IE Explorer öffnet von selbst Werbung !

_oeLuu_ · 06.11.2009, 22:17

Hallo Leute,
Also ich hab das Problem wie viele, denke ich, viele auch schon. Mein Internet Explorer macht sich selbstständig und das nervt mit der Zeit. Ich poste euch hier meinen LogFile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:25, on 06.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gigabyte\EasySaver\ESSVR.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\nHancer\nHancerService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\EXPERTool\TBPanel.exe
C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ROCCAT\Kone Mouse\osd.exe
C:\Programme\Electronic Arts\EADM\Core.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
F:\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\mst.exe
C:\Programme\vghd\VirtuaGirl_downloader.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\XviDplg.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Kone] "C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] F:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [PopRock] C:\DOKUME~1\Oliver\LOKALE~1\Temp\b.exe
O4 - HKCU\..\Run: [NordBull] C:\DOKUME~1\Oliver\LOKALE~1\Temp\u.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Programme\vghd\vghd.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programme\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Programme\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9931 bytes

Ich bin einer der sehr viele Dinge aus dem Internet zieht und hätte gerne auch ein paar Tipps wie ich erkenne welche Downloads Viren sein könnten.

Ich hoffe ihr könnt mir helfen und sagen was zu tun ist.

Larusso · 07.11.2009, 00:03

Was spricht gegen ein Formatieren ?

_oeLuu_ · 07.11.2009, 02:13

Ja natürlich, aber gäbe es nicht einen anderen Weg ich will nicht alle meine Games und Programme wieder installieren

Larusso · 07.11.2009, 11:11

Sicher gibt es den, für das sind wir auch da. Nur wenn es bei Dir wirklich nur um Spiele geht, würde ich formatieren.

Ich schreibe das ja selber ungern, aber du hast mind. 2 Backdoor (<< LESEN) am System.

Teile mir Deine Entscheidung bitte mit

_oeLuu_ · 07.11.2009, 14:30

Es geht mir nicht nur um Spiele

Ich weiss es wäre besser zu formatieren, aber ich will das nur machen wenn es keinen anderen Ausweg mehr gibt, also wenn, wenn ich es nicht tue, der Pc abfackelt oder so.

Also kannst du mir bitte sagen was ich tun muss um das Backdoor-Zeugs loszuwerden.

Danke für deine Antworten

Larusso · 07.11.2009, 14:56

here we go

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:

Code:

ATTFilter

deine Logfile

schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"

Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

schritt 3

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Bitte poste in Deiner nächsten Antwort
Beide Logfiles von OTL
Logfile von Gmer
Achtung: Diese Logfiles können sehr lange sein. Bitte in mehrere Posts aufteilen

_oeLuu_ · 07.11.2009, 15:20

Also hier die 2 LogFiles von OTL

OTL.txt teil 1

Code:

ATTFilter

OTL logfile created on: 07.11.2009 15:10:34 - Run 1
OTL by OldTimer - Version 3.1.4.0     Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97.65 Gb Total Space | 18.25 Gb Free Space | 18.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147.39 Gb Total Space | 143.92 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 220.71 Gb Total Space | 178.74 Gb Free Space | 80.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PRIVAT-37334436
Current User Name: Oliver
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\msu.exe ()
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Programme\vghd\VirtuaGirl_Downloader.exe (Totem Entertainment)
PRC - C:\Programme\vghd\vghd.exe (Totem Entertainment)
PRC - C:\Programme\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Programme\ROCCAT\Kone Mouse\OSD.exe (ROCCAT)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (IDriverT) --  File not found
SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nHancer) -- C:\Programme\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ES lite Service) -- C:\Programme\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (Bonjour Service) -- C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (TryAndDecideService) -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (KoneFltr) -- C:\WINDOWS\system32\drivers\Kone.sys (ROCCAT Ltd)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (PLCNDIS5) -- C:\WINDOWS\system32\plcndis5.sys (Intellon, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.25 00:16:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.09.25 19:09:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.28 19:58:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.28 19:58:12 | 00,000,000 | ---D | M]
 
[2009.10.04 22:25:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions
[2009.09.21 16:53:39 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.04 22:25:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2009.11.06 11:18:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Firefox\Profiles\pu3m1sxs.default\extensions
[2009.09.25 18:42:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Firefox\Profiles\pu3m1sxs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.06 11:18:16 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.14 17:59:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.10.28 19:58:12 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.25 19:09:10 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.10.28 19:58:07 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.10.28 19:58:07 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\libdivx.dll
[2009.09.25 19:08:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2009.10.28 19:58:11 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.05.01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

teil 2 nächster post

_oeLuu_ · 07.11.2009, 15:22

teil 2 OTL.txt

Code:

ATTFilter

O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (CDNSCacheObj Object) - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\XviDplg.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kone] C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] F:\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [msnmsgr] C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NordBull] C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Temp\u.exe ()
O4 - HKCU..\Run: [PopRock] C:\DOKUME~1\Oliver\LOKALE~1\Temp\b.exe File not found
O4 - HKCU..\Run: [RGSC] F:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK = C:\Programme\vghd\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.60.61.246 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 15:29:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========

teil 3 nächster Post

_oeLuu_ · 07.11.2009, 15:23

teil 3 OTL.txt

Code:

ATTFilter

[2009.11.06 22:00:51 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.10.31 14:39:34 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Runes of Magic
[2009.10.30 16:10:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\FOG Downloader
[2009.10.26 12:05:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Ubisoft
[2009.10.25 22:06:47 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\DAEMON Tools Images
[2009.10.25 21:57:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2009.10.25 21:54:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DAEMON Tools Pro
[2009.10.25 01:42:14 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
[2009.10.24 23:33:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\DHT
[2009.10.22 12:52:46 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\IDM
[2009.10.20 21:06:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2009.10.20 18:20:35 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\nHancer
[2009.10.20 18:20:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA
[2009.10.18 18:46:35 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Battlefield 2142
[2009.10.18 01:46:15 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\PunkBuster
[2009.10.17 16:55:14 | 00,000,000 | ---D | C] -- C:\Program Files
[2009.10.17 16:17:51 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Battlefield 2
[2009.10.17 16:11:49 | 00,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2009.10.16 23:08:47 | 00,000,000 | ---D | C] -- C:\Programme\vghd
[2009.10.16 23:08:46 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\vghd
[2009.10.16 20:56:16 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Battlefield 2 Demo
[2009.10.16 20:44:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Temp
[2009.10.16 19:44:13 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield
[2009.10.14 23:40:33 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Google
[2009.10.14 23:38:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
[2009.10.14 18:05:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2009.10.14 18:03:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Google
[2009.10.14 18:03:00 | 00,000,000 | ---D | C] -- C:\Programme\Google
[2009.10.14 18:03:00 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared
[2009.10.14 18:03:00 | 00,000,000 | ---D | C] -- C:\Programme\DivX
[2009.10.11 20:59:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Adobe
[2009.10.11 20:51:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
[2009.10.11 20:17:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared
[2009.10.11 20:09:17 | 00,000,000 | ---D | C] -- C:\Programme\PowerISO
[2009.10.09 20:21:06 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Desktop\youtube poop
[2009.10.09 20:06:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2009.10.09 20:06:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009.10.09 20:06:16 | 00,000,000 | ---D | C] -- C:\Programme\Windows Media Components
[2009.10.09 20:01:10 | 00,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[2009.10.09 19:58:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\DVDVideoSoft
[2009.10.09 19:58:01 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2009.10.09 19:58:01 | 00,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2009.10.09 19:49:17 | 00,000,000 | ---D | C] -- C:\Programme\AVI Codec Pack
[2009.10.09 19:49:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\quicktime
[2009.10.09 12:17:27 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Application Data
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.11.07 15:00:03 | 00,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009.11.07 15:00:01 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009.11.07 14:49:00 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.11.07 14:24:08 | 00,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2009.11.07 14:23:41 | 00,258,887 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009.11.07 14:23:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.07 14:23:32 | 00,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.11.07 14:18:49 | 00,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.11.07 14:18:39 | 00,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009.11.07 14:18:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.07 14:18:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.07 03:30:28 | 04,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Oliver\NTUSER.DAT
[2009.11.07 03:30:28 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Oliver\ntuser.ini
[2009.11.06 22:00:51 | 00,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\HijackThis.lnk
[2009.11.06 21:04:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.11.05 21:39:52 | 00,138,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.11.05 21:39:38 | 00,214,504 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.11.05 21:39:38 | 00,214,504 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.11.04 13:35:34 | 00,000,614 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Runes of Magic.lnk
[2009.11.03 22:20:32 | 00,001,636 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\nHancer.lnk
[2009.11.02 00:47:12 | 00,462,984 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.11.02 00:47:12 | 00,444,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.02 00:47:12 | 00,085,864 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.11.02 00:47:12 | 00,072,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.02 00:22:13 | 01,077,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.29 18:06:14 | 00,296,518 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Special_Forces_(BF2).jpg
[2009.10.29 18:06:04 | 00,306,709 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Modern_Combat.jpg
[2009.10.28 13:08:05 | 00,155,379 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\bbb_wallpaper.jpg
[2009.10.27 20:24:36 | 00,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.10.27 16:42:27 | 00,001,815 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 SF jetzt online spielen!.lnk
[2009.10.27 16:42:27 | 00,001,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2009.10.27 16:31:23 | 00,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 jetzt online spielen!.lnk
[2009.10.27 16:31:23 | 00,001,687 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2.lnk
[2009.10.26 18:54:50 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.26 18:53:09 | 00,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.26 12:05:05 | 00,000,813 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msu.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\mst.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\mss.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msr.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msq.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msp.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\mso.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msn.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msm.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msl.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msk.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msj.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msi.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msh.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msg.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msf.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\mse.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msd.exe
[2009.10.25 22:29:13 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msc.exe
[2009.10.25 22:29:11 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009.10.25 22:26:18 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009.10.25 22:00:18 | 00,000,547 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Pro.lnk
[2009.10.25 21:54:17 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.25 13:38:36 | 03,932,214 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter Bear Kill.bmp
[2009.10.25 13:36:40 | 00,001,515 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Paint.lnk
[2009.10.25 01:26:39 | 00,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter - The 2005 Season.lnk
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009.10.20 18:49:50 | 00,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2009.10.19 11:46:44 | 00,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2009.10.18 19:08:40 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.10.16 23:08:50 | 00,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK
[2009.10.16 23:08:47 | 00,152,904 | ---- | M] () -- C:\WINDOWS\System32\vghd.scr
[2009.10.16 01:22:47 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.10.16 01:22:12 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009.10.14 17:59:22 | 00,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2009.10.13 12:59:35 | 00,001,478 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vanguard.lnk
[2009.10.12 22:17:14 | 00,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Zombie Panic! Source.lnk
[2009.10.12 22:15:41 | 00,000,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\FALLOUT 3.lnk
[2009.10.12 19:57:33 | 00,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Half-Life 2 Deathmatch.lnk
[2009.10.12 17:45:59 | 11,008,9755 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Crysis - Amazonian River (GTX-260).wmv
[2009.10.12 02:05:12 | 01,535,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.11 23:34:17 | 04,800,893 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Safri Duo - Played a.mp3
[2009.10.11 20:59:35 | 00,064,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.10.11 20:23:37 | 00,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Adobe After Effects CS3.lnk
[2009.10.11 20:09:18 | 00,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PowerISO.lnk
[2009.10.08 22:55:47 | 00,022,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PnkBstrK.sys
[2009.10.08 22:55:31 | 00,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009.10.08 22:55:09 | 00,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Crysis.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.07 14:23:59 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msu.exe
[2009.11.06 22:00:51 | 00,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\HijackThis.lnk
[2009.11.06 11:03:51 | 00,153,088 | ---- | C] () -- C:\WINDOWS\mst.exe
[2009.11.05 17:04:54 | 00,153,088 | ---- | C] () -- C:\WINDOWS\mss.exe
[2009.11.04 13:08:24 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msr.exe
[2009.11.03 12:34:59 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msq.exe
[2009.11.02 12:31:15 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msp.exe
[2009.11.02 00:46:00 | 00,153,088 | ---- | C] () -- C:\WINDOWS\mso.exe
[2009.11.02 00:21:02 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msn.exe
[2009.11.01 15:27:35 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msm.exe
[2009.10.31 13:01:37 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msl.exe
[2009.10.31 05:28:42 | 00,000,614 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Runes of Magic.lnk
[2009.10.30 23:29:45 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msk.exe
[2009.10.30 23:22:51 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msj.exe
[2009.10.30 15:48:39 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msi.exe
[2009.10.29 18:06:14 | 00,296,518 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Special_Forces_(BF2).jpg
[2009.10.29 18:06:03 | 00,306,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Modern_Combat.jpg
[2009.10.29 11:29:25 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msh.exe
[2009.10.28 16:45:50 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msg.exe
[2009.10.28 13:08:04 | 00,155,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\bbb_wallpaper.jpg
[2009.10.27 23:18:16 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msf.exe
[2009.10.27 20:07:39 | 00,153,088 | ---- | C] () -- C:\WINDOWS\mse.exe
[2009.10.27 16:42:27 | 00,001,815 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 SF jetzt online spielen!.lnk
[2009.10.27 16:42:27 | 00,001,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2009.10.27 16:31:23 | 00,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 jetzt online spielen!.lnk
[2009.10.27 16:31:23 | 00,001,687 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2.lnk
[2009.10.27 16:16:32 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msd.exe
[2009.10.26 15:06:18 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msc.exe
[2009.10.26 12:05:05 | 00,000,813 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2009.10.26 11:45:30 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msb.exe
[2009.10.25 22:26:21 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009.10.25 22:26:18 | 00,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009.10.25 22:26:13 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009.10.25 22:00:18 | 00,000,547 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Pro.lnk
[2009.10.25 21:54:17 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.25 13:37:14 | 03,932,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter Bear Kill.bmp
[2009.10.25 01:26:39 | 00,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter - The 2005 Season.lnk
[2009.10.19 11:46:44 | 00,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2009.10.18 19:10:39 | 00,214,504 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.10.16 23:08:50 | 00,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK
[2009.10.16 23:08:50 | 00,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009.10.16 23:08:47 | 00,152,904 | ---- | C] () -- C:\WINDOWS\System32\vghd.scr
[2009.10.16 01:22:12 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.10.14 23:39:44 | 00,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.10.14 23:39:43 | 00,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.10.14 23:38:04 | 00,001,014 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.10.12 22:17:14 | 00,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Zombie Panic! Source.lnk
[2009.10.12 19:57:33 | 00,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Half-Life 2 Deathmatch.lnk
[2009.10.12 17:41:30 | 11,008,9755 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Crysis - Amazonian River (GTX-260).wmv
[2009.10.12 17:31:24 | 04,800,893 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Safri Duo - Played a.mp3
[2009.10.11 21:00:12 | 00,000,888 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Adobe After Effects CS3.lnk
[2009.10.11 20:09:18 | 00,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PowerISO.lnk
[2009.10.08 22:55:09 | 00,000,951 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Crysis.lnk
[2009.09.30 09:10:59 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.09.30 09:10:59 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.23 13:51:35 | 00,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.09.23 12:14:37 | 00,138,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.09.23 12:14:37 | 00,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PnkBstrK.sys
[2009.09.22 18:33:19 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2009.09.21 21:16:52 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.21 21:16:51 | 00,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.21 13:32:56 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009.09.19 08:42:59 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.18 16:21:05 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2009.09.18 16:12:43 | 00,064,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.09.18 15:50:26 | 05,887,676 | -H-- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.09.18 15:33:16 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\desktop.ini
[2009.08.07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.07.03 04:11:18 | 00,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2009.03.10 13:46:16 | 00,126,976 | ---- | C] () -- C:\WINDOWS\XviDplg.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 13:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008.04.14 13:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004.12.19 14:29:40 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.19 14:17:10 | 00,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.06 19:42:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.10.05 00:04:24 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002.10.05 00:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.10.05 00:04:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.05.16 00:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >

1. Teil Extras.txt nächster Post

_oeLuu_ · 07.11.2009, 15:25

Hier 1. Teil des Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 07.11.2009 15:10:34 - Run 1
OTL by OldTimer - Version 3.1.4.0     Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97.65 Gb Total Space | 18.25 Gb Free Space | 18.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147.39 Gb Total Space | 143.92 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 220.71 Gb Total Space | 178.74 Gb Free Space | 80.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PRIVAT-37334436
Current User Name: Oliver
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:Rainbow Six Port
"3074:TCP" = 3074:TCP:*:Enabled:Rainbow Six Port 2
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\devolo\informer\devinf.exe" = C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer -- File not found
"C:\Programme\devolo\easyshare\easyshare.exe" = C:\Programme\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare -- File not found
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- File not found
"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Programme\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis -- (Crytek GmbH)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\Steam\SteamApps\oli_94\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\oli_94\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Dokumente und Einstellungen\Oliver\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Dokumente und Einstellungen\Oliver\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- File not found
"C:\Dokumente und Einstellungen\Oliver\Desktop\Crack\IDMan.exe" = C:\Dokumente und Einstellungen\Oliver\Desktop\Crack\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- File not found
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe" = C:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Programme\Steam\SteamApps\oli_94\half-life 2 deathmatch\hl2.exe" = C:\Programme\Steam\SteamApps\oli_94\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\oli_94\zombie panic! source\hl2.exe" = C:\Programme\Steam\SteamApps\oli_94\zombie panic! source\hl2.exe:*:Enabled:hl2 -- ()
"F:\Programme\THQ\Frontlines-Fuel of War Demo\Binaries\FFOW-MPDemo.exe" = F:\Programme\THQ\Frontlines-Fuel of War Demo\Binaries\FFOW-MPDemo.exe:*:Enabled:Frontlines Game -- File not found
"F:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = F:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"F:\Deer Hunter Tournament\DHT.exe" = F:\Deer Hunter Tournament\DHT.exe:*:Enabled:Deer Hunter Tournament -- (Southlogic Studios)
"F:\Deer Hunter Tournament\Updater.exe" = F:\Deer Hunter Tournament\Updater.exe:*:Enabled:Deer Hunter Tournament Current Updater -- (Southlogic Studios)
"F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe" = F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater -- (Ubisoft)
"F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" = F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas -- ()
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- (Frogster Online Gaming GmbH)
"C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871(2).exe" = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871(2).exe:*:Enabled:YuLeech -- (Frogster Online Gaming GmbH)

_oeLuu_ · 07.11.2009, 15:26

teil 2 Extras.txt

Code:

ATTFilter

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0316.1 
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A5DDFA1-9CD9-4351-84C5-CED839BE1031}" = Nero 7 Essentials
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D82276C5-AC9E-4F88-976E-E51140DC14D3}" = ICMC SP Mappack
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDA43C6E-C72A-40F4-9923-1208F6FF5604}" = nHancer
"A307D87020E39093FB889B1E539D33F93A41470A" = Windows Driver Package - ROCCAT (HidUsb) HIDClass  (05/03/2008 1.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"AVI Codec Pack" = AVI Codec Pack
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Deer Hunter Tournament_is1" = Deer Hunter Tournament
"Deer Hunter: The 2005 Season" = Deer Hunter: The 2005 Season
"Defraggler" = Defraggler (remove only)
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"EADM" = EA Download Manager
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EXPERTool_is1" = EXPERTool 7.5
"FlashGet" = FlashGet 1.9.6.1073
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"LimeWire" = LimeWire 5.3.6
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Personal Backup_is1" = Personal Backup 4.3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Steam App 17500" = Zombie Panic! Source
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 500" = Left 4 Dead
"Uninstall_is1" = Uninstall 1.0.0.1
"vghd" = VirtuaGirl HD
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.82.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.10.2009 19:05:34 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung deer hunter tournament.exe, Version 1.0.0.1,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010717.
 
Error - 25.10.2009 16:50:36 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung updater.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul updater.exe, Version 1.0.0.1, Fehleradresse 0x000078f1.
 
Error - 25.10.2009 16:50:45 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung updater.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul updater.exe, Version 1.0.0.1, Fehleradresse 0x000078f1.
 
Error - 25.10.2009 16:51:24 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung updater.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul updater.exe, Version 1.0.0.1, Fehleradresse 0x000078f1.
 
Error - 26.10.2009 10:36:09 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung r6vegas_game.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul r6vegas_game.exe, Version 0.0.0.0, Fehleradresse 0x00fae448.
 
Error - 26.10.2009 13:45:57 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fraps.exe, Version 2.9.8.7777, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02c831d9.
 
Error - 27.10.2009 18:58:24 | Computer Name = PRIVAT-37334436 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung BF2.exe, Version 0.0.0.0, Stillstandmodul 
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.10.2009 18:59:05 | Computer Name = PRIVAT-37334436 | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 86725365.
 
Error - 30.10.2009 21:57:41 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.18828, Fehleradresse 0x00100620.
 
Error - 01.11.2009 19:47:12 | Computer Name = PRIVAT-37334436 | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
 falsch formatiert. Die ungültige Zeichenfolge ist 5596 und der ungültige  Indexwert
 ist das erste DWORD im Datenbereich, während die letzten gültigen  Indexwerte die
 zweiten und dritten DWORD im Datenbereich sind.
 
[ System Events ]
Error - 11.10.2009 21:06:41 | Computer Name = PRIVAT-37334436 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter bd0cadd9,
 3. Parameter b0746a34, 4. Parameter 00000000.
 
Error - 28.10.2009 17:29:28 | Computer Name = PRIVAT-37334436 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JASE-PC",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AD696ADC-66F9-400D-8-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 02.11.2009 14:39:20 | Computer Name = PRIVAT-37334436 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JASE-PC",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AD696ADC-66F9-400D-8-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
 
< End of report >

so das waren beide, mache jetzt weiter mit schritt 3

_oeLuu_ · 07.11.2009, 15:30

was soll ich denn mit schritt 3 anfangen ? ich habe keinen RootKit-scanner ...
Ich stoppe hier und warte auf antwort was ich tun muss...

edit: aha GMER ist so ein rootkit scanner... mache weiter mit schritt 4

_oeLuu_ · 07.11.2009, 17:37

Sooo hier das Log von GMER teil 1

Code:

ATTFilter

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 17:24:29
Windows 5.1.2600 Service Pack 3
Running: r894m8nl.exe; Driver: C:\DOKUME~1\Oliver\LOKALE~1\Temp\agpoqkoc.sys


---- System - GMER 1.0.15 ----

SSDT            B875A25E                                                                                                                           ZwCreateKey
SSDT            B875A254                                                                                                                           ZwCreateThread
SSDT            B875A263                                                                                                                           ZwDeleteKey
SSDT            B875A26D                                                                                                                           ZwDeleteValueKey
SSDT            spng.sys                                                                                                                           ZwEnumerateKey [0xB7EC5DA4]
SSDT            spng.sys                                                                                                                           ZwEnumerateValueKey [0xB7EC6132]
SSDT            B875A272                                                                                                                           ZwLoadKey
SSDT            spng.sys                                                                                                                           ZwOpenKey [0xB7EA70C0]
SSDT            B875A240                                                                                                                           ZwOpenProcess
SSDT            B875A245                                                                                                                           ZwOpenThread
SSDT            spng.sys                                                                                                                           ZwQueryKey [0xB7EC620A]
SSDT            spng.sys                                                                                                                           ZwQueryValueKey [0xB7EC608A]
SSDT            B875A27C                                                                                                                           ZwReplaceKey
SSDT            B875A277                                                                                                                           ZwRestoreKey
SSDT            B875A268                                                                                                                           ZwSetValueKey
SSDT            B875A24F                                                                                                                           ZwTerminateProcess

INT 0x62        ?                                                                                                                                  8A6A0BF8
INT 0x63        ?                                                                                                                                  8A6A0BF8
INT 0x63        ?                                                                                                                                  8A6A0BF8
INT 0x63        ?                                                                                                                                  8A45DF00
INT 0x63        ?                                                                                                                                  8A6A0BF8
INT 0x82        ?                                                                                                                                  8A6A0BF8
INT 0x83        ?                                                                                                                                  8A6A0BF8
INT 0x83        ?                                                                                                                                  8A6A0BF8
INT 0x83        ?                                                                                                                                  8A45DF00
INT 0x83        ?                                                                                                                                  8A6A0BF8
INT 0x84        ?                                                                                                                                  8A45DF00
INT 0xA4        ?                                                                                                                                  8A45DF00
INT 0xA4        ?                                                                                                                                  8A45DF00
INT 0xA4        ?                                                                                                                                  8A45DF00
INT 0xA4        ?                                                                                                                                  8A45DF00
INT 0xB4        ?                                                                                                                                  8A45DF00

---- Kernel code sections - GMER 1.0.15 ----

?               spng.sys                                                                                                                           Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                              B6E688AC 5 Bytes  JMP 8A45D4E0 
.text           ahlc6qgn.SYS                                                                                                                       B6D9B386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           ahlc6qgn.SYS                                                                                                                       B6D9B3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           ahlc6qgn.SYS                                                                                                                       B6D9B3C4 3 Bytes  [00, 80, 02]
.text           ahlc6qgn.SYS                                                                                                                       B6D9B3C9 1 Byte  [30]
.text           ahlc6qgn.SYS                                                                                                                       B6D9B3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                                

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                 [B7EA8042] spng.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                         [B7EA813E] spng.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                [B7EA80C0] spng.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                        [B7EA8800] spng.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                [B7EA86D6] spng.sys
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!KfAcquireSpinLock]                                                               18C4830E
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!READ_PORT_UCHAR]                                                                 1C959E88
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!KeGetCurrentIrql]                                                                9E880000
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!KfRaiseIrql]                                                                     00001CB1
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!KfLowerIrql]                                                                     0E798366
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!HalGetInterruptVector]                                                           74AAB000
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!HalTranslateBusAddress]                                                          8986C636
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!KeStallExecutionProcessor]                                                       1A00001C
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!KfReleaseSpinLock]                                                               1C8B86C6
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                         C6020000
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!READ_PORT_USHORT]                                                                001C9686
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                        86C60200
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                00001CB2
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[WMILIB.SYS!WmiSystemControl]                                                             8800001C
IAT             \SystemRoot\System32\Drivers\ahlc6qgn.SYS[WMILIB.SYS!WmiCompleteRequest]                                                           001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA]                                              [00419808] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW]                                              [00419880] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW]                                              [00419A12] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW]                                                  [00419A1E] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow]                                                   [004198F8] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!SetWindowPos]                                               [004199A6] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DialogBoxParamW]                                            [00419A12] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!CreateWindowExW]                                            [00419880] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!MessageBoxW]                                                [00419A1E] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA]                                            [00419A12] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW]                                            [00419A12] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]                                            [00419808] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]                                            [00419880] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA]                                                [00419A1E] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW]                                                [00419A1E] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA]                                        [00419A0C] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW]                                        [00419A0C] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos]                                               [004199A6] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow]                                                 [004198F8] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW]                                            [00419880] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DialogBoxParamW]                                            [00419A12] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow]                                                 [004198F8] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos]                                               [004199A6] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxW]                                                [00419A1E] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxA]                                                [00419A1E] C:\WINDOWS\msu.exe
IAT             C:\WINDOWS\msu.exe[2188] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxIndirectW]                                        [00419A0C] C:\WINDOWS\msu.exe

_oeLuu_ · 07.11.2009, 17:38

gmer teil 2

Code:

ATTFilter

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                             8A69F1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                   8A2271F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                          8A6FE1F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                            8A6FE1F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                               8A6FE1F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                              8A6FE1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                   8A2271F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                   8A2271F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                   8A2051F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                   8A2271F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                   8A2271F8
Device          \Driver\PCI_PNP4670 \Device\00000049                                                                                               spng.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                   8A2271F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                             8A6A11F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                             tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                                   8A2051F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                             8A6A11F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                             tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device          \Driver\Cdrom \Device\CdRom0                                                                                                       8A46F1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                             8A6A11F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                             tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device          \Driver\Cdrom \Device\CdRom1                                                                                                       8A46F1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-16                                                                                       [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e                                                                                        [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\sptd \Device\3232818420                                                                                                    spng.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                            89A581F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                   89A581F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{AD696ADC-66F9-400D-85E4-62B64DA9E0B2}                                                           89A581F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                   8A2271F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                   8A2271F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                  89A561F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                   8A2271F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                        89A561F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                   8A2051F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                   8A2271F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                   8A6A11F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                   8A2271F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                   8A2271F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                   8A2051F8
Device          \Driver\ahlc6qgn \Device\Scsi\ahlc6qgn1                                                                                            8A408500
Device          \Driver\ahlc6qgn \Device\Scsi\ahlc6qgn1Port6Path0Target0Lun0                                                                       8A408500
Device          \FileSystem\Cdfs \Cdfs                                                                                                             89A151F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                 771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                 285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                0x38 0x0F 0x98 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                F:\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                             0x5B 0xBE 0x27 0x20 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                       0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                    0xC9 0x1C 0xB5 0xA0 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                               0xB5 0x1B 0xA2 0x90 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0x38 0x0F 0x98 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    F:\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                 0x5B 0xBE 0x27 0x20 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0xC9 0x1C 0xB5 0xA0 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                   0xB5 0x1B 0xA2 0x90 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{4a10a10a-a37e-465b-b658-cb8706531de7}@Model                                                           292
Reg             HKLM\SOFTWARE\Classes\CLSID\{4a10a10a-a37e-465b-b658-cb8706531de7}@Therad                                                          30
Reg             HKLM\SOFTWARE\Classes\CLSID\{4a10a10a-a37e-465b-b658-cb8706531de7}@MData                                                           0x2B 0x8F 0x78 0x29 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk                                                          0x58 0x8A 0x83 0xB9 ...

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JB1BQF5S\ErrorPageTemplate[1]      0 bytes
File            C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JUIG1TZY\dnserrordiagoff_webOC[1]  6914 bytes
File            C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M6312GTD\info_48[1]                0 bytes
File            C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P5LYKOXG\httpErrorPagesScripts[1]  0 bytes
File            C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XP7WWET9\navcancl[1]               0 bytes

---- EOF - GMER 1.0.15 ----

Larusso · 07.11.2009, 17:41

schritt 1

Wende bitte Malwarebytes nach Anleitung an.(quickscan reicht)

schritt 2

Schliesse bitte alle laufenden Programme inkl Browser.
Lösche bitte die Extra.txt von Deinem Desktop.
Doppelklick auf die OTL.exe und poste beide Logfiles.

07.11.2009, 00:03	#2
Larusso /// Selecta Jahrusso	IE Explorer öffnet von selbst Werbung ! Was spricht gegen ein Formatieren ? __________________ __________________

IE Explorer öffnet von selbst Werbung !

Plagegeister aller Art und deren Bekämpfung: IE Explorer öffnet von selbst Werbung !