Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam

fabishko · 11.08.2012, 15:11

Hallo zusammen,

Seit ein paar Tagen, habe ich das Gefühl, dass etwas mit meinem System nicht stimmt. Bei der Chronologie der Ereignisse bin ich mir jetzt leider unsicher.
Vor ein paar Tagen wurde ich vom gmx-mail service beim login darauf hingewiesen, dass möglicherweise mein Passwort geknackt wurde und ich mein Passwort ändern solle, was ich auch tat. Davor (glaube ich) bekam ich ab und zu ein Popup mit folgendem Inhalt:

In dem Skript auf dieser Seite ist ein Fehler aufgetreten.

Zeile: 1054
Zeichen: 1
Fehler: "tr_uid" ist undefiniert
Code: 0
URL: hxxp://vtracy.de/js/mulin.js?898299580

Möchten Sie, dass Scripts auf dieser Seite weiterhin ausgeführt werden?

Man konnte dann "Ja" oder "Nein" auswählen. Ich habe immer auf nein geklickt. Vielleicht einmal versehentlich auf "Ja".
Das Popup trat manchmal garnicht, manchmal ständig auf.

Beim ersten Auftreten habe ich direkt mal versucht mich schlau zu machen. Das Problem ist noch ziemlich aktuell, wenn ich mir das Datum der gefundenen Threads anschaue. Es hat wohl anscheinend etwas mit ICQ zu tun und es wurde empfohlen, ICQ zu updaten, was ich vor kurzem getan habe.

Quelle:
"hxxp://www.hijackthis-forum.de/hijackthis-logfiles/60786-virus-erkennungsmuster-des-java-scriptvirus-javascript-iframe-jy-3-a-2.html"
"hxxp://www.gutefrage.net/frage/skriptfehler-pop-up"

Es ist bisher noch nicht erneut aufgetreten, aber wie gesagt, es trat vorher auch unregelmäßig auf.

Außerdem bekam ich von Avast beim letzten Steamupdate die Meldung, dass es sich bei "FileSystem_Steam.dll" um einen Virus handeln würde. Auf mehreren Seiten wurde gesagt, dass es sich hierbei um einen Fehlalarm handeln würde. Ich habe dann den Steam-Ordner bei Avast zu den Ausnahmen hinzugefügt. Als ich jetzt nochmal in meinen Avast Virus Container schaute, bemerkte ich auch eine "autorun.inf" Datei, die - glaube ich - von meinem USB-Stick stammt.
Im Virus-Container finde ich nun die ursprünglichen Orte:
"autorun.inf" in G:
"FileSystem_Steam.dll" in C:\Program Files (x86)\Steam\bin
"SteamService.exe" in C:\Program Files (x86)\Common Files\Steam

Sollte ich den Stick am besten im Ubuntu Live System checken lassen?
Nunja, nichtsdestotrotz würde ich euch bitten - um sicher zu gehen, ob nicht doch etwas an meinem System faul ist - die Logs zu checken.
Danke im voraus!

OTL logfile created on: 11.08.2012 15:40:07 - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 73,58% Memory free
15,83 Gb Paging File | 13,86 Gb Available in Paging File | 87,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 645,29 Gb Free Space | 69,28% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 18,85 Gb Free Space | 4,05% Space Free | Partition Type: NTFS

Computer Name: BABUMMSKI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (a4djavs) -- C:\Windows\SysNative\drivers\a4djavs.sys (Native Instruments GmbH)
DRV:64bit: - (a4djusb_svc) -- C:\Windows\SysNative\drivers\a4djusb.sys (Native Instruments GmbH)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC B3 F7 B7 9F 77 CD 01 [binary data]
IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.08 15:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.09 13:59:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.10.22 12:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.05 18:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hf9gbaw3.Standard-Benutzer\extensions
[2012.02.25 20:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.09 13:59:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.09 13:59:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.09 13:59:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.09 13:59:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.09 13:59:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.09 13:59:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.09 13:59:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.americanapparelstore.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.americanapparelstore.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: ScriptNo = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1106264710-4209462494-2898982619-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{245C74B9-1458-49B6-B5E4-868D617D7488}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.23 19:28:33 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.11 14:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.08.11 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.08.11 12:02:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.09 13:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.09 13:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.21 11:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.21 11:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.21 11:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.07.18 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.07.18 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer
[2012.07.17 18:18:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6647B53B-055F-4E8A-B345-072AF629ED39}
[2012.07.17 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C975DDC0-639B-41E5-89D6-34181E2163C6}
[2012.07.17 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3DB984C9-BC68-4E8A-9B30-5718563BD90E}
[2012.07.15 19:52:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.07.15 09:10:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2012.07.15 01:32:18 | 000,000,000 | ---D | C] -- C:\Users\***\eTeks
[2012.07.15 01:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
[2012.07.15 01:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sweet Home 3D
[2012.07.14 15:33:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.07.14 11:09:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder
[2012.07.13 23:40:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wohnung

========== Files - Modified Within 30 Days ==========

[2012.08.11 15:24:03 | 000,022,347 | ---- | M] () -- C:\Users\***\Desktop\thread trojanerboard.odt
[2012.08.11 15:08:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 13:50:40 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 13:50:40 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 13:43:20 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 13:43:10 | 000,414,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.11 13:43:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 13:42:57 | 2077,904,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 13:41:26 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.11 12:05:23 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\m2pe0udn.exe
[2012.08.11 12:02:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.11 12:01:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.09 09:54:24 | 000,017,268 | ---- | M] () -- C:\Users\***\Desktop\bilmedigim keleme ve cümleler.odt
[2012.08.08 17:37:00 | 000,029,274 | ---- | M] () -- C:\Users\***\Desktop\OpenDocument Text (neu) (3).odt
[2012.08.03 21:56:07 | 000,093,052 | ---- | M] () -- C:\Users\***\Desktop\Unbenanntui.jpg
[2012.08.02 13:48:15 | 000,611,234 | ---- | M] () -- C:\Users\***\Desktop\julienhöfen2.pdf
[2012.08.02 13:45:06 | 000,994,784 | ---- | M] () -- C:\Users\***\Desktop\julienhöfen.pdf
[2012.07.31 18:44:29 | 000,720,706 | ---- | M] () -- C:\Users\***\Desktop\IMG.pdf
[2012.07.30 09:45:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.30 09:45:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.29 13:29:34 | 000,573,402 | ---- | M] () -- C:\Users\***\Desktop\IMG_0003.pdf
[2012.07.29 13:28:30 | 000,832,086 | ---- | M] () -- C:\Users\***\Desktop\IMG_0002.pdf
[2012.07.29 13:27:38 | 000,539,843 | ---- | M] () -- C:\Users\***\Desktop\IMG_0001.pdf
[2012.07.28 16:57:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.28 16:57:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.28 16:57:50 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.28 16:57:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.28 16:57:50 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.15 17:45:04 | 000,026,630 | ---- | M] () -- C:\Users\***\Desktop\wkm fragen.odt
[2012.07.15 01:30:54 | 000,001,133 | ---- | M] () -- C:\Users\***\Desktop\Sweet Home 3D.lnk
[2012.07.14 10:59:26 | 000,022,501 | ---- | M] () -- C:\Users\***\Desktop\weitere übungen.odt
[2012.07.14 05:29:29 | 000,823,813 | ---- | M] () -- C:\Users\***\Desktop\SWEET HOME - Vorlage.sh3d
[2012.07.13 23:20:39 | 000,014,326 | ---- | M] () -- C:\Users\***\Desktop\jojo.klf
[2012.07.12 23:06:45 | 000,030,051 | ---- | M] () -- C:\Users\***\Desktop\hüftbeugeübungen.odt
[2012.07.12 22:55:17 | 000,030,127 | ---- | M] () -- C:\Users\***\Desktop\WKM.odt

========== Files Created - No Company Name ==========

[2012.08.11 14:34:36 | 000,022,347 | ---- | C] () -- C:\Users\***\Desktop\thread trojanerboard.odt
[2012.08.11 13:41:26 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.11 12:05:23 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\m2pe0udn.exe
[2012.08.11 12:01:50 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.03 21:56:07 | 000,093,052 | ---- | C] () -- C:\Users\***\Desktop\Unbenanntui.jpg
[2012.08.02 13:48:51 | 000,611,234 | ---- | C] () -- C:\Users\***\Desktop\julienhöfen2.pdf
[2012.08.02 13:45:37 | 000,994,784 | ---- | C] () -- C:\Users\***\Desktop\julienhöfen.pdf
[2012.07.31 18:45:38 | 000,720,706 | ---- | C] () -- C:\Users\***\Desktop\IMG.pdf
[2012.07.31 00:52:37 | 000,029,274 | ---- | C] () -- C:\Users\***\Desktop\OpenDocument Text (neu) (3).odt
[2012.07.29 13:29:37 | 000,573,402 | ---- | C] () -- C:\Users\***\Desktop\IMG_0003.pdf
[2012.07.29 13:28:44 | 000,832,086 | ---- | C] () -- C:\Users\***\Desktop\IMG_0002.pdf
[2012.07.29 13:27:48 | 000,539,843 | ---- | C] () -- C:\Users\***\Desktop\IMG_0001.pdf
[2012.07.15 17:17:33 | 000,026,630 | ---- | C] () -- C:\Users\***\Desktop\wkm fragen.odt
[2012.07.15 01:32:13 | 000,823,813 | ---- | C] () -- C:\Users\***\Desktop\SWEET HOME - Vorlage.sh3d
[2012.07.15 01:30:54 | 000,001,133 | ---- | C] () -- C:\Users\***\Desktop\Sweet Home 3D.lnk
[2012.07.13 23:20:46 | 000,022,501 | ---- | C] () -- C:\Users\***\Desktop\weitere übungen.odt
[2012.07.12 22:56:14 | 000,030,051 | ---- | C] () -- C:\Users\***\Desktop\hüftbeugeübungen.odt
[2012.07.12 22:53:44 | 000,030,127 | ---- | C] () -- C:\Users\***\Desktop\WKM.odt
[2012.06.17 00:25:31 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2012.05.05 20:33:47 | 000,000,001 | R--- | C] () -- C:\Users\***\serverport
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.28 21:32:50 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 21:32:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.22 11:29:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.22 03:58:52 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 19:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012.05.06 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.08.11 14:16:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avid
[2011.11.12 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.05.16 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.08.11 13:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.23 20:44:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.09 23:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.18 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EarMaster
[2011.12.03 15:54:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.11.27 00:51:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2012.08.11 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.10.24 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2012.06.06 08:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2012.05.31 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusE
[2012.06.23 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.11.13 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.10.25 18:57:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.10.28 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.07.18 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.06.23 20:45:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.08.11 14:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VST3 Presets
[2012.07.18 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.08.11 13:43:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >

OTL Extras logfile created on: 11.08.2012 15:40:07 - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 73,58% Memory free
15,83 Gb Paging File | 13,86 Gb Available in Paging File | 87,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 645,29 Gb Free Space | 69,28% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 18,85 Gb Free Space | 4,05% Space Free | Partition Type: NTFS

Computer Name: BABUMMSKI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1106264710-4209462494-2898982619-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08087361-2B9C-4F6E-9882-3882E8ECEBE1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0BE3913C-367C-4BEC-9D53-9AD85517513C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{137BC253-B2D5-4EBB-805C-5020EFE523A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{155D82E5-12D4-4848-A89D-776FBD30F07A}" = rport=139 | protocol=6 | dir=out | app=system |
"{169FD6BE-5673-481B-9281-61C3641A196E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{328EA478-89D7-4AB1-97D4-AB29BDFFCDC6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39566398-5206-4E81-8858-30CB0317A969}" = rport=137 | protocol=17 | dir=out | app=system |
"{47407CF2-9E3C-47CC-B17C-B09D5934A586}" = lport=138 | protocol=17 | dir=in | app=system |
"{4FEFBAE5-5BEC-4DAB-AA2E-4FAF78C1BF1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1BC727-56CD-45F3-BAD7-AB5D5822C2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8378A8F2-6249-4631-8007-F69C75E452F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{935A63D3-EFA8-4326-BF13-8D72607E8730}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98DB5B3E-D18C-45A1-8DE6-501C2A7B3593}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCFED06B-28E1-4D63-B64D-186948C3EAC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE2E317D-C9FC-45D0-8E5C-FD321479ECF1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C165AF5C-F2D4-40ED-AAB3-A2F40E771A32}" = lport=137 | protocol=17 | dir=in | app=system |
"{C2E179C7-B75B-4E59-A8FF-0E46AED257DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9519E5F-B769-4297-BD1D-06866CDED6B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D574BBAF-3043-48DD-93DD-4D21FE0BE18F}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC267FA4-64E7-4514-AE21-244E30F8457E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DCF55CA5-86ED-4C63-9989-341AE89E7128}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1B787CF-7019-4F21-90C9-2F7F60E9AFDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E515D6C0-4277-432B-A085-12C7FDC863F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA8A5847-0B96-43DA-BE1F-95D2A4D74989}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FB280941-6C55-46B6-A094-1909B1B54320}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DA7E3B-582E-428F-ABE7-B6486BC23492}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{0363C470-E308-4C87-9D7B-2C2B0BDD54BE}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{0948A4D4-B659-490E-96A1-7E984280CE3A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{0D54F4EB-0866-454D-A25A-FA0C82103697}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BF38FF5-291C-4909-8100-1A8D1342E994}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{1C0D3D88-5BD5-42F0-AFC0-DC70F2DE5912}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{1DC592D1-7B37-4BAE-BF0A-300E3269EEF9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{20955CF6-47B0-415A-8632-95682769A6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{237E439D-4B0A-430E-A626-4CE2CA614D91}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{2563449A-D4C9-4B3D-8A39-1F63866A82C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2A286F84-F15D-4DB0-B7A8-249DE67AD32E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ra3pg\counter-strike\hl.exe |
"{2C2966F7-8349-467A-BBAB-9422646FB8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{30F21CC9-0F6A-49E0-A614-16645BB07011}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{30F56284-97C8-4F47-9ED8-8D23898CD018}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A85E9FF-E707-4942-899C-1FE0281A6CE8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B1679F0-7752-4F31-A7EF-7F0B880F343D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D4836BC-710E-4798-9E92-DE56461314E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{486F1757-37DA-4ADB-93E3-ECD7C7D9C672}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{4B5B1C25-61BC-49C7-83E9-98254920FA06}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{59B1AE49-63D0-4CD0-AA86-7B19D4FE5436}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59C936F6-0DE7-4CC9-8717-5D57A92BAA60}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AFA8D4A-8193-46D2-8332-EAAD3262D1FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CF65132-C1A2-4340-8268-7716317A28B8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5D0A5EE5-8515-47D1-8B95-B7EA540F9DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6038C83D-DF2E-4C10-BC1E-08364300E780}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61199540-277C-44C8-88EB-61F9CF4858DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62443DA6-BE02-4CD6-81FF-0BB3F263A4AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62833792-8FC8-4734-BB84-D13566088AE4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{639802C5-D860-4FE8-8836-D9185C392319}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6720F65A-B662-42B9-82A6-37A860CAD212}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{683728D6-4095-42A2-9258-B16AB98FEBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{6C33CC62-F99C-4A92-AD28-93D57F7D50F5}" = protocol=58 | dir=in | app=system |
"{6FEBAC04-65BD-4BA7-86EB-D59C629124AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{77471AF4-5053-4228-85D9-63E9DA780A84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{805C8AD8-EDF7-4424-8656-951A8ACC427A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{816321A5-15EB-4FD0-BE03-13AC8CAF8F29}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{83239C39-5217-45BA-99AC-B19C6BB6A8BE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{8F66966D-1EBE-4C64-BB74-BA582EE80F12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ra3pg\counter-strike\hl.exe |
"{90FF2E9A-CF81-4C39-A7B0-F49828D78752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91A308C4-7CCD-47EF-8FF6-2E41BA5784C0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{91AAFE4B-F097-4026-AAB3-DA55ED59CB5B}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{97EA288C-9AFB-42C7-A098-55429F86F7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{985031A2-FF63-48AD-9E34-DD4CAA711C6F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9C48C0E2-370E-4635-B6B8-F36C0073BDE2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9E173CE9-10B1-4402-894D-6444E9371AB4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A3322B0A-0332-4608-B7E4-95FE22AF9B86}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A3ADCC48-B423-43FE-AF49-6766BBAD5BF5}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5C52769-5540-4415-8745-8C59C3806B6B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A6860FF6-7677-41DD-9043-AE912742F845}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AFC9CE4B-C265-4C93-A065-758A141224F0}" = protocol=6 | dir=out | app=system |
"{B1CDC353-8BB1-4972-972E-FFF7E0369B01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{B4E44F8D-0ECC-43D1-B79C-0DE6C86821F0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{B6EC1478-B0C5-4313-9C82-1A50C075FBCB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7227244-B0EE-4058-B5CD-77B9C666D018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BDCCDBF7-BEC7-41AE-87C2-FBE5A938E052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1589293-D12B-4694-915B-18F38830DF0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ra3pg\counter-strike\hl.exe |
"{CA6BA36D-A3A4-448A-B576-6D6C05F88238}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CC967435-2AA7-4481-84B1-237536A5193F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC0AAD0-FB98-4CA5-B134-87218BFDB2A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D4CECF3E-DCA1-4F6E-BCDE-6586D2FD0AF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{D76FAE0E-1465-4641-A7B7-29043C4B5A5A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9D9324E-8231-4178-BB10-AAFB68EA49B5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E2B7208B-3B12-454E-A9ED-20D6BBF4BD23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{EAED4A1F-B089-4E6A-929A-D7F5B4D75E39}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{EE276059-52D8-41B3-98BC-5BA53761E71E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EFDF69A8-9F8B-4838-8430-1761075A575A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F1786A69-3CF8-4FA0-8FA7-05E814310470}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{F1D3807D-A7C5-4FB8-9756-BBF22FA2A77F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F2A2F9EC-1AA0-485C-9301-3B14F68C7C31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ra3pg\counter-strike\hl.exe |
"{F9C76F51-6EC9-4203-9D01-FF1A97EA108C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD78666B-9B8B-4342-83B7-8B1B63371A28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"TCP Query User{352D55B1-AA65-4049-BA7C-2A1939C21BF6}C:\program files (x86)\activision\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare1\iw3mp.exe |
"TCP Query User{42D7B06F-B6DA-4DAF-A18C-503F1B358252}C:\program files (x86)\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gw2\gw2.exe |
"TCP Query User{68D2C1FB-0C58-4685-91AC-16014271EE38}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{6C574267-FE99-48EF-867D-EC0698560CAD}D:\programme\opera\opera.exe" = protocol=6 | dir=in | app=d:\programme\opera\opera.exe |
"TCP Query User{7317C091-49C3-4DCF-9894-5CF8C85C8110}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{D868CB1E-4F3A-476D-A551-C93AC67CA440}D:\programme\opera\opera.exe" = protocol=6 | dir=in | app=d:\programme\opera\opera.exe |
"TCP Query User{D8B843AD-0826-46EF-8E1E-A40533565A65}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"TCP Query User{ECC92F47-D4EF-4EAF-8D4B-BFDD137A1CCC}C:\program files (x86)\gw2\gw2.tmp" = protocol=6 | dir=in | app=c:\program files (x86)\gw2\gw2.tmp |
"UDP Query User{0141822B-F2FB-4A23-83F2-84D6FB156376}C:\program files (x86)\gw2\gw2.tmp" = protocol=17 | dir=in | app=c:\program files (x86)\gw2\gw2.tmp |
"UDP Query User{07AC71F8-5DEF-484D-B06F-B4AE3527E423}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{28FEF739-C04D-4B4D-84D1-FB30DA74E36F}C:\program files (x86)\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gw2\gw2.exe |
"UDP Query User{30C4EFEC-4B22-4BE6-8DE8-4F565F5F378B}D:\programme\opera\opera.exe" = protocol=17 | dir=in | app=d:\programme\opera\opera.exe |
"UDP Query User{57EBC9E6-7FB5-4637-9C8F-0BECFE78AADF}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"UDP Query User{6E19020A-E18C-4642-B472-4612795BD245}D:\programme\opera\opera.exe" = protocol=17 | dir=in | app=d:\programme\opera\opera.exe |
"UDP Query User{A9E5FA10-1F77-4978-8D92-C62BCBEE11AD}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"UDP Query User{F84358B0-A1DE-4887-ADBD-4D22145DA5B0}C:\program files (x86)\activision\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare1\iw3mp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F7BE399C-3D88-420D-86BC-F3D75203B70E}" = Service Center Setup
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"EarMaster Pro 5_is1" = EarMaster Pro 5
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"HLSW_is1" = HLSW v1.3.3.7b
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.49a
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Native Instruments Audio 4 DJ" = Native Instruments Audio 4 DJ
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rekkaturvat" = Truck Dismount (remove only)
"Steam App 10" = Counter-Strike
"Steam App 24240" = PAYDAY: The Heist
"Steam App 42910" = Magicka
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1106264710-4209462494-2898982619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Native Instruments Service Center" = Native Instruments Service Center

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.07.2012 13:04:43 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12995

Error - 29.07.2012 13:04:44 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.07.2012 13:04:44 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13993

Error - 29.07.2012 13:04:44 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13993

Error - 29.07.2012 13:04:45 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.07.2012 13:04:45 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15007

Error - 29.07.2012 13:04:45 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15007

Error - 29.07.2012 13:04:46 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.07.2012 13:04:46 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16005

Error - 29.07.2012 13:04:46 | Computer Name = babummski | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16005

[ System Events ]
Error - 23.07.2012 15:51:58 | Computer Name = babummski | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3

Error - 24.07.2012 15:59:20 | Computer Name = babummski | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 24.07.2012 15:59:21 | Computer Name = babummski | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 28.07.2012 04:46:27 | Computer Name = babummski | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error - 28.07.2012 04:46:28 | Computer Name = babummski | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error - 30.07.2012 03:41:20 | Computer Name = babummski | Source = DCOM | ID = 10010
Description =

Error - 02.08.2012 04:30:47 | Computer Name = babummski | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 02.08.2012 04:30:47 | Computer Name = babummski | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 05.08.2012 06:12:45 | Computer Name = babummski | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 05.08.2012 06:12:45 | Computer Name = babummski | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

< End of report >

cosinus · 15.08.2012, 17:15

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

fabishko · 15.08.2012, 21:23

Danke für die Antwort. Ich bin jetzt aber erstmal für 2,5 Wochen im Urlaub. Kann das ganze erst danach machen, wenn ich wieder am Rechner bin.

LG

cosinus · 16.08.2012, 09:15

Ok, dann schönen Urlaub und bis in zweieinhalb Wochen

fabishko · 20.09.2012, 21:52

Tut mir leid, ich war auch noch kurze Zeit später woanders im Urlaub und hatte mit der Uni zu tun..aber nun hier die logs.

Malwarebytes-Log

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
baginski :: BABUMMSKI [Administrator]

05.09.2012 10:24:06
mbam-log-2012-09-05 (10-24-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 543213
Laufzeit: 1 Stunde(n), 21 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Programme\EA GAMES\Battlefield 2\mods\stats\Stats.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET-Log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5dc8f63a64837548be10dfa395afda53
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 08:33:56
# local_time=2012-09-05 10:33:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 88481 98494939 0 0
# compatibility_mode=8192 67108863 100 0 190 190 0 0
# scanned=414142
# found=2
# cleaned=0
# scan_time=12146
D:\Dokumente und Einstellungen\Phobi\Eigene Dateien\second try\Nero-7.10.1.0_eng_trial_wch.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
D:\Dokumente und Einstellungen\Phobi\Lokale Einstellungen\Temp\NERO13346\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
esets_scanner_update returned -1 esets_gle=53251

Grüße, und vielen Dank!

cosinus · 21.09.2012, 14:32

Code:

ATTFilter

D:\Programme\EA GAMES\Battlefield 2\mods\stats\Stats.exe (Trojan.Agent.H)

Aus welcher Quelle stammt diese Datei?

fabishko · 23.09.2012, 14:49

Zitat:

Zitat von cosinus

Code:

ATTFilter

D:\Programme\EA GAMES\Battlefield 2\mods\stats\Stats.exe (Trojan.Agent.H)

Aus welcher Quelle stammt diese Datei?

Wie finde ich das heraus? Ich bin nochmal zum Dateipfad gegangen, aber ich finde da keine Stats.exe, sondern nur einen weiteren ordner namens "stats", wo ne "stats.py" datei drin ist.

Gruß

cosinus · 23.09.2012, 18:18

Hast du irgendwelche Mods für Battlefield installiert?
Aus welcher Quelle stammt dein Battlefield denn?

fabishko · 24.09.2012, 10:27

Also, das Battlefield befindet sich noch auf meiner alten Festplatte vom alten PC, und ist nicht auf meiner jetzigen Hauptplatte installiert. Ich habe es als complete collection gekauft und als Mod AIX 2.0 installiert.

cosinus · 24.09.2012, 18:02

Und aus welcher Quelle stammt dieses Mod?
Gerade aus dubiosen/unseriösen Quellen stammt infizierte Software!

fabishko · 25.09.2012, 20:44

Zitat:

Zitat von cosinus

Und aus welcher Quelle stammt dieses Mod?
Gerade aus dubiosen/unseriösen Quellen stammt infizierte Software!

Ich weiß nicht mehr, woher ich die Mod hatte. Wahrscheinlich Chip oder von der offiziellen Seite, wo es aber auch viele Mirrors gibt. Ich achte eigentlich immer darauf, dass ich nur was von seriösen Seiten lade, aber man weiß ja nie...

cosinus · 26.09.2012, 12:37

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

fabishko · 26.09.2012, 13:30

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 09/26/2012 um 14:27:22 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : baginski - BABUMMSKI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\baginski\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\baginski\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : Standard-Benutzer [Profil par défaut]
Datei : C:\Users\baginski\AppData\Roaming\Mozilla\Firefox\Profiles\hf9gbaw3.Standard-Benutzer\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gefunden : user_pref("browser.search.selectedEngine", "Facemoods Search");
Gefunden : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.lastActv", "18");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\baginski\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\baginski\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1508 octets] - [26/09/2012 14:27:22]

########## EOF - C:\AdwCleaner[R1].txt - [1568 octets] ##########

cosinus · 26.09.2012, 16:04

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

fabishko · 27.09.2012, 09:40

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 09/27/2012 um 10:36:27 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : baginski - BABUMMSKI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\baginski\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\baginski\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : Standard-Benutzer [Profil par défaut]
Datei : C:\Users\baginski\AppData\Roaming\Mozilla\Firefox\Profiles\hf9gbaw3.Standard-Benutzer\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Facemoods Search");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "18");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\baginski\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\baginski\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1637 octets] - [26/09/2012 14:27:22]
AdwCleaner[S1].txt - [1932 octets] - [27/09/2012 10:36:27]

########## EOF - C:\AdwCleaner[S1].txt - [1992 octets] ##########

16.08.2012, 09:15	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam Ok, dann schönen Urlaub und bis in zweieinhalb Wochen __________________ Logfiles bitte immer in CODE-Tags posten

21.09.2012, 14:32	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam Code: ATTFilter D:\Programme\EA GAMES\Battlefield 2\mods\stats\Stats.exe (Trojan.Agent.H) Aus welcher Quelle stammt diese Datei? __________________ --> Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam

23.09.2012, 18:18	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam Hast du irgendwelche Mods für Battlefield installiert? Aus welcher Quelle stammt dein Battlefield denn? __________________ Logfiles bitte immer in CODE-Tags posten

24.09.2012, 18:02	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam Und aus welcher Quelle stammt dieses Mod? Gerade aus dubiosen/unseriösen Quellen stammt infizierte Software! __________________ Logfiles bitte immer in CODE-Tags posten

Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam

Plagegeister aller Art und deren Bekämpfung: Seltsames Vtracy Skript Fehler Popup, Virusmeldungen im Zusammenhang mit Steam