TR/Crypt.XPACK.Gen2

Junglette · 24.07.2010, 13:39

Start, programme klappt super.... zubehör, editor find ich nicht

tut mir voll leid

hey, da IST ES!! Den ganzen text rein?? okay....brb

markusg · 24.07.2010, 14:08

schau mal ob du bei start, ausführen (suchen)
editor eingeben kannst
dann enter und er sollte sich öffnen,
bei win7 klappts

Junglette · 24.07.2010, 14:23

okay....klappte jetzt doch...allerdings war der schirm wieder auf und hat blockiert! Ich hab abgebrochen den CF und mache es nochmal....

markusg · 24.07.2010, 14:29

ja avira musst abschalten, sorry

Junglette · 24.07.2010, 15:08

hey, danke dass da bist

hier der CF Bericht:

Combofix Logfile:
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-07-23.04 - Junglette68 24.07.2010  15:35:15.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1940 [GMT 2:00]
ausgeführt von:: c:\users\Junglette68\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Junglette68\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Junglette68\AppData\Roaming\Qefaku
c:\users\Junglette68\AppData\Roaming\Riigq
c:\users\Junglette68\AppData\Roaming\Riigq\goim.ohu

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-24 bis 2010-07-24  ))))))))))))))))))))))))))))))
.

2010-07-24 13:42 . 2010-07-24 13:45	--------	d-----w-	c:\users\Junglette68\AppData\Local\temp
2010-07-24 13:42 . 2010-07-24 13:42	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-07-24 13:42 . 2010-07-24 13:42	--------	d-----w-	c:\users\Melissa\AppData\Local\temp
2010-07-24 13:42 . 2010-07-24 13:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-24 13:42 . 2010-07-24 13:42	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-07-22 18:56 . 2010-07-22 18:56	--------	d-----w-	C:\_OTL
2010-07-22 06:49 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 06:49 . 2010-07-22 06:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-22 06:49 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-22 05:51 . 2010-07-22 05:51	--------	d-----w-	c:\users\Junglette68\AppData\Roaming\Uniblue
2010-07-22 05:25 . 2010-07-22 05:25	5124960	----a-w-	c:\users\Junglette68\registrybooster.exe
2010-07-22 05:08 . 2010-07-22 05:08	6153648	----a-w-	c:\users\Junglette68\mbam-setup.exe
2010-07-12 09:57 . 2010-07-12 10:15	100	--s-a-w-	c:\users\Junglette68\AppData\Local\1144520260.dat
2010-06-30 08:00 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-30 08:00 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-30 08:00 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-30 08:00 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-30 08:00 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-29 11:55 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-29 11:55 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-25 10:44 . 2010-06-25 10:44	--------	d-----w-	c:\program files\Microsoft.NET

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 13:44 . 2008-07-28 10:57	56227	----a-w-	c:\programdata\nvModes.dat
2010-07-24 13:42 . 2008-07-28 10:48	1076	----a-w-	c:\windows\bthservsdp.dat
2010-07-24 13:22 . 2008-01-21 07:15	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-07-24 13:22 . 2008-01-21 07:15	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-07-22 15:06 . 2009-01-20 15:10	1	----a-w-	c:\users\Junglette68\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-22 09:04 . 2009-12-19 04:36	--------	d-----w-	c:\program files\trend micro
2010-07-22 06:03 . 2009-09-27 19:38	--------	d-----w-	c:\program files\Mobile Partner
2010-07-20 12:14 . 2008-11-29 16:25	--------	d-----w-	c:\users\Junglette68\AppData\Roaming\Winamp
2010-07-20 12:14 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-19 15:09 . 2010-07-12 09:57	12	----a-w-	c:\users\Junglette68\AppData\Roaming\vdnxlf.dat
2010-06-22 13:35 . 2010-06-22 13:35	50354	----a-w-	c:\users\Junglette68\AppData\Roaming\Facebook\uninstall.exe
2010-06-22 13:35 . 2010-06-22 13:35	--------	d-----w-	c:\users\Junglette68\AppData\Roaming\Facebook
2010-06-20 12:14 . 2008-07-28 12:56	--------	d-----w-	c:\program files\Java
2010-06-18 19:29 . 2008-11-06 19:17	1356	----a-w-	c:\users\Junglette68\AppData\Local\d3d9caps.dat
2010-06-14 16:54 . 2010-06-30 04:04	11776	----a-w-	c:\users\Junglette68\AppData\Roaming\Mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-06-12 08:53 . 2009-04-23 00:51	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-09 10:45 . 2010-06-09 10:45	5591040	----a-w-	c:\users\Junglette68\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-05-26 17:06 . 2010-06-11 16:18	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 16:18	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 16:11	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 16:16	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 16:16	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 16:16	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 16:16	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 16:16	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-05 18:52 . 2010-04-05 18:52	1059792	----a-w-	c:\program files\moovida-setup.exe
2010-04-02 21:56 . 2010-04-02 21:55	33850672	----a-w-	c:\program files\QuickTimeInstaller.exe
2010-03-03 13:42 . 2010-03-03 13:42	21603248	----a-w-	c:\program files\DivXInstaller721.exe
2009-08-06 12:35 . 2009-08-06 12:27	27899032	----a-w-	c:\program files\AdbeRdr910_de_DE.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"VMpTtray.exe"="c:\program files\Sony\VAIO Media plus\VMpTtray.exe" [2008-05-24 86016]
"Google Update"="c:\users\Junglette68\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-01 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-23 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1295656]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Skytel"="Skytel.exe" [2008-06-23 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-07 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-07 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04	98304	----a-w-	c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Junglette68^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Junglette68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-03 18:03	317280	----a-w-	c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2008-09-16 01:45	24576	----a-w-	c:\program files\Sony\Marketing Tools\MarketingTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37	37888	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b2,99,59,db,2b,5b,ca,01

R2 Browser Defender Update Service;Browser Defender Update Service;c:\users\Junglette68\Desktop\Spyware Doctor\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-03-30 27760]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2008-05-27 50560]
R3 sdAuxService;PC Tools Auxiliary Service;c:\users\Junglette68\Desktop\Spyware Doctor\pctsAuxs.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]
R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000Core.job
- c:\users\Junglette68\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 12:53]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000UA.job
- c:\users\Junglette68\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 12:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Junglette68\AppData\Roaming\Mozilla\Firefox\Profiles\xiwt3nuq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.myspace.com/index.cfm?fuseaction=home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Junglette68\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\users\Junglette68\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Junglette68\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-24  15:53:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-24 13:53
ComboFix2.txt  2010-07-24 13:08
ComboFix3.txt  2010-07-22 20:13

Vor Suchlauf: 14 Verzeichnis(se), 192.240.758.784 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 192.158.363.648 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=50 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50
- - End Of File - - 39F12E658E54ECA7B87AB4BF43530F95

--- --- ---

--- --- ---

markusg · 24.07.2010, 16:22

kannst du noch mal ein otl log erstellen wie in meinem ersten post beschrieben, otl.txt reicht diesmal.

Junglette · 25.07.2010, 16:34

sorry, sende doch zwei

steh bei beiden txt

[CODE]
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.07.2010 17:24:40 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Junglette68\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,22 Gb Total Space | 178,87 Gb Free Space | 61,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 362,05 Gb Free Space | 77,73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Unable to calculate disk information.
I: Drive not present or media not loaded
 
Computer Name: JUNGLETTE68-PC
Current User Name: Junglette68
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Junglette68\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\MySpace\IM\MySpaceIM.exe ()
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Junglette68\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sdCoreService) -- C:\Users\Junglette68\Desktop\Spyware Doctor\pctsSvc.exe File not found
SRV - (sdAuxService) -- C:\Users\Junglette68\Desktop\Spyware Doctor\pctsAuxs.exe File not found
SRV - (Browser Defender Update Service) -- C:\Users\Junglette68\Desktop\Spyware Doctor\BDT\BDTUpdateService.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (btwrchid) -- C:\Windows\System32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- C:\Windows\System32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys File not found
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys File not found
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ð¯Ð½Ð´ÐµÐºÑ"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.myspace.com/index.cfm?fuseaction=home"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: pinkpaula-combo@pinktheme.com:2.0
FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://yandex.ru/yandsearch?stype=first&clid=43912&yasoft=barff&text="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 22:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.27 22:36:11 | 000,000,000 | ---D | M]
 
[2008.11.07 19:27:01 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Extensions
[2010.07.24 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions
[2010.06.30 06:04:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.12 15:50:12 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010.02.01 09:41:25 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.06.30 06:04:46 | 000,000,000 | ---D | M] (Yoono) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010.06.30 06:04:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.13 00:21:44 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.10.08 17:40:44 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.12.08 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\pinkpaula-combo@pinktheme.com
[2008.11.07 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\toolbar_extras@de.yahoo.com
[2009.07.01 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\yasearch@yandex.ru
[2009.07.01 22:25:52 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2009.06.26 11:41:28 | 000,002,321 | ---- | M] () -- C:\Users\Junglette68\AppData\Roaming\Mozilla\FireFox\Profiles\xiwt3nuq.default\searchplugins\dictcc.xml
[2010.06.20 14:14:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.19 12:51:10 | 000,000,000 | ---D | M] (Seekapp) -- C:\Programme\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}
[2009.05.15 12:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.20 14:14:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008.11.07 19:26:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.14 20:34:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 20:34:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 20:34:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.12 12:28:23 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp145.xml
[2009.08.14 19:27:11 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp147.xml
[2009.08.26 10:02:10 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp149.xml
[2009.09.03 22:19:34 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp151.xml
[2009.09.22 16:20:25 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp153.xml
[2009.09.24 18:51:29 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp155.xml
[2009.10.25 12:48:36 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp159.xml
[2009.11.04 09:20:02 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp163.xml
[2009.11.06 08:52:45 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp165.xml
[2009.11.27 22:03:06 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp167.xml
[2010.03.14 20:34:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 20:34:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.24 15:44:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Programme\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Junglette68\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Junglette68\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.24 15:53:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.07.24 15:44:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.07.24 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\AppData\Local\temp
[2010.07.24 15:31:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.22 21:46:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.22 21:46:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.22 21:46:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.22 21:46:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.22 21:46:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.22 21:39:39 | 005,125,728 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\Junglette68\Desktop\registrybooster.exe
[2010.07.22 20:56:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.22 17:28:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Junglette68\Desktop\OTL.exe
[2010.07.22 08:49:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.22 08:49:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.22 08:49:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.22 08:47:50 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\Desktop\mbam-setup.exe
[2010.07.22 08:14:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.07.22 07:56:04 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\Desktop\Registry check
[2010.07.22 07:51:45 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\AppData\Roaming\Uniblue
[2010.07.22 07:25:37 | 005,124,960 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\Junglette68\registrybooster.exe
[2010.07.22 07:08:36 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\mbam-setup.exe
[2010.07.22 06:32:34 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\Desktop\sign-in-guest.aspx-Dateien
[2010.07.13 13:19:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.07.13 13:17:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.07.13 13:17:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.07.13 13:17:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.07.13 13:17:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.07.13 13:17:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.07.13 13:17:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.07.13 13:17:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.07.13 13:17:13 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.07.13 13:17:13 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.07.13 13:17:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.07.13 13:17:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.07.13 13:17:07 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.07.13 13:17:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.07.13 13:17:07 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.07.13 13:17:07 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.07.13 13:17:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.07.02 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\Desktop\Chipmunks
[2010.06.30 10:00:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.30 10:00:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.30 10:00:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.29 13:55:56 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.29 13:55:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.25 17:27:19 | 002,883,584 | -HS- | M] () -- C:\Users\Junglette68\ntuser.dat
[2010.07.25 17:20:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000UA.job
[2010.07.25 17:20:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000Core.job
[2010.07.25 17:11:34 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.25 17:11:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.25 17:11:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.25 17:11:34 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.25 17:11:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.25 17:08:51 | 000,056,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.25 17:08:51 | 000,056,227 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.25 17:05:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.25 17:05:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.25 17:05:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.25 17:05:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.25 17:04:58 | 3218,059,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.25 13:13:59 | 000,524,288 | -HS- | M] () -- C:\Users\Junglette68\ntuser.dat{0623095e-ffe8-11de-ad63-ca2569948b8a}.TMContainer00000000000000000001.regtrans-ms
[2010.07.25 13:13:59 | 000,065,536 | -HS- | M] () -- C:\Users\Junglette68\ntuser.dat{0623095e-ffe8-11de-ad63-ca2569948b8a}.TM.blf
[2010.07.25 13:13:38 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.25 13:13:35 | 002,393,991 | -H-- | M] () -- C:\Users\Junglette68\AppData\Local\IconCache.db
[2010.07.24 15:44:44 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.07.24 15:44:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.24 15:31:50 | 003,742,760 | R--- | M] () -- C:\Users\Junglette68\Desktop\ComboFix.exe
[2010.07.22 21:39:48 | 005,125,728 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Junglette68\Desktop\registrybooster.exe
[2010.07.22 21:37:43 | 000,001,186 | ---- | M] () -- C:\Users\Junglette68\Desktop\cc_20100722_213731.reg
[2010.07.22 17:28:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Junglette68\Desktop\OTL.exe
[2010.07.22 17:24:12 | 000,010,037 | ---- | M] () -- C:\Users\Junglette68\Desktop\Rechnungseckdaten.ods
[2010.07.22 08:49:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.22 08:47:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\Desktop\mbam-setup.exe
[2010.07.22 08:42:50 | 000,339,991 | ---- | M] () -- C:\Users\Junglette68\Desktop\RSIT.exe
[2010.07.22 07:25:44 | 005,124,960 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Junglette68\registrybooster.exe
[2010.07.22 07:08:39 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\mbam-setup.exe
[2010.07.22 06:32:35 | 000,019,339 | ---- | M] () -- C:\Users\Junglette68\Desktop\sign-in-guest.aspx.htm
[2010.07.21 18:08:15 | 000,089,088 | ---- | M] () -- C:\Users\Junglette68\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 13:01:16 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.19 17:09:40 | 000,000,012 | ---- | M] () -- C:\Users\Junglette68\AppData\Roaming\vdnxlf.dat
[2010.07.12 14:48:39 | 007,507,968 | ---- | M] () -- C:\Users\Junglette68\Desktop\Jah Cure What Will It Take.mp3
[2010.07.12 12:15:25 | 000,000,100 | --S- | M] () -- C:\Users\Junglette68\AppData\Local\1144520260.dat
[2010.07.02 15:40:14 | 000,010,610 | ---- | M] () -- C:\Users\Junglette68\Desktop\46074255_300.jpg
[2010.07.01 14:05:08 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2010.06.30 15:23:45 | 000,111,991 | ---- | M] () -- C:\Users\Junglette68\Desktop\watch.htm
 
========== Files Created - No Company Name ==========
 
[2010.07.22 21:46:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.07.22 21:46:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.07.22 21:46:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.07.22 21:46:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.07.22 21:46:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.07.22 21:41:57 | 003,742,760 | R--- | C] () -- C:\Users\Junglette68\Desktop\ComboFix.exe
[2010.07.22 21:37:42 | 000,001,186 | ---- | C] () -- C:\Users\Junglette68\Desktop\cc_20100722_213731.reg
[2010.07.22 17:03:27 | 000,010,037 | ---- | C] () -- C:\Users\Junglette68\Desktop\Rechnungseckdaten.ods
[2010.07.22 08:49:48 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.22 08:42:49 | 000,339,991 | ---- | C] () -- C:\Users\Junglette68\Desktop\RSIT.exe
[2010.07.22 08:35:29 | 3218,059,264 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.22 06:32:34 | 000,019,339 | ---- | C] () -- C:\Users\Junglette68\Desktop\sign-in-guest.aspx.htm
[2010.07.21 13:01:16 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.13 13:17:08 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.07.13 13:17:08 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.07.13 13:17:08 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.07.12 14:48:28 | 007,507,968 | ---- | C] () -- C:\Users\Junglette68\Desktop\Jah Cure What Will It Take.mp3
[2010.07.12 11:57:13 | 000,000,100 | --S- | C] () -- C:\Users\Junglette68\AppData\Local\1144520260.dat
[2010.07.12 11:57:10 | 000,000,012 | ---- | C] () -- C:\Users\Junglette68\AppData\Roaming\vdnxlf.dat
[2010.07.02 15:40:13 | 000,010,610 | ---- | C] () -- C:\Users\Junglette68\Desktop\46074255_300.jpg
[2010.06.30 15:23:44 | 000,111,991 | ---- | C] () -- C:\Users\Junglette68\Desktop\watch.htm
[2010.06.11 18:12:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.12.19 16:49:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009.09.17 18:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.06 09:30:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.06 09:30:29 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.09.16 03:55:04 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.09.16 03:47:25 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.07.28 21:59:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\sysgtime.dll
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\System32\proclsvr.drv
 
========== LOP Check ==========
 
[2009.10.21 17:13:04 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Ableton
[2010.06.22 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Facebook
[2010.01.27 17:38:53 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\ICQ
[2009.01.22 01:07:16 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\InterVideo
[2009.07.12 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Megaupload
[2009.01.20 17:09:07 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\OpenOffice.org
[2009.01.11 00:12:13 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Opera
[2009.01.28 09:36:02 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Template
[2009.04.05 03:27:06 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Thunderbird
[2010.07.22 07:51:45 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Uniblue
[2009.10.24 13:40:34 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Vodafone
[2009.07.01 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Yandex
[2010.07.25 13:13:38 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

--- --- ---

und

Code:

ATTFilter

OTL Logfile:

	Code: 

 ATTFilter

  
	OTL Extras logfile created on: 25.07.2010 17:24:40 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Junglette68\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,22 Gb Total Space | 178,87 Gb Free Space | 61,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 362,05 Gb Free Space | 77,73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Unable to calculate disk information.
I: Drive not present or media not loaded
 
Computer Name: JUNGLETTE68-PC
Current User Name: Junglette68
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B0851784-31E5-439F-B68F-D31D42A2B060}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E42AA957-E3A3-426D-ADDF-C1DFEBBAFB7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{106D5737-E954-499A-BB05-70F05E47342D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{12F4631C-7964-471C-9677-3D2D4F246125}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{13F87359-FC4E-4712-908B-C74982A826E3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{1500B378-8362-4B0B-9CAA-BE89AB73B79A}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe | 
"{1D770A48-F16C-44B4-8D35-22A69969A280}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{2A5F8BA6-DED7-47D6-9759-78E1C418D11F}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe | 
"{3220D02B-F724-4338-B57F-0E11D0DB2D9B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{39256760-3E15-4566-8D96-51387D1B6792}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe | 
"{4AEA2E92-D8C9-4C7C-B9A2-B82B1800CDE7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5164D25B-FC91-4B76-A8BE-03F4769236EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{5AF418C2-C90F-4D2A-BD4B-9538D8AA2BA6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{667DD0BA-6F40-49D8-9E26-4CDAFBB1C907}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72062A90-34F4-41E5-AB88-58281DF3F352}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{756BC006-9E85-4B2A-A8AC-6D6DC1A37D61}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{76690CD7-59C9-471E-8987-5B83E906E98C}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{7A1EB549-9C28-44C4-9B95-95ED4517218D}" = protocol=58 | dir=in | app=system | 
"{7E47CB58-5FEC-40C0-A860-97CA0AB60C8C}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{87424B58-384D-4D8F-80FE-175B5CE1ACDD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{A70EFE2D-02E6-4F16-9CA9-5A0C573208DF}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe | 
"{B49A6E7F-6C1E-4609-8A91-03E4EE1361A8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BD8CFD25-0823-4B99-96F6-86F06BBFCD28}" = protocol=6 | dir=in | app=c:\program files\moovida\moovida.exe | 
"{BFFCA7B7-FA1E-4CC5-ADE7-54BFDE4E8ADE}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{CB1746ED-11D2-487B-B2E4-E841E72D6143}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe | 
"{D631AA8B-9C63-446D-B72D-24E4E247822B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{DBA4868D-A923-47A4-9578-C2A804529332}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe | 
"{E58CDF16-0085-46E7-9092-B1E3C0AF3112}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{E64EBF14-FB2F-42CD-96D1-64CC73B6528C}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe | 
"{E9DF0068-A7EE-4364-99BE-A14F8E8D7A5D}" = protocol=17 | dir=in | app=c:\program files\moovida\moovida.exe | 
"{EA67BE2E-7E3B-49AE-B735-9997196E9DDC}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{FDDBFE4A-DF4B-4467-8023-6378001081ED}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{FF2D9598-CFF4-49F5-9320-A12D47739BDE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{109F07D0-86E6-4548-A85E-242047C0DABF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3FC9C7D3-5806-4900-8584-F1720CD5C40B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{7B0C4605-EA33-4485-A744-2932A0587767}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{883F3D0D-76CE-4C09-BFEB-ED1B9FA68C3D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{908B9BB8-ABF5-40E5-AFF1-0909BC778287}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{90F4DCCF-E52B-4A2A-BBBE-18D00C09D0E7}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{9692AB50-82BC-49B0-9E54-4B334C6ABCE7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{BFD1D2C0-1E0C-4984-B7D8-F5163192BFEE}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{C5147951-84C5-42AA-88A1-E719694CF5D2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{C8C19FE1-9E04-4211-B1C1-CD893CC279E3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D7253CA1-E347-4B2B-8627-0688B5CBCAE5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{282C50C9-88D9-4E70-ABA2-51EE78D0CCFB}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{3F571C0D-20EB-4809-ABA8-F4743E6C7940}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{55D0FDDB-D2F5-4516-A562-4560395EA853}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7D31DDD0-8EBD-494F-8038-468CDB4C1EA7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{8C9A448F-C6D0-482F-998C-F56BF6FF88EB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{908E2CE2-8990-4921-93BB-ADC1B7F99A1E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{DC93407A-E57B-4649-AE1C-F75737E5B92E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{E31D83EE-BF1A-4BEE-8BDE-C49AC4C7941F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EAEE99E6-5A65-4A2F-BF75-B48CC1F0A305}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{F3837036-6A29-4C06-A687-F5C608E99971}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{FE124E11-CE2C-45BB-A3B6-651C894DF2E9}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6084C211-01A1-464E-97A0-09772E122B50}" = Moovida
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C833C7B6-1140-471D-932B-391B5CA66D7D}" = Digital Video
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = HDAUDIO Soft Data Fax Modem with SmartCP
"dt icon module" = 
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow [rev 1692] [2007-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"gtfirstboot Setting Request" = 
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MySpaceIM" = MySpaceIM
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
 --- --- ---

Bildschirm auch wieder schwarz und Windows weißt auf geblockte Autostartprogramme hin

markusg · 25.07.2010, 17:01

noch probleme?

Junglette · 25.07.2010, 17:16

ausser der bildschirmausfall eigentlich net....

wenn keine gefahr mehr von Trojanern besteht bin ich hier voll happy und werd die Hardwareprobleme auf anderes zurückführen müssen

denkst ist gut so jetzt? Hab doch kein plan

Vielen Dank für alles!!!

markusg · 25.07.2010, 17:32

das mit dem geblockten programmen überlesen, was genau wird angezeigt?

Junglette · 26.07.2010, 16:20

...hihi...ist jetzt auch weg!!!
Daaaaaaaaaaaaaanke!!!

markusg · 26.07.2010, 16:31

bereinige mit dem CCleaner noch mal dateien + registry.
der bildschirm geht jetzt wohl auch wieder? sitzt das kabel auch richtig :-)

24.07.2010, 14:08	#17
markusg /// Malware-holic	TR/Crypt.XPACK.Gen2 schau mal ob du bei start, ausführen (suchen) editor eingeben kannst dann enter und er sollte sich öffnen, bei win7 klappts __________________

24.07.2010, 14:29	#19
markusg /// Malware-holic	TR/Crypt.XPACK.Gen2 ja avira musst abschalten, sorry

24.07.2010, 16:22	#21
markusg /// Malware-holic	TR/Crypt.XPACK.Gen2 kannst du noch mal ein otl log erstellen wie in meinem ersten post beschrieben, otl.txt reicht diesmal.

25.07.2010, 17:01	#23
markusg /// Malware-holic	TR/Crypt.XPACK.Gen2 noch probleme?

25.07.2010, 17:32	#25
markusg /// Malware-holic	TR/Crypt.XPACK.Gen2 das mit dem geblockten programmen überlesen, was genau wird angezeigt?

TR/Crypt.XPACK.Gen2

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2