| |
| |||||||
Log-Analyse und Auswertung: "Schlachtmusik"-Problem unter Vista 32-BitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.07.2010, 22:54
| #1 |
 |  "Schlachtmusik"-Problem unter Vista 32-Bit Ich hab keinen Schimmer wie ich es geschafft habe, aber ich scheine mir ebenfalls den Trojaner eingefangen zu haben, der in unregelmäßigen Abständen eine auf Dauer wirklich nervtötende "Schlachtmusik" abspielt. Da dies mein erster Thread hier im Forum ist, bitte ich um Rücksicht, wenn ich nicht gleich alles so perfekt umsetzen kann. Ich werde mir aber Mühe geben, nicht zu sehr auf dem Schlauch zu stehen. :-) Hijack sagt jedenfalls folgendes bei mir: Code:
ATTFilter Scan saved at 23:39:26, on 28.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Eigener Kram\Downloads\HiJackThis(2).exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_15_Premium\TrayServer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
|
|
29.07.2010, 11:15
| #2 |
| /// Selecta Jahrusso   | "Schlachtmusik"-Problem unter Vista 32-Bit Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Teatimer abstellen Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung. Schritt 2 Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
Poste mir bitte den Inhalt des .txt Dokumentes Schritt 3 Downloade Dir bitte Load.exe
Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf. Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________ |
|
29.07.2010, 12:53
| #3 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit Okay, das hat jetzt etwas gedauert, aber ich hab alles zusammen und Personennamen editiert.. Alles streng nach Vorschrift. ;-D
__________________An dieser Stelle auch mal ein dickes Lob, die Anleitung im pdf-Format ist klasse! :-D Also dann mal los. Ich werd alles einzeln posten, da es sonst zu viel wird und das Posten dadurch nicht funktioniert. :-/ MBRCheck: Code:
ATTFilter MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done! Press ENTER to exit...
Code:
ATTFilter OTL logfile created on: 29.07.2010 13:12:52 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\XXX\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 461,71 Gb Free Space | 80,13% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 3,25 Gb Free Space | 16,25% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.07.29 12:26:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\MFTools\OTL.exe PRC - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.20 19:21:50 | 007,625,248 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe ========== Modules (SafeList) ========== MOD - [2010.07.29 12:26:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\MFTools\OTL.exe MOD - [2009.09.25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.04.10 23:28:24 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009.04.10 23:28:20 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.04.10 23:28:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.04.10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.21 04:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2006.11.02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll ========== Win32 Services (SafeList) ========== SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.07.02 02:13:48 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.09.28 21:20:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007.05.16 08:41:18 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva349.sys -- (XDva349) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - [2010.07.10 00:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.22 00:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.12.09 16:26:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009.07.20 19:15:28 | 002,664,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008.08.01 13:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006.04.10 14:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.6.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 00:52:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 00:52:18 | 000,000,000 | ---D | M] [2009.09.28 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.07.29 11:31:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zl577jez.default\extensions [2010.04.28 00:21:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zl577jez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.30 06:47:38 | 000,000,000 | ---D | M] (Buyertools) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zl577jez.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A} [2010.07.27 01:27:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zl577jez.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.11 01:03:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zl577jez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.09.30 23:34:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.09.28 21:28:34 | 000,000,000 | ---D | M] (Buyertools) -- C:\Program Files\Mozilla Firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A} [2010.02.05 23:37:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.05 23:37:16 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.05 23:37:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.05 23:37:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.05 23:37:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Program Files\Buyertools Reminder\IEButtonBuyertoolsInterface.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe () O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Eigener Kram\Downloads\Alois_Trancy_by_like_a_vergil2.jpg O24 - Desktop BackupWallPaper: C:\Eigener Kram\Downloads\Alois_Trancy_by_like_a_vergil2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{092fcd4a-ac37-11de-af62-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{092fcd4a-ac37-11de-af62-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\start.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.07.29 12:37:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.07.29 12:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.07.29 12:31:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Gmer [2010.07.29 12:25:49 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\MFTools [2010.07.29 11:36:50 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Windows\System32\remover.exe [2010.07.29 00:02:11 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.28 20:24:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.07.28 13:31:41 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\XXX\Desktop\HiJackThis.exe [2010.07.28 04:39:29 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2010.07.28 04:39:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.28 04:39:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.28 04:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.28 04:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.26 12:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.07.26 11:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.07.25 16:02:20 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Apple Computer [2010.07.22 03:48:58 | 000,016,904 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\authuitu.dll [2010.07.22 03:48:57 | 000,029,704 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\uxtuneup.dll [2010.07.22 03:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2007 [2010.07.22 03:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010.07.22 00:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2010.07.22 00:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010.07.22 00:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.07.22 00:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.07.21 23:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.07.21 23:48:03 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.07.20 19:14:15 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\NVIDIA [2010.07.16 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\TalesRunner [2010.07.16 20:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\gpotato [2010.07.16 19:31:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\PMB Files [2010.07.16 19:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010.07.16 19:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2010.07.14 16:02:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\dvdcss [2010.07.11 16:26:22 | 000,063,488 | ---- | C] (MicroHelp, Inc.) -- C:\Windows\System32\GAUGE32.OCX [2010.07.11 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\FUJITSU [2010.07.11 16:25:51 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe [2010.07.11 11:34:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\MAGIX_Speed2_burnR_mxcdr [2010.07.11 11:25:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\MAGIX_Video_deluxe_15_Premium [2010.07.11 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\MAGIX [2010.07.11 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Xara [2010.07.10 23:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xara [2010.07.10 23:59:08 | 000,909,312 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe [2010.07.10 23:59:07 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll [2010.07.10 23:59:07 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll [2010.07.10 23:59:07 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll [2010.07.10 23:59:07 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll [2010.07.10 23:59:07 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll [2010.07.10 23:59:07 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll [2010.07.10 23:59:07 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll [2010.07.10 23:59:07 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll [2010.07.10 23:59:07 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll [2010.07.10 23:59:07 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll [2010.07.10 23:59:07 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll [2010.07.10 23:59:06 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll [2010.07.10 23:59:06 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll [2010.07.10 23:59:06 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll [2010.07.10 23:59:06 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll [2010.07.10 23:59:06 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll [2010.07.10 23:59:06 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll [2010.07.10 23:59:06 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll [2010.07.10 23:59:06 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll [2010.07.10 23:59:06 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll [2010.07.10 23:59:06 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll [2010.07.10 23:59:06 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll [2010.07.10 23:51:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\MAGIX_Video_deluxe_16_Premium [2010.07.10 23:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2010.07.05 15:07:47 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\TechSmith [2010.07.05 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Camtasia Studio [2010.07.05 15:05:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2010.07.05 15:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2010.07.05 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\WeGame [2010.07.05 14:41:49 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\gctmp [2010.07.05 14:41:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Xenocode [2010.07.05 14:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam XPress [2010.07.02 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games [2010.07.02 15:21:00 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\EA Games [2010.07.02 15:15:06 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2010.06.26 22:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer [2010.06.18 23:59:00 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\vlc [2010.06.18 23:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.05.27 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\RO2 ========== Files - Modified Within 90 Days ========== [2010.07.29 13:12:50 | 002,359,296 | ---- | M] () -- C:\Users\XXX\ntuser.dat [2010.07.29 12:41:12 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.29 12:41:12 | 000,623,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.29 12:41:12 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.29 12:41:12 | 000,125,172 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.29 12:41:12 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.29 12:36:34 | 000,000,697 | ---- | M] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk [2010.07.29 12:36:34 | 000,000,678 | ---- | M] () -- C:\Users\XXX\Desktop\ERUNT.lnk [2010.07.29 12:34:41 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.07.29 12:34:41 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.07.29 12:34:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 12:34:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 12:34:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.29 12:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.29 12:34:20 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2010.07.29 12:34:19 | 000,708,735 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.07.29 12:33:43 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{ce828354-9531-11df-947f-4061860c9c79}.TMContainer00000000000000000001.regtrans-ms [2010.07.29 12:33:43 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{ce828354-9531-11df-947f-4061860c9c79}.TM.blf [2010.07.29 12:28:03 | 005,450,047 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db [2010.07.29 12:22:50 | 000,055,296 | ---- | M] () -- C:\Users\XXX\Desktop\MBRCheck.exe [2010.07.28 23:58:39 | 000,000,768 | ---- | M] () -- C:\Users\XXX\Desktop\CCleaner.lnk [2010.07.28 13:31:48 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\XXX\Desktop\HiJackThis.exe [2010.07.28 04:39:24 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 04:35:40 | 000,000,512 | ---- | M] () -- C:\mbr.dat [2010.07.28 04:32:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.07.28 04:32:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2010.07.28 04:23:24 | 000,000,512 | ---- | M] () -- C:\mbr.mbr [2010.07.28 03:10:37 | 000,017,408 | ---- | M] () -- C:\Users\XXX\Desktop\Animagic Packliste.xls [2010.07.28 03:10:10 | 000,018,432 | ---- | M] () -- C:\Users\XXX\Desktop\Fahrliste.xls [2010.07.27 05:44:42 | 000,081,920 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.23 17:36:17 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.07.22 22:13:32 | 000,000,422 | ---- | M] () -- C:\Windows\ULEAD32.INI [2010.07.22 04:21:10 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{ce828354-9531-11df-947f-4061860c9c79}.TMContainer00000000000000000002.regtrans-ms [2010.07.22 03:58:20 | 002,359,296 | -HS- | M] () -- C:\Users\XXX\ntuser.dat_BAK_44764 [2010.07.22 03:58:19 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.22 03:58:19 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.22 03:48:56 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2007.lnk [2010.07.22 00:52:39 | 000,000,768 | ---- | M] () -- C:\Users\XXX\Desktop\SpeedFan.lnk [2010.07.22 00:52:38 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Windows\System32\remover.exe [2010.07.19 00:21:04 | 000,000,410 | ---- | M] () -- C:\Users\XXX\Desktop\Regions- und Sprachoptionen - Verknüpfung.lnk [2010.07.18 23:31:15 | 000,000,922 | ---- | M] () -- C:\Users\XXX\Desktop\TalesRunner.lnk [2010.07.11 11:45:46 | 000,000,888 | ---- | M] () -- C:\Users\XXX\Desktop\Videodeluxe.exe - Verknüpfung.lnk [2010.07.11 11:35:28 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini [2010.07.11 11:06:06 | 000,418,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.11 00:30:20 | 000,132,784 | ---- | M] () -- C:\Users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.10 00:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.07.10 00:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2010.07.08 00:13:11 | 000,001,234 | ---- | M] () -- C:\Users\XXX\Desktop\Sims2EP9.exe - Verknüpfung.lnk [2010.07.05 14:46:10 | 000,007,047 | ---- | M] () -- C:\video.pass [2010.07.03 21:25:05 | 000,002,132 | ---- | M] () -- C:\Users\XXX\Desktop\Die Sims™ 2 Body Shop (2).lnk [2010.06.21 21:43:12 | 000,018,944 | ---- | M] () -- C:\Users\XXX\Desktop\Grand Fantasia Dropliste.xls [2010.06.15 23:52:40 | 000,000,180 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\default.rss [2010.06.15 23:52:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.06.12 18:42:46 | 000,000,633 | ---- | M] () -- C:\Users\XXX\Desktop\Event-Aufruf.rtf [2010.06.10 23:07:32 | 000,008,468 | ---- | M] () -- C:\Users\XXX\Desktop\Smilies.rtf ========== Files Created - No Company Name ========== [2010.07.29 12:36:34 | 000,000,697 | ---- | C] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk [2010.07.29 12:36:34 | 000,000,678 | ---- | C] () -- C:\Users\XXX\Desktop\ERUNT.lnk [2010.07.29 12:31:11 | 000,293,376 | ---- | C] () -- C:\Users\XXX\Desktop\gmer.exe [2010.07.29 12:22:50 | 000,055,296 | ---- | C] () -- C:\Users\XXX\Desktop\MBRCheck.exe [2010.07.28 04:39:24 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 04:35:40 | 000,000,512 | ---- | C] () -- C:\mbr.dat [2010.07.28 04:32:25 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.07.28 04:32:25 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml [2010.07.28 04:23:24 | 000,048,019 | ---- | C] () -- C:\Users\XXX\bootkit_remover_debug_log.txt [2010.07.28 04:23:24 | 000,000,512 | ---- | C] () -- C:\mbr.mbr [2010.07.28 03:10:10 | 000,018,432 | ---- | C] () -- C:\Users\XXX\Desktop\Fahrliste.xls [2010.07.28 01:09:40 | 000,017,408 | ---- | C] () -- C:\Users\XXX\Desktop\Animagic Packliste.xls [2010.07.26 11:53:13 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys [2010.07.22 03:59:11 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\ntuser.dat{ce828354-9531-11df-947f-4061860c9c79}.TMContainer00000000000000000002.regtrans-ms [2010.07.22 03:59:11 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\ntuser.dat{ce828354-9531-11df-947f-4061860c9c79}.TMContainer00000000000000000001.regtrans-ms [2010.07.22 03:59:11 | 000,065,536 | -HS- | C] () -- C:\Users\XXX\ntuser.dat{ce828354-9531-11df-947f-4061860c9c79}.TM.blf [2010.07.22 03:57:54 | 000,262,144 | -H-- | C] () -- C:\Users\XXX\ntuser.dat_TU_44764.LOG1 [2010.07.22 03:57:54 | 000,000,000 | -H-- | C] () -- C:\Users\XXX\ntuser.dat_TU_44764.LOG2 [2010.07.22 03:48:56 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2007.lnk [2010.07.22 00:52:39 | 000,000,768 | ---- | C] () -- C:\Users\XXX\Desktop\SpeedFan.lnk [2010.07.22 00:52:17 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2010.07.19 00:21:04 | 000,000,410 | ---- | C] () -- C:\Users\XXX\Desktop\Regions- und Sprachoptionen - Verknüpfung.lnk [2010.07.18 23:31:15 | 000,000,922 | ---- | C] () -- C:\Users\XXX\Desktop\TalesRunner.lnk [2010.07.11 11:45:46 | 000,000,888 | ---- | C] () -- C:\Users\XXX\Desktop\Videodeluxe.exe - Verknüpfung.lnk [2010.07.10 23:59:06 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib [2010.07.08 00:12:48 | 000,001,234 | ---- | C] () -- C:\Users\XXX\Desktop\Sims2EP9.exe - Verknüpfung.lnk [2010.07.05 14:45:57 | 000,007,047 | ---- | C] () -- C:\video.pass [2010.07.03 21:25:05 | 000,002,132 | ---- | C] () -- C:\Users\XXX\Desktop\Die Sims™ 2 Body Shop (2).lnk [2010.06.21 09:45:19 | 000,018,944 | ---- | C] () -- C:\Users\XXX\Desktop\Grand Fantasia Dropliste.xls [2010.06.12 18:42:46 | 000,000,633 | ---- | C] () -- C:\Users\XXX\Desktop\Event-Aufruf.rtf [2010.03.11 23:20:22 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.11.05 23:54:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.02 17:24:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.02 17:24:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.02 17:24:55 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.11.02 17:24:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.02 17:24:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.02 17:24:54 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.09.30 21:24:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.29 06:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2009.09.28 23:25:07 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.09.28 22:00:32 | 000,000,422 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.09.28 21:49:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.09.28 21:48:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.09.28 20:45:04 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.28 20:45:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.28 20:42:20 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.09.28 20:29:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.13 17:04:21 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.07.29 12:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.02.27 19:58:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Downloaded Installations [2010.03.09 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GetRightToGo [2010.03.31 12:26:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\IMVUClient [2010.04.21 20:24:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\IrfanView [2010.07.11 11:36:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX [2010.02.23 23:07:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\SPORE [2010.07.16 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TalesRunner [2009.09.28 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software [2009.12.20 01:58:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems [2010.03.31 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Vivox [2010.07.23 17:36:17 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.07.29 12:33:23 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010.07.29 12:34:20 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010.04.24 11:57:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.07.28 04:35:40 | 000,000,512 | ---- | M] () -- C:\mbr.dat [2010.07.28 04:23:24 | 000,000,512 | ---- | M] () -- C:\mbr.mbr [2010.04.24 11:57:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.07.29 12:34:19 | 3534,106,624 | -HS- | M] () -- C:\pagefile.sys [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2010.07.05 14:46:10 | 000,007,047 | ---- | M] () -- C:\video.pass < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.29 12:41:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2007.04.09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2006.05.10 09:48:48 | 002,572,288 | ---- | M] (Brockhaus Duden Neue Medien GmbH) -- C:\Windows\BROCKHAUS multimedial.scr < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:22:37 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msls31.dll [2009.04.10 23:28:24 | 000,286,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasapi32.dll [2008.01.21 04:24:11 | 000,071,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasman.dll [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 23:28:26 | 000,036,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rtutils.dll [2006.11.02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SensApi.dll [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2008.01.21 04:24:13 | 000,376,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sxs.dll [2006.11.02 11:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\tapi32.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-26 14:18:17 < End of report > |
|
29.07.2010, 12:55
| #4 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.07.2010 13:12:52 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\XXX\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 461,71 Gb Free Space | 80,13% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 3,25 Gb Free Space | 16,25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: XXX-PC
Current User Name: XXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1383540715-3288036628-802143970-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B870B9-1649-4088-A333-E635CC6E4CDE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0CE4F179-E40D-4467-9E8E-D2747225E6AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D7E6471-B7F8-46F4-B110-2DCD49F9B53C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{14DEDF16-495A-4386-B5DF-45164060ABCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2226B447-555B-434E-B194-8ACF69A32053}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2B6FA7DD-DAA2-45BD-A7F5-CAD82DE990CB}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{3CA594AC-DAEB-4BCC-B0A6-2987912A9C5D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3CB4BF4D-40C6-4626-B09C-4916AC6243C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{41D26764-0730-4073-A8F6-86935DE54FA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{5205294B-D4CB-4EEA-85ED-0BD5F20D3284}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5730F1F6-54FC-4303-B88B-12E90574D87F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{72FD6013-56AB-4BCA-83E9-274602C2E66B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{74F83773-1317-4B45-8935-FD69664338DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{75743502-03AB-4A08-8D2A-C12A2D4A7D21}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{77648EF6-F750-45B3-99A1-3F402DB9A060}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7874865F-6C57-4F74-A7BC-3A7D7A8BCABE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A241BA7-C333-4BD2-8D7D-C9CD6EDBCDFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CC20890-F969-4B36-80E5-ED6D032E645D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{826B665F-19BF-4673-9EB3-3AE1B034B8E6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83FC553D-0360-4829-B1D4-2938F9DDD66D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8A1FBA81-1F32-4C21-AB21-F72B4D2FDAAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A33751B2-AD76-4C31-87B1-90E1514C9B42}" = rport=137 | protocol=17 | dir=out | app=system |
"{C9BA43D3-B1A6-4E1F-A3C1-C1C735C2F363}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA195E28-51E6-4F59-A0BC-6C71B2FA7BA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E30C7183-2B1F-4A72-A5D6-D7BAA0ECE077}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E95F2AA6-4BC1-4972-B3A1-382BE8EC2521}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F17867BD-0986-40EE-8F22-9D5C8CB3A358}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1DDEFB7-5FA4-48E5-B888-8660E9CC9129}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F7C08DD4-D7F8-48B9-9176-BA5018098067}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE59E319-8FF9-46CA-BE34-DE1839359D77}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18CF2325-645B-4EC2-9770-910F6FC74A12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AC35961-2704-47B9-9B6A-75C875416CA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{54E4C7C8-4F63-4294-8512-CD787E8D825A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{55DAD987-9010-4423-99C9-9DA7909A23CB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5686E2C6-5671-4593-85C4-0721D141C439}" = dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"{5E3641B3-5345-4EE5-913A-E55C2ECB6FD0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{75DA77D9-3043-4BAB-9C27-A61AAF9F228B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{75E35011-DB51-4213-8DED-B56A04C9A254}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{7EA2C009-DA82-47D8-94FE-376142732AE6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8A5122B1-41BF-4635-AEBF-B189B24B93E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C64918B3-6426-46C8-8531-9707BAFC22E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBA95CE3-1526-46BD-BBA6-CC79370F2F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAA16FE3-545A-403F-A01D-64B2CD925240}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DAE4BE8C-BE6D-486D-8414-6BFCA0FAD4AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2528E71-B12C-4E1B-BC49-C01C243AE7F6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ED01D1A1-A353-43BA-BBE2-2EFB2FC647F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F07FAB57-EC48-4B25-A0F0-745925A56327}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F1495686-D60C-40FE-B257-29783A702F3E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{4E9248B5-845A-4633-8ED1-0B05275AE1EF}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"TCP Query User{6925BB98-704C-4B17-A37C-89F2FC6D7454}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CB17F2A4-1223-4037-A463-51C72E6DB25E}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=6 | dir=in | app=c:\program files\gpotato\talesrunner\trgame.exe |
"TCP Query User{E1920361-AA57-484E-9933-613C478C91CD}C:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"UDP Query User{0BB8B13D-3807-4C91-9709-106B12630003}C:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"UDP Query User{C9E8D5D7-4AB4-4F76-BB2D-399F1F058A87}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E07709C0-DEF4-40BA-BF77-39CEE84B39E4}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"UDP Query User{EF5F5E2E-45FA-43AB-A3BC-67A9127175FE}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=17 | dir=in | app=c:\program files\gpotato\talesrunner\trgame.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1b0c4a9b-e8e7-453a-a014-d4b54b0826f7}" = Nero 9
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F7D480DD-8D1A-470D-87C6-3B9DBF6A629B}" = Buyertools Reminder
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"GoldWave v5.22" = GoldWave v5.22
"Grand Fantasia" = Grand Fantasia
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"Macro Express 3" = Macro Express 3
"MAGIX Video deluxe 15 Premium D" = MAGIX Video deluxe 15 Premium 8.0.0.62 (D)
"MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.0.20 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.07.2010 08:07:56 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
0x4bdfa327, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00041e5e, Prozess-ID 0xe64, Anwendungsstartzeit
01cb2e4b5d307ec1.
Error - 28.07.2010 08:14:56 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.07.2010 17:15:27 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.07.2010 17:22:45 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 05:15:02 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 05:49:43 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 06:22:05 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 06:30:49 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 06:36:04 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 06:47:00 | Computer Name = XXX-PC | Source = Perflib | ID = 1010
Description =
[ System Events ]
Error - 28.07.2010 07:43:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 28.07.2010 07:43:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.07.2010 07:44:16 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 28.07.2010 07:45:37 | Computer Name = XXX-PC | Source = DCOM | ID = 10010
Description =
Error - 28.07.2010 07:47:00 | Computer Name = XXX-PC | Source = DCOM | ID = 10005
Description =
Error - 28.07.2010 07:47:00 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 28.07.2010 07:47:00 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2010 06:19:22 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 29.07.2010 06:21:19 | Computer Name = XXX-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.07.2010 06:32:30 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
29.07.2010, 12:56
| #5 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-29 13:10:33
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\XXX\AppData\Local\Temp\uwlcqpow.sys
---- System - GMER 1.0.15 ----
SSDT 8D4E8E7C ZwCreateThread
SSDT 8D4E8E68 ZwOpenProcess
SSDT 8D4E8E6D ZwOpenThread
SSDT 8D4E8E77 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 222 828B4985 3 Bytes [8E, 4E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 3F1 828B4B54 4 Bytes [68, 8E, 4E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 40D 828B4B70 4 Bytes [6D, 8E, 4E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 621 828B4D84 4 Bytes [77, 8E, 4E, 8D]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!CreateWindowExW 76A91305 5 Bytes JMP 70C1DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!DialogBoxParamW 76AB10B0 5 Bytes JMP 70B454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!DialogBoxIndirectParamW 76AB2EF5 5 Bytes JMP 70D1480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!DialogBoxParamA 76AC8152 5 Bytes JMP 70D147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!DialogBoxIndirectParamA 76AC847D 5 Bytes JMP 70D14872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!MessageBoxIndirectA 76ADD4D9 5 Bytes JMP 70D14741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!MessageBoxIndirectW 76ADD5D3 5 Bytes JMP 70D146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!MessageBoxExA 76ADD639 5 Bytes JMP 70D14674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1064] USER32.dll!MessageBoxExW 76ADD65D 5 Bytes JMP 70D14612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!SetWindowsHookExW 76A887AD 5 Bytes JMP 70C19AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!CallNextHookEx 76A88E3B 5 Bytes JMP 70C0D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!UnhookWindowsHookEx 76A898DB 5 Bytes JMP 70B8467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!CreateWindowExW 76A91305 5 Bytes JMP 70C1DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamW 76AB10B0 5 Bytes JMP 70B454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamW 76AB2EF5 5 Bytes JMP 70D1480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamA 76AC8152 5 Bytes JMP 70D147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamA 76AC847D 5 Bytes JMP 70D14872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectA 76ADD4D9 5 Bytes JMP 70D14741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectW 76ADD5D3 5 Bytes JMP 70D146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExA 76ADD639 5 Bytes JMP 70D14674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExW 76ADD65D 5 Bytes JMP 70D14612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ole32.dll!OleLoadFromStream 773C1E12 5 Bytes JMP 70D14B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ole32.dll!CoCreateInstance 773F9EA6 5 Bytes JMP 70C1DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 85C380BD5BA731EB10E882A499FE3E35593095CDB7101FD14E4D274528464D2A347B66D372608C5C0176D6E30BDFBAC03FC3E4AF49AF344A095390C2E3B7C6290AE92C477A2330C319DFA02AB98D3781DC294F8B0AF6C9E204B777FD4804ACE6892331169B16C5478C27F7CA4F2FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5CFEBC9E127BECC74C5239E7AEA835292F284B5B15F3278CC10334B1ECA3FE92C1A07CFCFC7D3AD2AC433685F648E5938371349DF9577426AD49928CDDA27ADBB2E21002D0F6A4FC37C0381CBD29105BD957570014E563F04F9B46FDC78B488BDEA402CBB610A2109FE196C75283A74292DBD04D1C92BDAC048350A26FA6A603C19B5869A40E08AD9C24F9A6F5B4B8CCC1E211D7C073E0DD5B6F061D12E5E86907DD6BED81573E3D9767E3DC5B3DDF412E365BF2A4C0BF4F9A330F13DD5AF6A791E5E9EEA878C06BB0EF2592ADC2CCAC54044678DC5A610E39036AAC763ACC6C7595D5086C2220A6396665F3098DC560E15E40447340DFE964F9E598F162F72BFDAE84D68EA77FA0B7561E2F7F8A24EDBB380737679AE779FD18A8885BD01C18A7D89F7E47001AD2E6312079154B54B07AEDAEB6A9313E9497BD2AB23328F12E252026A64448B87736CC0
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXDYK5DJ\index[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dsl.1und1[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dslshop.vodafone[1].txt 0 bytes
---- EOF - GMER 1.0.15 ----
|
|
29.07.2010, 12:56
| #6 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit Log von MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4365
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
29.07.2010 12:42:50
mbam-log-2010-07-29 (12-42-50).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130589
Laufzeit: 4 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
29.07.2010, 13:54
| #7 |
| /// Selecta Jahrusso | "Schlachtmusik"-Problem unter Vista 32-Bit Irgendein zweites Betriebssystem installiert ? Linux oder dergleichen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.07.2010, 14:12
| #8 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit Nein, nur die 32Bit Version von Vista. :-) |
|
29.07.2010, 14:53
| #9 |
| /// Selecta Jahrusso | "Schlachtmusik"-Problem unter Vista 32-Bit Lösche bitte die vorhandenen MBRCheck.txt. Starte bitte MBRCheck.exe erneut. Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter bei
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop. Poste mir den Inhalt von beiden .txt Dokumenten
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.07.2010, 15:11
| #10 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit Mein Vista scheint nen störrischen Tag zu haben. In meinen Augen hat sich da nichts getan... Code:
ATTFilter MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done! Press ENTER to exit...
Nach dem Neustart: Code:
ATTFilter MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
|
|
29.07.2010, 15:14
| #11 |
| /// Selecta Jahrusso | "Schlachtmusik"-Problem unter Vista 32-Bit Hast Du die mbrcheck.exe mit Rechtsklick "als Admin ausführen" gestartet ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.07.2010, 15:23
| #12 |
| | "Schlachtmusik"-Problem unter Vista 32-Bit Nein, hab ich nicht, da ich eigentlich auch so Admin-Rechte habe. Ich hab die gleiche Prozedur danach aber auch mal mit dem Rechtsklick und "Als Admin ausführen" gemacht. Mit dem gleichen Ergebnis: Code:
ATTFilter MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done! Press ENTER to exit...
Nach dem Neustart: Code:
ATTFilter MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done! Press ENTER to exit...
 |
|
29.07.2010, 15:30
| #13 |
| /// Selecta Jahrusso | "Schlachtmusik"-Problem unter Vista 32-Bit Bitte erstellen wir einmal einen Dumb deines MBRs Starte erneut mbrcheck.exe als Admin. PS: Das steht nicht umsonst in meiner Anweisung  gib bitte erneut y ein und danach 1 Soviel ich weiß wirst Du nach einer Datei wo du den Dump speichern willst gefragt Wähle bitte mbr.dat. Lade diese bitte hier hoch. ( Anhänge verwalten ) Sag bescheid wenn gemacht
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.07.2010, 15:43
| #14 | |
| | "Schlachtmusik"-Problem unter Vista 32-BitZitat:
 Hab den Dump jetzt hochgeladen. :-) |
|
29.07.2010, 15:47
| #15 |
| /// Selecta Jahrusso | "Schlachtmusik"-Problem unter Vista 32-Bit Ich seh da keinen Anhang Lade die mbr.dat bitte bei File-Upload.net hoch und poste mir den Downloadlink. Downloade Dir bitte bootkit_remover]Bootkit_remover[/url]. Entpacke den Bootkitremover bitte und doppelklick in dem ordner auf remove.exe. Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu "Schlachtmusik"-Problem unter Vista 32-Bit |
| 32-bit, adobe, antivir, antivir guard, avg, avira, bho, defender, desktop, ebay, excel, explorer, firefox, hijackthis, internet, internet explorer, mozilla, musik, nvidia, plug-in, realtek, rundll, schlachtmusik, software, start menu, system, trojaner, trojaner eingefangen, vista, windows |
Linear-Darstellung
