|
Plagegeister aller Art und deren Bekämpfung: Viren problemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.01.2010, 19:09 | #1 |
| Viren problem moin, ich habe ein riesen problem ich habe vor kurzem die fehler meldung bekommen das ich einen virus habe und habe den einfach in Karantäne verschoben/gelöscht und ich dachte es wäre gut. doch dann kam das riesen problem ich habe das nächste mal meinen rechner hochgefahren und mein antivieren programm fährt nciht mehr hoch ich habe versucht mit Add-Aware und Spybot da gewallt ran zu bekommen nachdem ich das neuinstallieren versucht habe. Add-aware ging durch hat 6 gefunden die er jetzt nciht mehr findet und spybot lässt sich nciht starten drauf klicken sanduhr kommt und NIX passiert weiter. ich hab versucht durch HJT das problem zu finden , lässt sich nciht installieren denn hab ich versucht Kaspersky zu installieren erstmal die internet seite wird mir gesperrt bzs. angezeigt das diese seite nciht existiert. habe das hintenrum mir besorgt versucht zu installieren geht nicht "windows fehler" musste abgebrochen werden habe versucht einen ordner mit nur text dateien zu sichern hab den an meinen anderen rechner angeschlossen gleich viren warnung "sofort entfernt" nix passiert. was braucht ihr noch als infos? HILFE!!! habe Avira AntiVir MFG MasterSMG |
08.01.2010, 19:47 | #2 |
/// AVZ-Toolkit Guru | Viren problem Halli hallo.
__________________Wir brauchen:
Was brauchst du:
Poste bittte zwei AVZ logs. Lies dir die Anleitung in aller Ruhe gründlich durch und arbeite sie Schritt für Schritt ab. Ach ja, installiere keine anderen Anti irgendwas Programme mehr! Wir sagen dir was installiert wird und was nicht.
__________________ |
08.01.2010, 19:48 | #3 |
| Viren problem Ich kann im grunde garnix mehr. Bei "Systemwiederherstellung" kann ich keinen anderen monat wählen. Meine Antivirenprogramme haben komplett den geist aufgegeben, sprich nicht aktiv und lassen sich nicht installieren.
__________________ich kann kein MAM oder HJT starten bzw. installieren. Ich kann auch nicht auf die seite von AVZ und somit das machen. Außerdem wird mir auch w*w.kaspersky.de nicht angezeigt. fehlermeldung( seite existiert nicht) ICH weiß nicht was los ist. Helft mir! Geändert von MasterSMG (08.01.2010 um 19:54 Uhr) |
08.01.2010, 20:12 | #4 |
| Viren problem habe mir mal versucht durch andere threads zu helfen, da habe ich was gefunden was geht^^ weitere schritte wie ComboFix alleine durzuführen sind ja nciht ratsam also warte ich mal drauf das mir ein fachkundiger bitte hilft OTL logfile created on: 08.01.2010 20:09:30 - Run 1 OTL by OldTimer - Version 3.1.21.2 Folder = C:\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,09 Gb Total Space | 154,45 Gb Free Space | 51,81% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASUS Current User Name: Winkler Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Downloads\mbam-setup.exe (Malwarebytes Corporation ) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\WINDOWS\system32\PnkBstrA.exe () PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe (TuneUp Software GmbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\RivaTuner v2.06\RivaTuner.exe () PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) PRC - C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\X10\Common\X10NETS.EXE (X10) ========== Modules (SafeList) ========== MOD - C:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe () SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10NETS.EXE (X10) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.06\RivaTuner32.sys () DRV - (s117obex) -- C:\WINDOWS\system32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- C:\WINDOWS\system32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\WINDOWS\system32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\WINDOWS\system32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117mdfl) -- C:\WINDOWS\system32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\WINDOWS\system32\drivers\s117bus.sys (MCCI Corporation) DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (TarFltr) -- C:\WINDOWS\system32\drivers\UsbFltr.sys (Waytech Development, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (SE26bus) Sony Ericsson Device 038 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE26bus.sys (MCCI) DRV - (SE26obex) -- C:\WINDOWS\system32\drivers\SE26obex.sys (MCCI) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (p17filt) -- C:\WINDOWS\system32\drivers\p17filt.sys (Sensaura) DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology) DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.12.21 02:01:08 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.12.18 18:25:25 | 00,000,000 | ---D | M] [2008.12.05 13:57:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Extensions [2009.12.31 03:26:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\extensions [2009.02.01 19:30:13 | 00,000,000 | ---D | M] (FoxGame) -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051} [2010.01.05 15:50:40 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-1.xml [2008.04.03 20:50:02 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-2.xml [2008.04.19 15:22:44 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-3.xml [2008.07.02 21:58:27 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-4.xml [2008.07.17 11:07:02 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-5.xml [2008.09.26 08:15:40 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-6.xml [2008.11.13 15:04:01 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-7.xml [2009.03.11 07:25:49 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin-8.xml [2008.03.31 21:56:08 | 00,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\Mozilla\Firefox\Profiles\dpbrge8c.default\searchplugins\icqplugin.xml [2009.12.31 03:26:25 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.07.31 15:07:16 | 00,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2008.12.05 13:56:57 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.12.05 13:56:57 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.12.05 13:56:57 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008.12.05 13:56:57 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2008.12.05 13:56:57 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (290879 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10016 more lines... O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [RivaTuner] C:\Programme\RivaTuner v2.06\RivaTuner.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [TuneUp MemOptimizer] C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe (TuneUp Software GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212652453843 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.09 21:32:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{58c4e030-d330-11db-947c-0017316ea66d}\Shell - "" = AutoRun O33 - MountPoints2\{58c4e030-d330-11db-947c-0017316ea66d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4ec04e5-fb4f-11dc-9bc8-0017316ea66d}\Shell - "" = AutoRun O33 - MountPoints2\{c4ec04e5-fb4f-11dc-9bc8-0017316ea66d}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.01.08 19:50:25 | 00,000,000 | ---D | C] -- C:\AVZ [2010.01.08 18:51:44 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files [2010.01.08 16:41:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.01.08 16:41:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.01.08 16:41:17 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.01.08 16:41:16 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.01.08 16:41:16 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2009.12.31 15:00:09 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009.12.31 14:59:07 | 00,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2009.12.31 14:58:51 | 00,000,000 | ---D | C] -- C:\Programme\Lavasoft [2009.12.22 13:27:48 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Winkler\Desktop\Geschenk Oma Opa [2009.09.25 20:56:54 | 00,417,792 | ---- | C] (Blizzard Entertainment) -- C:\Programme\BNUpdate.exe [2008.09.26 16:46:01 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2008.07.28 12:35:02 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2008.07.28 12:29:14 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe [2008.07.28 12:28:49 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2008.03.07 05:05:47 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire [2007.01.12 19:02:11 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2006.10.09 22:33:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander [2006.10.09 21:35:02 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2006.10.09 21:35:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2002.04.11 08:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.01.08 20:00:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.01.08 19:37:03 | 00,000,600 | ---- | M] () -- C:\WINDOWS\win.ini [2010.01.08 19:37:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.01.08 19:37:03 | 00,000,222 | RHS- | M] () -- C:\boot.ini [2010.01.08 19:21:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.01.08 19:19:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.01.08 19:19:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.01.08 19:18:12 | 16,252,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\NTUSER.DAT [2010.01.08 19:18:12 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Winkler\ntuser.ini [2010.01.08 16:41:29 | 00,001,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.01.08 16:27:06 | 16,515,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\NTUSER.DAT_BAK_14196 [2010.01.08 15:22:10 | 00,000,871 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll [2010.01.03 15:14:13 | 00,000,202 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat [2009.12.31 15:59:36 | 00,000,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Winkler\Desktop\Spybot - Search & Destroy.lnk [2009.12.31 15:01:47 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009.12.31 15:01:47 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2009.12.31 15:01:47 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2009.12.31 15:01:47 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2009.12.31 15:01:47 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2009.12.31 14:59:06 | 00,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2009.12.31 03:22:11 | 00,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini [2009.12.29 15:58:32 | 00,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk [2009.12.11 19:34:11 | 01,074,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.12.11 19:34:11 | 00,460,608 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2009.12.11 19:34:11 | 00,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009.12.11 19:34:11 | 00,085,350 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2009.12.11 19:34:11 | 00,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009.12.11 19:33:03 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.01.08 16:41:29 | 00,001,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2009.12.31 15:59:36 | 00,000,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Winkler\Desktop\Spybot - Search & Destroy.lnk [2009.12.31 15:51:37 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009.12.31 15:00:52 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009.12.31 15:00:52 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2009.12.31 15:00:52 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2009.12.31 15:00:52 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2009.12.31 15:00:52 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2009.12.31 14:59:06 | 00,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2009.12.31 03:24:30 | 00,000,871 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll [2009.12.31 03:23:28 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat [2009.12.31 03:22:11 | 00,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini [2009.12.04 17:30:19 | 00,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.10.25 18:48:45 | 00,028,177 | ---- | C] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\OFMissionEditorConfig.xml [2009.09.25 20:57:26 | 00,000,229 | ---- | C] () -- C:\Programme\bnupdate.log [2009.09.25 20:56:54 | 00,145,455 | ---- | C] () -- C:\Programme\Patch.txt [2009.08.16 16:47:57 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.08.16 15:12:39 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009.08.16 15:12:31 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\coodest.dll [2009.06.19 20:06:22 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.07.13 17:17:22 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008.04.10 15:32:46 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.04.04 12:15:04 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008.04.04 12:11:34 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini [2008.02.28 21:35:04 | 00,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI [2008.02.27 18:31:24 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.02.11 20:16:16 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.02.11 20:16:16 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.02.11 20:16:16 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2007.12.23 23:53:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.10.01 00:51:37 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.10.01 00:51:37 | 00,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\PnkBstrK.sys [2007.06.23 02:49:07 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.04.28 17:43:17 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2007.04.28 17:43:17 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007.03.18 16:28:15 | 00,001,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Winkler\Anwendungsdaten\wklnhst.dat [2007.03.14 22:51:11 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2007.03.09 21:31:37 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2007.02.17 00:55:36 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.02.17 00:55:36 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.02.16 23:22:42 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.02.16 22:56:22 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.01.19 19:54:44 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006.12.30 15:56:33 | 00,065,536 | ---- | C] () -- C:\Dokumente und Einstellungen\Winkler\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.30 15:56:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.27 16:10:41 | 00,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Winkler\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.10.09 23:01:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.10.09 22:27:33 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.10.09 22:25:44 | 00,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.10.09 22:25:05 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini [2006.10.09 21:35:47 | 00,000,816 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.10.09 21:29:40 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.10.09 17:24:50 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006.10.09 17:17:25 | 01,208,340 | RHS- | C] () -- C:\WINDOWS\System32\pcjnp.dll [2005.08.05 13:26:04 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.05.03 12:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2003.10.02 17:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll < End of report > OTL Extras logfile created on: 08.01.2010 20:09:30 - Run 1 OTL by OldTimer - Version 3.1.21.2 Folder = C:\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,09 Gb Total Space | 154,45 Gb Free Space | 51,81% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASUS Current User Name: Winkler Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "9396:TCP" = 9396:TCP:*:Enabled:umsyhsv ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Games\Quake 3\quake3.exe" = C:\Games\Quake 3\quake3.exe:*:Enabled:quake3 -- File not found "C:\Games\q3\quake\quake3.exe" = C:\Games\q3\quake\quake3.exe:*:Enabled:quake3 -- File not found "C:\Games\Valve\Steam\SteamApps\wargod88\counter-strike source\hl2.exe" = C:\Games\Valve\Steam\SteamApps\wargod88\counter-strike source\hl2.exe:*:Enabled:hl2 -- () "C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found "C:\Programme\Counter-Strike Source\hl2.exe" = C:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- File not found "C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- File not found "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found "C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- File not found "C:\Games\Valve\Steam\Steam.exe" = C:\Games\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "F:\lan source\hl2.exe" = F:\lan source\hl2.exe:*:Enabled:hl2 -- File not found "F:\Russen Css\hl2.exe" = F:\Russen Css\hl2.exe:*:Enabled:hl2 -- File not found "F:\Dungeon Siege2\DungeonSiege2.exe" = F:\Dungeon Siege2\DungeonSiege2.exe:*:Enabled:Spiel-Programmdatei von Dungeon Siege II -- File not found "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "C:\Games\Alarmstufe Rot 3\Data\ra3_1.0.game" = C:\Games\Alarmstufe Rot 3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- File not found "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Games\Valve\Steam\SteamApps\sebastiangundlack\counter-strike source\hl2.exe" = C:\Games\Valve\Steam\SteamApps\sebastiangundlack\counter-strike source\hl2.exe:*:Enabled:hl2 -- () "C:\Games\AirRivalsDe\Launcher.atm" = C:\Games\AirRivalsDe\Launcher.atm:Enabled:GameExe2 -- File not found "C:\Games\AirRivalsDe\Res-Voip\SCVoIP.exe" = C:\Games\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found "C:\Games\SWAT 4\Content\System\Swat4.exe" = C:\Games\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Games\World of Warcraft\Launcher.exe" = C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Games\HOI2\HoI2.exe" = C:\Games\HOI2\HoI2.exe:*:Enabled:Hearts of Iron 2 -- (Paradox Interactive) "G:\Spiele\DeadSpace\Dead Space.exe" = G:\Spiele\DeadSpace\Dead Space.exe:*:Enabledead Space ™ -- File not found "C:\Programme\Java\jre1.6.0_05\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Java\jre1.6.0_05\bin\java.exe" = C:\Programme\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\EA Games\Command and Conquer Generäle\game.dat" = C:\Programme\EA Games\Command and Conquer Generäle\game.dat:*:Enabled:game -- File not found "C:\Games\World of Warcraft\BackgroundDownloader.exe" = C:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Games\40k\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Games\40k\Dawn of War - Dark Crusade\DarkCrusade.exe:*:EnabledarkCrusade -- (THQ Canada Inc.) "C:\Games\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Games\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Games\Hearts of Iron III\hoi3game.exe" = C:\Games\Hearts of Iron III\hoi3game.exe:*:Enabled:hoi3game -- () "C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Games\OF Dragon Rising\OFDR.exe" = C:\Games\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited) "C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner "{08FC7F83-69F9-4A87-9E79-32265E047375}" = Pinnacle PCTV MCE (OEM Europe) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising "{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5A080213-5AEC-4BF2-BB32-796EB0E421EC}" = Logitech G-series Keyboard Software "{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{626713B4-F070-4605-9DF6-31783A5AEAAE}" = ENFUNS Updater "{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B63321ED-94B1-4933-BC31-AED50BFF5961}" = NavyFIELD Europe (DE) "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation "{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III "{D2C7B6D7-A4DA-4447-93C7-65D06A068F27}" = SBK(TM)09 (Demo) "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica "{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light "{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F6DD0D9E-C9C4-4CB9-91D4-39D665042151}" = German Landmarks FSX "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "259538F9B430E2EFD77FF23BCCEA06F735264EEF" = Windows Driver Package - Pinnacle Systems (3xHybrid) MEDIA (08/30/2005 1.3.3.0) "2DBC1839DB68F9FDF98712F65581ED4735D4A40A" = Windows Driver Package - Pinnacle Systems (3xHybrid) MEDIA (08/30/2005 1.3.3.0) "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "9BB1E02AD36D0290FD110ACD847027286BC25C29" = Windows Driver Package - Pinnacle Systems (3xHybrid) MEDIA (08/30/2005 1.3.3.0) "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Creative Software AutoUpdate" = Creative Software AutoUpdate "CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch "Device Control" = Gerätesteuerung "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EAX" = Creative EAX-Konsole "EAXSet" = Creative EAX-Einstellungen "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Studio_is1" = Free Studio version 4.2 "Hamachi" = Hamachi 1.0.3.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4 "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Basic) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero OEM "Nero BurnRights!UninstallKey" = Nero BurnRights "NeroVision!UninstallKey" = Nero Digital "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVEContent!UninstallKey" = NeroVision Express Content "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 1.51 "RivaTuner" = RivaTuner v2.06 "Streamripper" = Streamripper (Remove only) "SysInfo" = Creative-Systeminformationen "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "The Rosetta Stone" = The Rosetta Stone "VLC media player" = VLC media player 1.0.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer "WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2003Setup" = Microsoft Works 2003-Setup-Start "World of Warcraft" = World of Warcraft "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.01.2010 13:52:24 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul msihnd.dll, Version 3.1.4001.5512, Fehleradresse 0x00036935. Error - 08.01.2010 13:53:02 | Computer Name = ASUS | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 08.01.2010 13:53:18 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul msihnd.dll, Version 3.1.4001.5512, Fehleradresse 0x00036935. Error - 08.01.2010 13:54:47 | Computer Name = ASUS | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 08.01.2010 13:55:00 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul msihnd.dll, Version 3.1.4001.5512, Fehleradresse 0x00036935. Error - 08.01.2010 14:17:13 | Computer Name = ASUS | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 08.01.2010 14:17:16 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul msihnd.dll, Version 3.1.4001.5512, Fehleradresse 0x00036935. Error - 08.01.2010 14:18:08 | Computer Name = ASUS | Source = EventSystem | ID = 4618 Description = Das COM+-Ereignissystem hat eine unerwartete Zugriffsverletzung bei der Adresse 0x7C921129 ausgelöst, während es auf die Adresse 0x04312635 zuzugreifen versuchte. Wenden Sie sich an den Microsoft-Produktsupport. ntdll!wcsncpy+0xbaa ole32!ComPs_NdrDllCanUnloadNow+0xfa OLEAUT32!VariantInit+0x1e2 OLEAUT32!SysAllocStringLen+0x31 OLEAUT32!SysAllocString+0x22 es!+0x31bc5 es!+0x3228a es!+0x25393 es!DllGetClassObject+0x704e es!DllGetClassObject+0x165f es!DllGetClassObject+0x1b10 es!+0x12661 es!+0x29d15 es!+0x2b14c es!+0x2b394 es!+0x2b4d8 kernel32!GetModuleFileNameA+0x1ba Error - 08.01.2010 14:22:52 | Computer Name = ASUS | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 08.01.2010 14:24:02 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung msiexec.exe, Version 4.5.6001.22159, fehlgeschlagenes Modul msihnd.dll, Version 3.1.4001.5512, Fehleradresse 0x00036935. [ System Events ] Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira AntiVir Planer. Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira AntiVir Guard. Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Microsoft Boot" wurde mit folgendem Fehler beendet: %%1114 Error - 08.01.2010 14:20:58 | Computer Name = ASUS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Helper Support" wurde mit folgendem Fehler beendet: %%1114 Error - 08.01.2010 14:21:23 | Computer Name = ASUS | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste. Error - 08.01.2010 14:21:23 | Computer Name = ASUS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.01.2010 14:21:35 | Computer Name = ASUS | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334} < End of report > |
08.01.2010, 20:36 | #5 |
| Viren problem Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:39, on 08.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Programme\Logitech\G-series Software\LGDCore.exe C:\Programme\Logitech\G-series Software\LCDMon.exe C:\Programme\RivaTuner v2.06\RivaTuner.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Downloads\ComboFix.exe C:\Downloads\ComboFix.exe C:\Downloads\test.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Downloads\test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [RivaTuner] "C:\Programme\RivaTuner v2.06\RivaTuner.exe" /T O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212652453843 O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9666 bytes |
09.01.2010, 00:00 | #6 | |
/// AVZ-Toolkit Guru | Viren problem Schön, dass du versuchst dich selber zu informieren aber dieser Satz war ernst gemeint: Zitat:
Also bitte unternimm ab jetzt nichts mehr auf eigene Faußt! Selber recherchieren ist sehr gut aber bevor du etwas machst sprich das bitte mit uns ab! So, nun zurück zu deinem Problem: Downloade dir AVZ auf folgendem Weg. Das sollte funktionieren: Download: 1. Lege dir einen eigenen Ordner für AVZ unter folgendem Pfad an: C:\AVZ 2. Klicke mit einem rechts Klick auf diesen Link: Toolkit und wähle speichern unter:
3. Das Programm muss nicht installiert werden sondern ist direkt betriebsbereit. Gehe danach genau so vor wie es weiter in der Anleitung beschrieben wird.
__________________ --> Viren problem Geändert von undoreal (09.01.2010 um 00:06 Uhr) |
Themen zu Viren problem |
abgebrochen, avira, dateien, fehler, gesperrt, hilfe!, hilfe!!, hilfe!!!, internet, kaspersky, klicke, mas, meldung, ordner, problem, programm, rechner, rum, sanduhr, seite, spybot, starten, viren, virus, warnung, windows, windows fehler |