,000,000 | ---D | C] -- C:\TEMP [2012.05.19 12:06:57 | 000,000,000 | ---D | C] -- C:\Programme\Diablo III [2012.05.19 12:06:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Diablo III [2012.05.19 11:25:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.04 17:30:33 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk [2012.12.04 17:30:33 | 000,001,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk [2012.06.15 20:51:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.06.15 20:03:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\i2s67e5f.exe [2012.06.15 20:01:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.06.15 20:00:46 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.06.15 19:55:59 | 000,000,775 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.15 18:48:35 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.06.15 18:48:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.15 18:48:14 | 002,073,848 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2012.06.15 18:43:50 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.06.15 18:43:49 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.15 18:38:43 | 000,000,052 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ogkprofuklurkcl [2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wwvbkzum.exe [2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hspnbshr.exe [2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fxfgigry.exe [2012.06.15 18:38:40 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bjowggdy.exe [2012.06.15 18:29:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 16:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job [2012.06.15 15:54:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.15 15:54:38 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.14 21:16:38 | 000,449,162 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.14 21:16:38 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.14 21:16:38 | 000,080,732 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.14 21:16:38 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.14 21:11:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.07 19:28:44 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.05.19 13:17:00 | 000,000,824 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diablo III.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.04 17:30:33 | 000,001,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk [2012.06.15 20:51:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.06.15 20:49:56 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\i2s67e5f.exe [2012.06.15 20:49:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.06.15 19:55:59 | 000,000,775 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.15 18:38:43 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wwvbkzum.exe [2012.06.15 18:38:43 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bjowggdy.exe [2012.06.15 18:38:42 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fxfgigry.exe [2012.06.15 18:38:40 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hspnbshr.exe [2012.06.15 18:38:40 | 000,000,052 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ogkprofuklurkcl [2012.05.19 12:06:57 | 000,000,824 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diablo III.lnk [2012.02.16 16:18:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.10 17:19:37 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.12.10 12:42:01 | 012,177,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2011.12.09 15:17:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.12.09 15:17:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.11.24 21:06:47 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe [2011.11.20 12:23:11 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI [2011.11.13 13:30:55 | 000,140,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011.11.13 13:30:47 | 000,280,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2011.11.13 13:30:36 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011.11.13 13:13:24 | 000,000,276 | ---- | C] () -- C:\WINDOWS\game.ini [2011.10.14 18:52:01 | 000,000,770 | ---- | C] () -- C:\WINDOWS\ss_slide.ini [2011.09.02 13:53:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\CNOServerLauncher.exe [2011.08.10 19:35:43 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2011.07.05 18:15:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011.07.05 18:15:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011.06.10 09:11:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.04.14 16:11:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2011.04.14 16:11:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2011.03.11 19:59:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.03.11 19:59:29 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.03.11 19:59:28 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.03.11 19:59:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.01.09 16:08:22 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2010.11.19 20:26:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI ========== LOP Check ========== [2010.03.23 00:47:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atmel [2012.05.19 11:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.06.15 17:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010.03.25 17:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.04.28 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2011.04.28 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2011.10.02 21:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILOU [2011.07.05 18:15:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2010.12.10 22:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.03.03 11:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.03.07 14:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup [2010.02.25 23:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Movavi Video Converter 9 [2012.06.15 18:38:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mqkeqkmdcximyst [2011.12.17 16:27:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2010.03.03 11:58:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.03.15 14:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.03.10 17:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2010.03.11 00:41:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio [2010.03.15 14:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2011.04.28 14:40:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield [2010.05.30 14:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2010.03.15 14:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2012.01.15 16:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.03.07 22:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrafficMonitor [2010.02.25 17:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.12.17 10:48:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0157FEDF-3108-4F74-BBB7-808BD2FC02BD} [2011.12.17 10:47:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3DF8DA15-204E-4E48-A387-2A84546760AE} [2010.09.07 19:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.12.24 21:08:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{5AB81122-EBF9-4531-A9E9-D57960778847} [2010.03.07 13:59:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{783529ED-FB56-4E47-9A20-F9C23D22C2D0} [2011.12.17 10:49:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8AF9D3CF-B9B5-4F8E-B47F-D26DF984D190} [2010.03.07 13:59:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14} [2012.06.15 18:43:50 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.06.15 18:48:35 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 451 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:15E1CAA4 < End of report > --- --- --- 2. Extra OTL Extras logfile created on: 15.06.2012 20:53:31 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 82,10% Memory free 5,09 Gb Paging File | 4,76 Gb Available in Paging File | 93,36% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,08 Gb Total Space | 126,88 Gb Free Space | 42,57% Space Free | Partition Type: NTFS Drive J: | 149,05 Gb Total Space | 75,51 Gb Free Space | 50,66% Space Free | Partition Type: NTFS Drive K: | 7,36 Gb Total Space | 5,45 Gb Free Space | 74,02% Space Free | Partition Type: FAT32 Computer Name: XXXXXX | User Name: XXXXXXXX | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*  isabled:Nokia Service Layer Host Process -- (Nokia Corporation)"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:* isabled:Nokia Software Updater -- (Nokia Corporation)"C:\Programme\Pinnacle\Studio 10\programs\Studio.exe" = C:\Programme\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems) "C:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe" = C:\Programme\ScanSoft\OmniPageSE\EregGer\NAVBrowser.exe:* isabled:NAVBrowser -- (Naviant, Inc.)"C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Programme\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:* isabled:PMSRegisterFile -- ( )"C:\Programme\Pinnacle\Studio 10\programs\umi.exe" = C:\Programme\Pinnacle\Studio 10\programs\umi.exe:* isabled:umi -- (Pinnacle Systems, Inc.)"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- () "C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.) "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH) "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH) "C:\Programme\StarCraft II\StarCraft II.exe" = C:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:* isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)"C:\Programme\Pinnacle\Studio 10\programs\RM.exe" = C:\Programme\Pinnacle\Studio 10\programs\RM.exe:* isabled:Render Manager -- (Pinnacle Systems, Inc.)"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\StarCraft II\Versions\Base16755\SC2.exe" = C:\Programme\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller "C:\Programme\aon\aonInstaller\Installer.exe" = C:\Programme\aon\aonInstaller\Installer.exe:*:Enabled:Breitband-Internet-Installation "C:\Programme\WinSCP\WinSCP.exe" = C:\Programme\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl) "C:\Programme\StarCraft II\Versions\Base16939\SC2.exe" = C:\Programme\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Programme\StarCraft II\Versions\Base17326\SC2.exe" = C:\Programme\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Programme\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = C:\Programme\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 -- (Crytek GmbH) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\StarCraft II\Versions\Base18574\SC2.exe" = C:\Programme\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Programme\Valve\Steam\SteamApps\common\dead space\Dead Space.exe" = C:\Programme\Valve\Steam\SteamApps\common\dead space\Dead Space.exe:*:Enabled ead Space -- ()"C:\Programme\Valve\Steam\SteamApps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Programme\Valve\Steam\SteamApps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled ead Space -- ()"C:\Programme\Valve\Steam\SteamApps\common\stalker clear sky\bin\xrEngine.exe" = C:\Programme\Valve\Steam\SteamApps\common\stalker clear sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R.: Clear Sky -- () "C:\Programme\Valve\Steam\SteamApps\common\metro 2033\metro2033.exe" = C:\Programme\Valve\Steam\SteamApps\common\metro 2033\metro2033.exe:*:Enabled:Metro 2033 -- (4A Games) "C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Valve\Steam\SteamApps\coax_aut\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\coax_aut\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- () "C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- () "C:\Programme\Call of Duty\CoDUOMP.exe" = C:\Programme\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP "C:\Programme\StarCraft II\Versions\Base19679\SC2.exe" = C:\Programme\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB) "C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB) "C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware) "C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:* isabled:aolload.exe"C:\Programme\A1\A1 Servicecenter\A1Servicecenter.exe" = C:\Programme\A1\A1 Servicecenter\A1Servicecenter.exe:*:Enabled:A1 Servicecenter -- () "C:\Programme\A1\A1 Webassistent\A1Breitband.exe" = C:\Programme\A1\A1 Webassistent\A1Breitband.exe:*:Enabled:A1 Internet Installation "C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation) "C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation) "C:\Programme\Your Freedom\freedom.exe" = C:\Programme\Your Freedom\freedom.exe:*:Enabled:Your Freedom client software -- (resolution Reichert Network Solutions GmbH) "C:\Programme\StarCraft II\Versions\Base21029\SC2.exe" = C:\Programme\StarCraft II\Versions\Base21029\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\Setup_A1WLANAssistent.exe" = C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\Setup_A1WLANAssistent.exe:*:Enabled:A1TA WLAN-Assistent "C:\Programme\A1\A1 Breitband\A1Breitband.exe" = C:\Programme\A1\A1 Breitband\A1Breitband.exe:*:Enabled:A1 Internet Installation -- (mquadr.at software engineering and consulting GmbH - Web: hxxp://www.mquadrat.eu - Mail: office@mquadrat.eu) "C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\1_Setup_A1WLANAssistent.exe" = C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\1_Setup_A1WLANAssistent.exe:*:Enabled:A1TA WLAN-Assistent "C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\2_Setup_A1WLANAssistent.exe" = C:\Dokumente und Einstellungen\Marco_St\Lokale Einstellungen\Temp\A1 Servicecenter\2_Setup_A1WLANAssistent.exe:*:Enabled:A1TA WLAN-Assistent "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Blizzard Agent "C:\Programme\Diablo III\Diablo III.exe" = C:\Programme\Diablo III\Diablo III.exe:*:Enabled iablo III -- (Blizzard Entertainment)"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.976\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.976\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment) "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.998\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.998\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""Sudden Strike - Release 1.0"" = "Sudden Strike - Release 1.0" "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}" = Studio 10.5 Patch "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools "{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942 "{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4 "{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series "{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10 "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE "{64C13A35-B44C-47E5-88DC-0916FCE1E7C1}" = Sophos Free Encryption 2.40.1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7590F488-7796-4000-B440-EC9523CB8721}" = Movavi Video Converter 9 "{76B55683-1A17-CB8B-B1C4-A0A3F3C2D2D5}" = Catalyst Control Center InstallProxy "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{8ACF42DD-C998-ED3C-1446-93AFA65E823D}" = ATI Catalyst Install Manager "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{905A7A49-C6AE-4F77-8E69-AE8B9629D719}" = A1 Internet Software "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A041B6C7-CA7A-4A8B-9AFF-6402C8EE1920}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista "{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10) "{A84C7B4F-2D03-4991-B4D0-81295B6D34F7}_is1" = FILOU-NC "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1 "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam "{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}" = PC Connectivity Solution "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater "{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2 "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware "{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14 "{E88D4AC0-2992-46BC-B03A-992FF2D96DFB}_is1" = FILOU-NC11 "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries "{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center "{ED775CE1-E9F7-41C4-BE91-C925E6D5F513}" = Studio 10.5.2 Patch "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10) "{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "69083DC58646DE46A09847A522A1CC487F918039" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) "7-Zip" = 7-Zip 9.20 "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4) "9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows-Treiberpaket - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) "A1 Internet Software" = A1 Internet Software "A1 Servicecenter" = A1 Servicecenter "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "aonFTP" = aonFTP "aonUpdate" = aonUpdate "AquaMark3" = AquaMark3 "Avira AntiVir Desktop" = Avira AntiVir Premium "BPM-Studio 4 Profi" = BPM-Studio 4 Profi "Call of Duty" = Call of Duty "CCleaner" = CCleaner "C-Media Oxygen HD Sound" = ASUS Xonar DX Audio "Diablo III" = Diablo III "Direktfotosystem2_is1" = Direkt Foto System 3.x "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP "FLV Player" = FLV Player 2.0 (build 25) "Fraps" = Fraps "FreePDF_XP" = FreePDF (Remove only) "Google Chrome" = Google Chrome "GPL Ghostscript 8.63" = GPL Ghostscript 8.63 "HartlauerFotoService3_is1" = Direkt Foto System 3.x "Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio "HP Imaging Device Functions" = HP Imaging Device Functions 5.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0 "HPExtendedCapabilities" = HP Extended Capabilities 5.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "IrfanView" = IrfanView (remove only) "LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Nero - Burning Rom!UninstallKey" = Nero OEM "Nokia PC Suite" = Nokia PC Suite "OpenAL" = OpenAL "proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0 "PunkBusterSvc" = PunkBuster Services "QuickTime" = QuickTime "Redirection Port Monitor" = RedMon - Redirection Port Monitor "RollerCoaster Tycoon Setup" = Roll "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "ST6UNST #1" = Schachermayer Warenkorb 2.3 "StarCraft" = StarCraft "StarCraft II" = StarCraft II "Steam App 17470" = Dead Space "Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky "Steam App 211" = Source SDK "Steam App 43110" = Metro 2033 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 3" = TeamViewer 3 "TrafficMonitor" = TrafficMonitor 4.80 "Unknown Device Identifier_is1" = Unknown Device Identifier 7.00 "UT2004" = Unreal Tournament 2004 "VLC media player" = VLC media player 1.0.5 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WinAVR-20090313" = WinAVR 20090313 (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinISD beta" = WinISD beta "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 4.2.9 "WinZip" = WinZip "Wireshark" = Wireshark 1.6.5 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Your_Deploy_0" = Your Freedom 20120405-01 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.06.2012 08:57:02 | Computer Name = MARCO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 14973562 Error - 10.06.2012 08:57:02 | Computer Name = MARCO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 14973562 Error - 11.06.2012 12:21:03 | Computer Name = MARCO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.06.2012 12:21:03 | Computer Name = MARCO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 14984750 Error - 11.06.2012 12:21:03 | Computer Name = MARCO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 14984750 Error - 12.06₆苪黎质텤졈⠉栋ゲ跽礖몎⫪⺕볃ᆫ玤䃃칑셯怣꜉㿯ⲟ魴䂹•申瓺놪ܫ亃섋享쥲깸珿ẑ➝壗ꛜ❋찲麽襕拌鐧鏓ꐓְ韽眺ꩠ풹뻘흁뒠杙᪙㖶쟙话穡ᔺ纆뇜䳫㯩暴ニꎰ麹覾딴⾂祾ϭࠀ냚쫬蟺惎쁠뤐鉽曤ᳲ㯍棔ࡾ뗽쾘綖㔑먬♐ࣷ쑆嘿鸞쯕㏚ὕ䘚絫쒡䖖ꎣ䒊巅깃䙂錇霒랢횏∷鳓銿ꐲ◡ລ䶈珒 䰓牾鍈ꝺ巑剗渟⨦兲眎颺ꩆ䢖绅ﱿ噪蚏鷝湿ꐹ參蝷̐ᮖ⍾脰ᬺ澉휹糼遁尶夗λ螞쟂ꪖ탨稽͝ꗧ噚슳ꁵ쒖腆ᷘꇹ詇腲啒聾ꀣ丸泓龓棥粲ꇮ뷏쥑楻躆ᨬ깻콦᪒陨ᄓ뤂턶扴茗缘讯㨴ꟸ뒜릐⼏ߤ뤬ὔ漕齼Ჹ⁆儩4譆颬韌τ珗ᤏ豈偐㧌唗㾳濸쥡훐⸬䗿俁㓭㩋㲁䫨⦲굘᠆棯ნ쒽揤扶떛⚻媣i卦䋧ᨾ恏浇瞧ᙨ 쯦㲊ஒꡤ迾㙍룁⥿膎듓㙨ᓴ콋ۙ롼쳓鬃ᇳ椩黆役㳸縴摮֑寱憝㪪笩됃虄祔셭뜘ꅪ邌ꑺ쮏퓰ᔍ쌃홏폔ꄂ緹烋Ꭶ똛쮢獑凗闌䱗⡍뫼嗏촢篔춅ᚿ댠嶼ᭁ흺阓垨䅻句┸퍈龨⨌挚ﳋ浵囍禨哲⭊↢ヲ蝶㮺쏹䈢䠺㓟ffl䗣ˤ䑛鍩ᅳ샡潗艋풵죡僉ꑏ譚⾻仟碃練툪ꖞ㉁鎸쪣ﭻ罯搦㙂砝聏ઠ䀗ᒬѱ쒲솤፺⣕䢦吭b鹫젴ᒑ譝뮮ƪⷸﶶ颢☛쉡傏 頼殖壳⌈喝俳囅爻᮱ꬣﲢ粩극券乨쀲햸暕霻䟹ⲛ䆈㏴鎟Ẕ♡흪ꦨ乚䊈ᤒᏥ䁂퓇헳痠烷财⋵께욭Ή꿉엡㹚胔풊Ḥ졧᭹ↈ釭ﮒ핵욌慮칙ﶀᆛ阡셮骑ꫀ兰⢑汗ঀ옠嗧፫䉐瞭뭝鴫벬ᶤ䳥끄⢋匒瘸똤펗䱠을㸱窲鎫䶕킈宏쿀寍㭨虶䮹潞卋㧋€ 鸊樀섑D ⨀쑂៧뉢횴왈䎸뗚쟍ﳯ賣稑鱟蟾圙⽩䉿췖ꦟ窜⚨⦅豯ਨ㤮Ḥ驺㌲陠猣쬤ᆦ쁕傘ㄴ血㎒晐懩এ⋇됈ô ॵऀᇍ䳁 ࠤ䃀匧칱怷場ﭿၐ쀠澠憲찓辿縻쐛변炼塤醑⽙料䵧캲ﲴ볖풮⯠邒―ꁯ솟硹೫ꝍ償悳᧢ꂿ官꤁鳰獕洤郷镧鍇ᖝ嫮捕隴䢵汵苌촕ʱ翪ﺋ걏讲ꃾゲ혧띥同썭菿厁㸝ᑖ씕₭ាᦥ䇊뫅꺱攓趬隇ဵᎲ⡫数ᮙ哝ᆣଯ댹ꖢ홡ꕮ暧黇付܀媒ᄡ汽৮㕓靬鰛Ȋ밠滂쓚ქ䄤愬ת哓䅣ຌ͜㜀镘樘짖蘻٭᷶㰉ᩞ㾸㣞ꑄ 喀餀髪䕕莕翘⎂敋⸵▩譏묆豽㭎憗焌龶∙莇Ⳝ顕7씮잝⬤艂પࡕ諴ꂤ퉰䝘ॠ쌳䧏伊㏖∏闷ꎏ㦒蘿涄ꞥ冺ꨋ튛㺣鄓꠳ⲋ⦸ꐳ榽竺坐賻悈硄옸怷써誇ꪲ뗰퐀ꤗ⬯턉䷧捝詧≍オ⌆⏅縛粜Ԯ퀫ᄉ敒稽枋쉽⧔㹛꽈捚䒗鿱䊥ਙꁣ駂훏コ㐞ꨔ楰뛥戵켔ꝳ삖襡购捔٧㻉尷䴳⍶㷞ړ曜㡹㦄⍫鍿ꨩ톳땬䃤쇅稾웿푲揼㶒벗ㆶ᪺殇㷯 谡訰祍켡᧮芯扅魏⽿ⲗ⛹벾䣜珬睧댖탔ɕ禃菿꜋昖⡮㔐偄鿇䈮瑭⪭ꝱᓦ┏ᩜ흑ࡆ⯫좆輮焚麙流夡ے얌楦摈屷숏㙪咕ߪӢ퐻鱲璄쑍햀ᾚꯘ廙숨ᗥ矬膪䱙ꗄ彨惰뚝熼囗ᆱ秙ョ⬉⁈⮅륇ᄚ뮾뚋탪㸨뷦흌̍㿅룛鸃ﵫ㩚狟✏焮䂥节⦢ೇﺢ擅湀訔홈鶴利俺ႏᜃ䏿뢌劽糆ҼΛ駔醈㗨譼ᙚ卓㟇쐊泠퀜今턏ࢬ䚢䚗묕玞뮪ஐ坴歀 㿫靄㮺躡鿧ퟢ奎㧫㻀籓Ꮵ뗃㤋.蓘漃檒ꉁᴫ狽쑏㝻ᵊⷂ◛䠶ᶼ鷹臕ᇢ崁닧輄ꔄ댪쫾놫㜷ɥὠ㶈챊գ浳ゼ쏷⥊厹裆搇㵠㲨껼ꙺ丈⊋ꪓᬢ䚚¸懈儺ᴙ鳔ꧬ贼蠤鰇啶뷝వ呼ꅦﹷ肋懢䎞Გ⨸幫ⴄ欿뢎븟ꔩ騣﹑흏劀盘迖콱塆捡뺽ᑫ닁섑宛뗜ਕص硞㎼ɣ藗邿匆ꎪ옽鷪켧擀纫ꔌ暑ꚖⰭ랒ↁ宂ቖꆚ恈璂 膜侻ⷴ吟餫军녙楶໐ꤐ⋨∃볤쮩矩䂧㽘嘩耥Ģ婔̛笈兌䀦ឭ꽇볐ॖﻘꨵ囓⳻ꢙ䯡뼸濊笯ꢞ൭쀸须넴圃뼾吺砂僋ȯ擖ꌁ연천썫疹龈覌邫ㅼ㓨ዿ༒絾誡塩릥㹳机장ﺰ이ᤄ片쟍ຍ퐷닃꒢똆옴㎕볏왬從酺쌙栴ꛜ乃똖為訮쁜ꔶ教茇⑱ꖒ焿ꡜ➎刁䂖躙ꞔﴍ୫檏仐鶎瑻ݝ覆⇌댗뮺鮽擐饫宲䦭羨㏔枆뗰꿃⾟뗊鉹䐋껻驣갥雎䑍 䳲髩ⴗ粳꣭⤆垒濕᭴舍Ṡ♣ᄉ哚캶煢⪋锟절權靛庚Ⲽ贐㵓窨큚㪖쌞ຣ阰鄅ҡ蝒揧搷湬輹䟆㱳蔖ꙙ應儧졕∼鯹ә낵꠩쨍쵈ɳ瑷䏢켻谼◓㦎뺞뇸搮ퟱﰊ꽨䃂䩆屝Ᏸ䠉沉謮僲ൟ䍟̱沊嚪윿ꂌ逕ᕓគޛ曼줲ⳓ⭙ꖚ䅝˰䝎䀎澰豼ᜆ䧃痧崁박耞㺮줂絹쪨㎥瑸Α䄇㿟鏦캪꽊褷毐躙⫨칓䠃䫑뚪̄ᶶछ⟞뉺儵拡梇刎凡猵艑 絰輐ს귦病Ḝ଼儫音毛⨚팧ྫ䂡㭉蹂垨ꁰ극ఔꮽ६泄㣟睻捌굼㟠龎祫㷹鐌굕甶顃ꐷట젬狄캓喨胯ﶣﭚኗ쾅蹉뫴⭖잹㸟≚弑끁퓞魨켏ြ䆤翊뿗䞱䦭㵞릗쓚だﳿ줪᮲쏠뿸콨馊̊᠒㚫ᆾ跧곍㹗⨌惭릔赚詎掲Ԧ縭еꊞ돤佩答ꁂ鱸ꌚ 샷羄嬼䎪캹틩㍩ૃ餢疡꩒卖Ꭸ⒨玅挡吻쎉捋ഩ㨷蝯珲8妫怸䨊萲䕒틾ᨗ 脏煮뙮쳹遂鶣秔﹨霫⬅⿾ꏌ㫄ก薱퇭䒿뢛謹∛낯﹇뻥薠沗䛑巡餹泻☨ꂳ힁옙㖬ဤ㒛眨גּ㟴꙯勲錀벾荩﹀웬훌ⵌ鼴紱辝ᵞ棇࣪顎䰔鰼抁䢈矷ᐬ㳜㽱上扤ွ㳰᠂㴉椊ⵧ싿ࣇ뻔㴴᱆旿앙颛꧟㛱덵䜢퇩㚢暣垏䒛휅熈쨿▟틡阹傧嬍⢕蹴߿䏄网ⳗ㎪끈葽ऄꗋ쭡鐗̱䫬쮔ვ폠黦흘懵讛穮ឌ﹅퉇Ŧ㕇掲ᢄ 꺟ꅃ틺ꨧ$ ऀࣘ ᅩ廁 J䃳㠔뒺戔䱌챬㧄パ嶑㦯騨跚裾듎籋㗄灌ᑤꑽ⨃橝玕덞韪ᾏᅯ헺博溰幐骰蒭᩿矷蹙팖聵х췛桚﵌붮櫓財濿떕ທ¢ ॴऀᄖ滁 ࠤ䃂呷Ŗᠬ頗餠偘⼯⬯Ԋ诪㩎✉心㪜⼋⬯̊扲翯㫹ꪭᾃ蹽謐髊⸝蛘痾뉩풪倇岍撒셽嗸ᬷ璳톧⮡㴕뱟먦㝕梩请줌剒牲⃔銡㉒쾨놐ד鑊怜皌㊚㒲있ⴶ䣚蔲덑憦舽쒛롬Ѝ픡䓪㧌㙁ઌ比漦ᷖ㫙譲䓤徺랯谡଼ﳝ↛㽆ꦟ疽酢ꜣ릌嬜ᘬ쐢氽㭺뺎雈嘻늅钘ꨱ笼鱙鳐䈆흇ᨛ螇鐙វ⪴蜅ᄴ洍廔ṣ李鴐㙣ꇥ䢤冪滥Ύ䝄膠ڽ뉱뼄 疉躈됶㬏揓渰䘕‿フ餩챓甓晖莧쫐笰쟓袸ꪎ낐ꕫ溁湣訵푶䪬扮䉼汉ഌ汦윁㝬姡䫉楣䩀읱儇컥›굚咞潽奴틇ο逸和斤䗱緧ꆳ䂿⦰뵙윿픘鄭ὴ㬒稦㉽鈺妋퓠柶ৣ檒㲞쌾㩺弟혨ʥ棘訶ꇧ⅂氛ᔔ㻗㟌꼦룛᷿捥쏓F캥딏암앻ꔑ貼יִ쏨ꘝ洶機ꣻ⁼᧳ﲣ﷏쥊親耲⤶階ܒ됞魖䋒坤뗫ᛊ蹱ᒆ懈洹⪳휺₱꠫轴ꢆ퉁䚎 홫朰ᡖ橣ꉊ弿蠊粛큘摶ꦘ䑾攊苧䜏⋍锺鯅ጌख鼬ᣚ㔗럂嗬騞뭰먱띦䟬葉쐋𣏕ᾕ錫㐍礅䧆歯⽳Ɏ쁕㭽럡ꕒꌠ䫑錍쬦閒ᕸ뤜ꛏ龃ᎌ쀢쇈생寗䅒螤ㆂ顷Ꮃ龼贁溳아嬰䴝龐⩬㙐捵呙ꀽ鶦ଈ㮴ᬮ馷㟩驖쁢拷췊㙮ﴴ㾅⇫瑰蜧ꗚ蝜뢫瓙埞⚠║殟苁ꮂ욯桼甫쾝ፏ㐍朒눦ᄁ襠譛숣៊餕ﴷޤꦖ哃砺ⲹ筙⍗赸偺眥涬풽ⓥ霵◬ 韏胆ꃗ뤍徛쳫媯ꋉ䋜Ŀ堞ꃇ燊䭀孥㙄㍖虲뫺얶蟬爫匲䃢虂벍刾晌颳䊖䝅䗨뷬ᤁ疛뛳弶뢉盾ᮐ䰉戬莃䍴痾㇢ﱄ彻鳳ặ➏╎蜛蘠꽱뻲ﲭវﯳᴵႉ鮋ࡅ⛧ୈ㮗亍㞎ꡍ먗暌䮂䢕밈廫☋콕腘㙤氳્桐瀽ꃥ盵꺍縛璘鎘貰奦ᵖᷭ蹤䖤ꁳ왼詵훍鿽轍蝋騞冭夰쨠쿍ᣰ䜌陉詄哶㽴槸諜钯퓘Ꭻ蒊牴륇䁄渖泶 㜤⑴䟴使륻ꛥ쑔欔歵魿ⷦζ㣩럞흈즏괼尼刺˧挈굨ⴊ睦ጠ芌Ⓒ鄷↶骼㽰༲剃꒙Л郐Ѳ똂鮕폯쎓ڗ虴騙ᰬ렑傈ೝ쑶쑶᧻ẏ뽬荽ᖃ륡ƶ쭜蛭쯉퀻䔑ퟫ诡ᰅȖ㖰앋眷傤္肸੍빮뼮잒阽賘搖곳ﺵ崃뛆吴읥⭞⏕㣚䦝Ủꋀ䤜匓厨㳜ꡎ蟧홺㣆知∆鑰齦포쬏Ბ轒闖ﶂꖶﵦ٢黈럇ﰬ딐ꬸ䥻氮䝝Ҍ뵤救虳ᗞ璝㛛혓 㜠埂怊㵴碲饳ãᯎ짭⍢㘹혓鑈꧔ﯜ᧳섨泙戎峎湨⪙팜⾝鋮淓䟅춆戓ꃳ킠濬쟖罁瓶㐙㲊潏ԇ꧶汋㛻⻤뙩菖뫴뤶ᒋೝ勒腏Ԧ钀㭘퀠磻‟❙襕픕䔾垒툷ᕰ뀼댚糌濼쑢偛㩭㫞圤铪䯥ꡚڗꈵ庎༾떀ꡎ覇ﮁ놛㩱鉻炰ꗺⶵǼ랒㟴㎡踳邲⡣㔹济⡒雽綨鿑蕰踬瀮ꩠ땍鰜䊎炤玗應ژᖠ똸㧹輊篋暈濝炜淔隔ꇵ昳콢椵雀놺ꕿꩬ䗍 Ҧ엷탷ᭀ늹媏톃쬸暓凅㳒㵫莬Ꭻ官鲰Ᵽ杇䠥활ꣶ檩傹胛ﰿ본牏㻘搋ꭑ馱൸跡⢶㎞硘׀⯍邻懡ђ⛒ᾥ⮀릏꠴匊啑訔㙉帧葔南鷚鑍㝻ꁢ凷ἦ◛ἠ줥頩ገ鶴騧螱ຖꃻ鉇羗ꮝ鋾ꕌ맾脪ಲꀭ梌뿋ྟ攱紂శ䃣輆婡Ļ씌뭞纜ど鍠㌙튾砧袩႔楟Ⓔ䵌ꑒ囁䍬鈵念젧ᲇ辀褵餈ᔴ鍸㬳ꕍ蹧⸴㑾౬昍ᄺ偙ꫭ睁䉎皪썕守ꄾ◠뉮䅊誷挌ꩨ寂䚹 ʯᧈᙡ䓤잪萶ꓘꯣ❝′鷙㙼ㅙ⯥犮벮琖雲橅㴎ꒃ驕䒮潜⎻쇙༉姶䷄렬霁⢢ೈ땟ꇌ沽綣郛쭊杪騃ꪻ⾙ُ搘氁鍛쁉 ℉樀섑x ⨀쑂ᯯ戃Ằ쩺込∵ꆥᅯ訟ᅤ鲜짿ꫯ劳役ㅚ䑱땍鿾⌋ྲ¥ῑ㗧ឪ컯ዦ䂆⏢쫠呾녬ꀢꋺᘪ糮벡檳ꓳ鰑ᚚ뛽+ ॵऀᆚ迁 ࠤ䃄䱵轫몓ꕅ孕Ⱛ轡急샠벼겼ᜨޚ扣摞薂Ĉ恗⥩靯繟耜븒齎俜냲菗ⴣ晍訏뜅뚵㶲嬖﹊摽霗熝렉ᗧ㚜ᮓ쒖꽕㭺㮳籽ꃍ軵ഋ跽얪᪹헛儫倫ᅠ맂쁗큩懈轾彐ᙄ쥏쇙Ꝡ浥쪈룀橮䪮䭄彗飂꾍煇啛瓵뾬鄫쭏웿⌟貀楍諭厰夒玭幆敄乴锤뛡Ừ翧ᖡ틋ꕹڴ꼼쎢⺡臏휼垨魶ﶏႺ貽깋㧓栭㑫㥧㒢桖휪▲떁ᢠ惡ᨳਹ곷k元㼑杨뤵餡ᯥ㷈⏄鶮 푅斓춼煮㥄⪢᭽괰⢔٘쒼妢ᱟ騬쳔璮눾纅捰褑Ⴘ켉醑黸郙疍䝗㥟措崬絭䓴箶ꩪ矉듴嬴扠ṵ龋鸹䷗汶拺ᯒ잗峲譇쌹敼檆쐒䂰勇ꋩ甛ᐱ柟ᡚ쪲㢎獹삪࿑籹漶常ཞ䪇﨓ꢠ퓯鮻쨘橽ذ놕ቆ斖泭Ჾꎫꓕᇎ貈根烄链歛䍶櫶잋옜ٴℌҋ땻菰ꆿ韂袦꺪절舔첝ገ㓦冢䥯⮤䤣ⓙ냥苠룱䔰屳ؙ惛됛ಽ是䱝秡閭뿠匄ᥞ곶巳᱄늌ⴃ ⧼ﱮ똒鑭籦츦ꞯﮃ確蠿⧉슀缉婀졎ꙏﬠ為甴ⷒꆐ륍象ꮢ曊ꢔﻅ揂癦剼퓷쁆쵑ퟨꏲ엊䜡㆚鼺싾ﯴ릐䡦篠⻞埚蓞艝ƒӤ黼⨶姤ﴀ벾鼊ᮂꁦ㍨銧᱖ꑮ⸑䊾쀈끛霶킓躗␚鱅섑㊄ṹ首듒豓즏㻊蚰䭆ꏠⅅ潆쇡們疉ᚥ颬ﷂ咷㠤鍥튝谞⪛龫璑鰃븖ꖐ卪瀈ứ誫熷ꙙ倕咑꜖൮ꉸᕗ拟ꤋᇰ쒗嚅磽ℏ鸈፯Ꞛ勻Ე烲㷜봣㵸뱱聥 䅎㪠䳤癅尒父堊门뽯㚼阒옻풁㲢耹只需뫐희ᵃ챯蕞滾䒙죲蕶礎쥋䙜殨偪닔◔憸ꂄ閿보韇㗟꾑露両섶枱ኻ੭눀㸝䃫拁⨕圲ζ冡幑䐲ಖ㱯숏꽽䂢쏛䭢扟བḀ랂ᖵ鋑盧㘃뎫灣佴玀䚜场挜욅줬ǟ냵Ꙉ皾暮ꉱ鐻孖臓⫺灾ᡱꖢ킲硦싖T⨍嫏䁜Ⓔ︃叵㙎瘺㭽፫銆哪ᕲᕫ맋ဎỆ惡煮ᅠើ衫괟Ҟែꉂ됢鴐쉾凄ꨡߦ膖䤂樢葸屦흦 鶀癬뱃钵睑ᤢ᚛閌朊ﱛᷟꆨ홎쑔鼍뒌ᬫ컙藛쟶흃꿫鷈蝿㡿1䷿腭ဩ裄桐劒Ꙉ㷊恄䀽規撢잮娊ꯅᨽ踎틥뷎ದ鶥⬀ꄥ옺렂隅냥줼卿윘䛛㼪爬ᯝ㧯㧢䵓㔿㘥碲跖⣡㻓꧘搂䱅♵硏⥅ឞ汽䶙阉Ჾ뒂왟켌囚袘坙ท텨⽶烜릐稻剑奶鰁㋻餿뤞弩⊂䕱辤풒Ʈ⭺ᝡ墭ﲟ봀∷㴘Νሦ᳂䙈㓠饏ﷹ皺瀸ഇ⅒鬣⟜ጋ賲䘻㧝颵䋤ࠑ慗䣣씈棦哿쒕 ힴ怀붝毹ݭ粝棪朘뚵硘ڦ햣牲珮♄耭}蝥좇孴ェ볞끕䡃㱥畿ꆻ⚐쮻랠痌ﴥ㑴戛賟꼦ꄍ迃ꋅ뫍៩⬺ꓨ溿鐤嬞苰ꋷ鎽颠咜䒀瘝쭁杉湪埪ₓ饶뀧灾柪磺쁩㗯玾ሲ鼬㱱쒕♿ᣁꌦຣ鏀챻쁈㱴咯唈輢뽰鷿┢㫆絚齓攔꺯㻌僯檵햷磄䜍拾蒛뜎頀ł绹혹᪥됕౺ﮃ嶆豺뵸籔挙䐡牴췟ꚕ鎡䇕㟃鷱컱㽚켹번㡹ꇪ㶯瘶닃♒ Ƀ௰迆㸖㶑莯瘉茳Ý㣢絇쬙ʧ渏쥀祲梻띏練鋚摮謑⾬웶㹆葊ࡦ쟬쩊⽫쓧摂㵽稞钌뒊읈䋎ᶜꄮ䝔簙쌺魮軣⍍啀缃ﳴ뾛쾝쩚㖤捅ᡕ⟌ 3.Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-15 23:20:06
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\JRAID1Port5Path0Target0Lun0 SATA____ rev.0000
Running: i2s67e5f.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd6007f5
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd6007f5 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 506D802C4BD9320BD25C672EB68AFB6E6573114138ABB6C9FB5999EA1E3254D3D1A3D5E42B8A7485F545173648821B791F834EE0FE4CB65D5AF6F319518B73F67C2A4810D46FDEB5F03B5BD3A7E8DB524E916F31AA626E07BFA820349813C1CDBDE060B1635A1DB496EBCA60E4AF893DC8BE37845EA06353261C2D2A4DDEA4CE53261E6E05E010010B08EF5B248D2161B72D5ED3D47DD1325D06A20ADCC63450D25EF10F7ADA4DFE46464B679BFCD1C9980311BA5834A7F7879DF70B4764391323F3C2839BE69CF394FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6171C11EC38DE3D62417CE825159AF1326A398E12583565CA1569BF3B9F28677817DAA18348D9632FE1DE5F0CFA12A39FB9944BD656939461C7424BF4DA3FDF2472C59DC1B8C0D27B0D8565B35D5819B15184103BDBA543AF2E7301309E92A1F365E315506C3E699872FE72CFC003B2684D4E29F26B093787F39821C386EA76A9474CDF483D60975837F914D8DB0B22C7C0DC79F838BF87BDB677844966F1FB0DE4BCEA83B89D9E93F44DEC8A1A4E71D7AF3D7609ACB0A32D0AF396204239A4E67D13B6A1A34C9626386FAF659A8DFB2796A2AC2562274932751CD5685532B5874653D505F2ABE7EE8100A72E32E
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Und zu guter Letzt die Log vom Malewarescan: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus) Internet Explorer 8.0.6001.18702 Administrator :: MARCO [Administrator] Schutz: Deaktiviert 15.06.2012 19:58:31 mbam-log-2012-06-15 (20-46-40).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 415471 Laufzeit: 45 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 2 J:\Programme\WMR\WmrProInstall.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\XXXXX\0.6343209680516496.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) Habe probiert die Schädlinge mit Malwarebytes entfernen zu lassen. Laut Malwarebytes wurden die erfolgreich gelöscht, allerdings ist der PC immer noch gesperrt, der "Ihr Computer wurde gesperrt Bildschirm" erscheint immer noch. Was nun? |
|
18.06.2012, 13:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
| Themen zu Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe |
| ad-aware, adobe, adware.onlinegames, alternate, antivir, avira, bho, bonjour, browser, call of duty, canon, cdburnerxp, cleaner pro, converter, dateisystem, einstellungen, error, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, logfile, plug-in, realtek, recycle.bin, registry, rundll, scan, searchscopes, security, software, teamspeak, trojan.agent.ge, trojan.agent.gen, trojan.spyeyes, udp, windows internet |
Linear-Darstellung
